In this week’s privacy tracker global legislative roundup, IAPP Senior Westin Fellow Jetty Tielemans explored the potential for double enforcement between several European digital laws and the EU General Data Protection Regulation. IAPP Staff Writer Jennifer Bryant looked at several European data protection regulators' ruling against Google Analytics. IAPP Editorial Director Jedidiah Bracy, CIPP, reported Ireland's Data Protection Commission drafted plans to cease transferring data for Facebook and Instagram.
Latest news
IAPP Senior Westin Fellow Jetty Tielemans explored the potential for double enforcement between several European digital laws and the EU General Data Protection Regulation.
More
ICYMI
Three EU privacy authorities determined Google Analytics unlawfully transfers data to the U.S., leaving companies with little to no alternatives and privacy professionals debating how to react as continued similar decisions are anticipated. IAPP Staff Writer Jennifer Bryant explored the recent enforcement decisions out of France and Italy.
More
During a conference on EU GDPR enforcement, European Data Protection Supervisor Wojciech Wiewiórowski said, “There is a path we can follow to finally deliver what was started 10 years ago.” Journalist Luca Bertuzzi has highlights from the conference, including thoughts from European regulators.
More
Ireland's Data Protection Commission informed EU privacy regulators of draft plans to halt data transfers from Meta-owned Facebook and Instagram. IAPP Editorial Director Jedidiah Bracy, CIPP, has the details.
More
Enforcement
Canada’s National Security and Intelligence Review Agency is investigating whether the use of polygraph tests by the Communication Security Establishment for recruitment is “lawful, reasonable and necessary,” CBC News reports.
More
The European Commission found the Dutch data protection authority, Autoriteit Persoonsgegevens, misread the EU GDPR leading to a “strict interpretation,” NRC reports.
More
The European Data Protection Board published the agenda for its July 12 plenary session.
More
France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined an energy company 1 million euros.
More
France's CNIL also announced its 35 million euro fine against Amazon for cookie violations under the EU GDPR was confirmed by the Council of State, Conseil d'État.
More
Norway’s data protection authority, Datatilsynet, issued a 5 million Norwegian kroner penalty to Trump, a company with a chain of consumer goods stores, for improper user verification methods.
More
The U.K. Information Commissioner's Office will publish its 2022-2025 strategic plan July 14.
More
The U.K. Information Commissioner’s Office released a revised approach to engagement and enforcement in the public sector.
More
The Office of the Information and Privacy Commissioner of Alberta opened an investigation into Edmonton landlords allegedly distributing personal information about a tenant on social media, the Edmonton Journal reports.
More
Asia-Pacific
A study by Research and Policy Integration for Development and Consumer Unity and Trust Society found Bangladesh’s draft Data Protection Bill 2022 will restrict cross-border data transfers outside the country without prior government approval, New Age reports.
More
The Council of Ministers of Thailand approved a draft royal decree that would carve out exemptions for public bodies from the Personal Data Protection Act, The Nation Thailand reports.
More
Canada
The Artificial Intelligence and Data Act within Canada’s proposed Digital Charter Implementation Act, Bill C-27, would establish requirements around AI design, development and use in the private sector, including biometrics, Biometric Update reports.
More
EU
Co-rapporteurs for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs and Committee on Internal Market and Consumer Protection released the first compromise amendments for the EU’s proposed Artificial Intelligence Act, Euractiv reports.
More
The European Parliament adopted the Digital Markets Act and Digital Services Act, Reuters reports.
More
US
The California Privacy Protection Agency officially launched the formal rulemaking process for the California Consumer Privacy Rights Act.
More
California’s proposed Age-Appropriate Design Code Act passed the California State Assembly’s Senate Judiciary Committee and is headed to the Committee on Appropriations.
More
U.S. President Joe Biden signed an executive order to protect women's reproductive health care services, including commitments related to privacy protections.
More
Privacy operations management
The Office of the Privacy Commissioner of Canada with several international data protection authorities released guidance to help individuals protect against cyberthreats exploiting the re-use of usernames, email addresses and passwords across multiple accounts.
More
France's CNIL and the Cybermalveillance.gouv.fr, a government-sponsored cybersecurity initiative, jointly published guidance for municipalities' cybersecurity practices.
More
