In this week’s global legislative roundup, France’s data protection authority fined Google and Facebook up to a combined 210 million euros for cookie violations under the ePrivacy Directive. The Israeli government released a proposal amending and updating the 1981 Privacy Protection Act. And in the U.S., companion bills were re-filed in both chambers of the New York State Legislature for the enactment of the New York Privacy Act.
LATEST NEWS
France's data protection authority, the Commission nationale de l'informatique et des libertés, fined Google and Facebook up to a combined 210 million euros for cookie violations under the ePrivacy Directive. IAPP Staff Writer Joe Duball broke down the new fines and the CNIL’s prior work on cookies while exploring whether a fragmented privacy enforcement dilemma is brewing.
More
Concluding an inquiry launched in 2019, the European Data Protection Supervisor ordered Europol to delete data of individuals who are not linked to a criminal activity.
More
The Israeli government released a proposal amending and updating the 1981 Privacy Protection Act. The proposal would enhance the Israel Privacy Protection Authority’s enforcement and investigation powers, require certain companies to appoint a data protection officer, and impose steep sanctions for violations.
More
ITMedia Solutions will pay $1.5 million in a settlement with the U.S. Federal Trade Commission over allegations the lead generation company collected and shared millions of consumers’ sensitive information.
More
ICYMI
Digitalization has been a top priority for the European Commission, including an extensive legislative package ranging from artificial intelligence to data sharing. Journalist Lucca Bertuzzi looks at what 2022 has in store for digital matters in the EU.
More
The Joint Parliamentary Committee reviewing India's Personal Data Protection Bill made a number of suggested changes to the law in its final report submitted to Indian Parliament Dec. 16, 2021. Novartis' Nitin Dhavate, CIPP/E, CIPM, FIP, and EdgeVerve Systems' Ramakant Mohapatra, CIPP/E, CIPM, FIP, break down the report’s most intriguing proposals.
More
ENFORCEMENT
The summary of action for WhatsApp's appeal of a 225 million euro EU General Data Protection Regulation fine was published in the Official Journal of the European Union. WhatsApp is seeking full annulment of the penalty on various allegations of improper procedures by the European Data Protection Board.
More
France's CNIL fined Free Mobile 300,000 euros for alleged violations of the EU GDPR, alleging the mobile telephone operator did not respond to individuals’ requests to access their personal data within required time limits and failed to secure personal data.
More
The CNIL also fined finance company Slimpay 180,000 euros for alleged insufficient protection of users’ personal data and improper notification of a February 2020 data breach affecting approximately 12 million people.
More
The U.S. FTC announced a final settlement with technology support company SupportKing related to its "stalkerware" applications. The settlement prohibits further sale or advertising of stalkerware by SupportKing and its chief executive while requiring deletion of all personal data collected using the company's apps.
More
EUROPE
The president of the Administrative Court of Luxembourg partially granted Amazon’s request to suspend execution of a 746 million euro GDPR fine proposed by Luxembourg’s National Commission for Data Protection.
More
LATIN AMERICA
The Brazilian Data Protection Authority in late December updated guidance for data subjects filing a complaint against a data controller for potential violations of the General Data Protection Law, Shareholder Renata Neeser writes in a Littler blog post.
More
MIDDLE EAST
A draft Personal Data Protection Law of 2021 is being proposed in Jordan, aiming to protect citizens’ personal data “in light of the ease of collection, retention and processing,” as well as their right to privacy.
More
US
Companion bills were re-filed in both chambers of the New York State Legislature for the enactment of the New York Privacy Act. Senate Bill 6701A and Assembly Bill 680A were both assigned to committees upon re-introduction.
More
Financial services company Morgan Stanley agreed to pay $60 million to settle a class-action lawsuit in U.S. District Court, Southern District of New York, over a July 2020 data breach that compromised the data of 15 million current and former clients, Bloomberg reports.
More
An Illinois federal judge declined to dismiss a proposed lawsuit accusing Amazon of collecting employees’ facial and other data as part of COVID-19 health checks in violation of the Illinois Biometric Information Privacy Act, Reuters reports.
More
GUIDANCE
The European Data Protection Board published its guidance on examples of data breach notifications. The guidelines concern more specific recommendations and best practices around handling data breaches and risk assessment.
More
Ireland's Data Protection Commission released recommendations for organizations using portable storage devices to store or transfer personal data.
More
The Office of the Privacy Commissioner of New Zealand published guidance on the application of the Privacy Act as it relates to sensitive personal information.
More
