In this week's global legislative roundup, the IAPP provided full coverage and analysis of the Court of Justice of the European Union's "Schrems II" ruling. EU General Data Protection Regulation fines were handed out in Belgium, Italy and Norway. IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, looked at state and federal proposals for U.S. facial recognition regulation. And California's Office of the Attorney General released an updated California Consumer Privacy Act FAQ page.
LATEST NEWS
Egyptian President Abdel Fattah El Sisi approved the country's draft privacy legislation, Egypt Today reports.
More
Germany's Federal Constitutional Court, Bundesverfassungsgericht, ruled laws giving law enforcement access to users' internet and phone data are unconstitutional and require improved privacy standards, BBC News reports.
More
LinkedIn filed papers with the U.S. Supreme Court to have its data-scraping lawsuit against hiQ Labs heard, MediaPost reports.
More
Facebook will go before U.S. District Judge James Donato to try to finalize its $550 million settlement over Illinois Biometric Information Privacy Act violations, NPR reports.
More
Gov. Chris Sununu, R-N.H., vetoed a bill that would have added privacy protections on the disclosure of public employees' home address, email address and telephone numbers, NHPR reports.
More
ICYMI
In this piece for The Privacy Advisor, IAPP Editorial Director Jedidiah Bracy, CIPP, reports the Court of Justice of the European Union's decision to invalidate the EU-U.S. Privacy Shield and uphold the validity standard contractual clauses with specific stipulations.
More
IAPP Research Director and former Privacy Shield Director at the U.S. Department of Commerce Caitlin Fennessy, CIPP/US, takes a look at the impact the CJEU ruling will have on data transfers going forward in this post for Privacy Tracker.
More
IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, breaks down the numerous U.S. proposals for facial recognition regulation and their importance in preserving fundamental rights in this Privacy Tracker piece.
More
ENFORCEMENT
Belgium's Data Protection Authority announced a 600,000 euro fine against Google Belgium for violating a data subject's right to be forgotten and a lack of transparency on its delisting application. (Original post is in Dutch.)
More
Colombia’s data protection authority, Superintendencia de Industria y Comercio, fined the Financial Information Center $702.2 million pesos for the unnecessary use of sensitive information that led to the denial of loans to 288,753 consumers. (Original post is in Spanish.)
More
The Italian data protection authority, the Garante, issued EU General Data Protection Regulation fines of 200,000, 800,000 and 17 million euros against three telecommunications operators. (Original post is in Italian.)
More
Norway's data protection authority, Datatilsynet, announced a NOK 500,000 fine against the municipality of Rælingen for violating the GDPR. (Original post is in Norwegian.)
More
The Korea Communications Commission fined TikTok 186 million won for violating South Korean telecommunications law with its improper handling of minors' personal data, Yonhap News Agency.
More
ASIA-PACIFIC
The Office of the Australian Information Commissioner found federal government department Services Australia breached a guiding privacy principle of the Privacy Act 1988, ZDNet reports.
More
The Supreme Court of India mandated telecommunications providers safeguard and separate electronic evidence, including call data records, during investigations, The Hindu reports.
More
According to Dentons, updates to Kazakhstan's Personal Data Law and regulation on digital technologies took effect July 7. The amendments include a mandate for the creation of a regulatory office, rules for data processing and the right to be forgotten.
More
New Zealand's Office of the Privacy Commissioner announced it will take public submissions for updating and replacing the six codes of practice under the Privacy Act 2020.
More
CANADA
Nova Scotia Information and Privacy Commissioner Tricia Ralph called for an update to the province's privacy laws as her office releases its "2019-2020 Annual Report."
More
EUROPE
The European Commission plans to examine whether infringement procedures are necessary for member states that are not compliant with the EU General Data Protection Regulation, Euractiv reports.
More
The European Data Protection Board published the final version of its guidelines for the criteria of the right to be forgotten related to search engine cases under Article 17 of the GDPR.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, released guidance on handling data transfer requests from authorized third parties. (Original post is in French.)
More
US
Members of the U.S. House of Representatives want to restart talks regarding federal privacy legislation, MeriTalk reports.
More
The U.S. Department of Health and Human Services amended privacy provisions in portions of the Confidentiality of Substance Use Disorder Patient Records regulations, GovInfoSecurity reports.
More
California's Office of the Attorney General updated its frequently asked questions page on the California Consumer Privacy Act.
More
Walmart faces a lawsuit for allegedly violating the CCPA following a data breach, MediaPost reports.
More
A lawsuit filed against Google claims the tech company violated federal and California privacy law by tracking app activity after a user opted out of the practice, Reuters reports.
More
Amazon, Alphabet and Microsoft have been sued for alleged violations of Illinois' Biometric Information Privacy Act, CNET reports.
More
The Massachusetts Senate passed a police reform bill that places a moratorium on the use of facial surveillance technology while a commission investigates its use, which critics call an invasion of privacy, The Boston Globe reports.
More
Vermont Attorney General TJ Donovan released guidance on the state's Security Breach Notice Act, Vermont Business Magazine reports.
More
