In this week's Privacy Tracker global legislative roundup, the European Data Protection Board adopted the final version of Recommendations on supplementary measures. The European Commission published its draft decision for South Korea's adequacy status. The Court of Justice of the European Union handed down its decision regarding the one-stop shop enforcement mechanism. In the U.S., Lina Kahn was sworn in as chair of the U.S. Federal Trade Commission and U.S. Sen. Kirsten Gillibrand, D-N.Y., reintroduced her Data Protection Act.

THE LATEST

The European Data Protection Board adopted a final version of the Recommendations on supplementary measures in its plenary session.
More

ICYMI

Journalist Samuel Stolton offers insight on the latest trade and data transfer developments between the EU and U.S. after U.S. President Joe Biden met with European Commission President Ursula von der Leyen.
More

IAPP Research Director Caitlin Fennessy, CIPP/US, looks at the stages of investigations and enforcement since the "Schrems II" ruling and the areas of insight privacy professionals have gleaned through the waves of authority actions in this article for The Privacy Advisor.
More

ENFORCEMENT

Singapore’s data protection authority, the Personal Data Protection Commission, fined several companies a total of $75,000 for lapses affecting personal data of more than 600,000 people, including 98,000 Ministry of Defence staff and Singapore Armed Forces servicemen, The Straits Times reports.
More

Belgium's Data Protection Authority published its 2020 annual report.
More

Denmark's DPA, Datatilsynet, issued a DKK 200,000 fine against the municipality of Vejle for insufficient security measures that led to a data breach.
More

The Court of Justice of the European Union rendered a decision allowing EU DPAs to forego the EU General Data Protection Regulation's "one-stop shop" enforcement mechanism in exceptional cases.
More

The European Data Protection Board released the agenda for its 50th plenary session, which took place June 18.
More

France's DPA, the Commission nationale de l’informatique et des libertés, laid out guidance on the European Commission's new standard contractual clauses.
More

Reuters reports a French court dealt Ikea France a 1 million euro fine related to allegations of employee privacy breaches.
More

Greece's DPA, the Hellenic Data Protection Authority, announced a 15,000 euro fine against Purple Sea Sole Proprietorship over the unlawful installation and operation of a video surveillance system.
More

Norway's DPA, Datatilsynet, announced a NOK 5 million fine to the toll company Ferde for unlawful transfers of personal data to China.
More

The U.K. Information Commissioner's Office fined restaurant chain Papa John's 10,000 GBP for sending 168,022 marketing messages without consumer consent.
More

Brazil's National Consumer Secretariat of the Ministry of Justice and Public Security issued a BRL 4 million fine against Banco Cetelem for improper use of personal data.
More

Lina Khan was sworn in June 15 as chair of the U.S. Federal Trade Commission.
More

The U.S. Securities and Exchange Commission announced First American Financial Corporation was fined $487,616 in relation to a cybersecurity lapse that exposed sensitive customer information in violation of Rule 13a-15(a) of the Securities Exchange Act.
More

ASIA-PACIFIC

The European Commission published its draft decision for South Korea's adequacy status.
More

CANADA

Ontario’s government released a white paper titled “Modernizing Privacy in Ontario: Empowering Ontarians and Enabling the Digital Economy.”
More

The British Columbia and Yukon Information Privacy Commissioners and Ombudsman are calling for enhanced regulation of artificial intelligence in the public sector, raising fairness and privacy concerns in a report titled “Getting Ahead of the Curve.”
More

EUROPE

Netzpolitik.org reports European Union member states unanimously approved the European Commission's draft adequacy decisions for the U.K.
More

U.K. Parliament's Taskforce on Innovation, Growth and Regulatory Reform filed a report recommending the government reform its data protection regulation to something more protective and stringent than the EU General Data Protection Regulation.
More

US

Democratic members of U.S. Congress reintroduced the Facial Recognition and Biometric Technology Moratorium Act.
More

Vox reports U.S. Sen. Kirsten Gillibrand, D-N.Y., reintroduced her Data Protection Act, which would create a federal privacy regulator that absorbs the U.S. Federal Trade Commission's privacy enforcement powers.
More

The Connecticut General Assembly failed to pass comprehensive privacy law during a special legislative session called by Gov. Ned Lamont, D-Conn.
More

GUIDANCE

New Zealand’s Office of the Privacy Commissioner released a blog on its process in settling Privacy Act breach complaints. The OPC explains how the investigative process works, how settlements are facilitated and what happens if a settlement cannot be reached.
More

Spain’s DPA, the Agencia Española de Protección de Datos, announced the launch of a new data breach notification scheme that simplifies breach reporting.
More