In this week's Privacy Tracker global legislative roundup, the U.K. Commissioner’s Office issued guidelines on protecting children’s privacy. The Croatian Presidency of the Council of the European Union said it will publish a draft version of the ePrivacy Regulation in February. Germany’s Kammergericht high court ruled a number of data protection complaints filed against Facebook were valid. Italy’s data protection authority, the Garante, called on the European Data Protection Board to investigate TikTok’s data protection issues. And in the U.S., Virginia lawmakers introduced the Virginia Privacy Act.
THE LATEST
Germany's Federation of German Consumer Organisations, vzbv, has announced its data protection complaints against Facebook were ruled valid by the highest state court, Kammergericht. This allows vzbv to take legal action against Facebook for its violations. (Ruling in German.)
More
The Competition and Market Authority in Italy launched a noncompliance procedure against Facebook alleging the company omits “adequate information” to users when they sign up with the website. The procedure may lead to a fine of up to 5 million euros.
More
Italy's data protection authority, the Garante, has requested the European Data Protection Board create a task force that will address TikTok's growing data protection issues and threats, especially in regards to children’s privacy.
More
ICYMI
IAPP Staff Writer Jennifer Bryant wrote for The Privacy Advisor on the U.K. Commissioner’s Office’s final Age Appropriate Design Code, which requires parliamentary approval and outlines 15 standards online services should follow to protect children’s privacy.
More
IAPP Associate Editor Ryan Chiavetta, CIPP/US, wrote for The Privacy Advisor on the Croatian Presidency of the Council of the European Union’s efforts to tackle the ePrivacy Regulation, including an upcoming draft version of the regulation.
More
ENFORCEMENT
Lawspot reports the Hellenic Data Protection Agency in Greece fined Aegean Marine Petroleum Network 150,000 euros for alleged violations of the EU General Data Protection Regulation. (Article is in Greek.)
More
US
The Washington Post reports data subject access request fulfillment has been inconsistent since the California Consumer Privacy Act went into effect.
More
The Virginia Privacy Act was introduced to the Virginia General Assembly Jan. 8. The VPA contains provisions that require data controllers to perform and track privacy risk assessment for all processing activities. The act’s definition of “sale” aligns with Nevada’s privacy legislation.
More
U.S. Sen. Maggie Hassan, D-N.H., introduced the Cybersecurity State Coordinator Act, which calls for the Senate Committee on Homeland Security & Governmental Affairs to appoint a federally funded coordinator for each state.
More
