In this week's Privacy Tracker global legislative roundup, the European Data Protection Board adopted the final version of Recommendations on supplementary measures. The European Commission published its draft decision for South Korea's adequacy status. The Court of Justice of the European Union handed down its decision regarding the one-stop shop enforcement mechanism. In the U.S., Lina Kahn was sworn in as chair of the U.S. Federal Trade Commission and U.S. Sen. Kirsten Gillibrand, D-N.Y., reintroduced her Data Protection Act.
THE LATEST
The European Data Protection Board adopted a final version of the Recommendations on supplementary measures in its plenary session.
More
ICYMI
Journalist Samuel Stolton offers insight on the latest trade and data transfer developments between the EU and U.S. after U.S. President Joe Biden met with European Commission President Ursula von der Leyen.
More
IAPP Research Director Caitlin Fennessy, CIPP/US, looks at the stages of investigations and enforcement since the "Schrems II" ruling and the areas of insight privacy professionals have gleaned through the waves of authority actions in this article for The Privacy Advisor.
More
ENFORCEMENT
Singapore’s data protection authority, the Personal Data Protection Commission, fined several companies a total of $75,000 for lapses affecting personal data of more than 600,000 people, including 98,000 Ministry of Defence staff and Singapore Armed Forces servicemen, The Straits Times reports.
More
Belgium's Data Protection Authority published its 2020 annual report.
More
Denmark's DPA, Datatilsynet, issued a DKK 200,000 fine against the municipality of Vejle for insufficient security measures that led to a data breach.
More
The Court of Justice of the European Union rendered a decision allowing EU DPAs to forego the EU General Data Protection Regulation's "one-stop shop" enforcement mechanism in exceptional cases.
More
The European Data Protection Board released the agenda for its 50th plenary session, which took place June 18.
More
France's DPA, the Commission nationale de l’informatique et des libertés, laid out guidance on the European Commission's new standard contractual clauses.
More
Reuters reports a French court dealt Ikea France a 1 million euro fine related to allegations of employee privacy breaches.
More
Greece's DPA, the Hellenic Data Protection Authority, announced a 15,000 euro fine against Purple Sea Sole Proprietorship over the unlawful installation and operation of a video surveillance system.
More
Norway's DPA, Datatilsynet, announced a NOK 5 million fine to the toll company Ferde for unlawful transfers of personal data to China.
More
The U.K. Information Commissioner's Office fined restaurant chain Papa John's 10,000 GBP for sending 168,022 marketing messages without consumer consent.
More
Brazil's National Consumer Secretariat of the Ministry of Justice and Public Security issued a BRL 4 million fine against Banco Cetelem for improper use of personal data.
More
Lina Khan was sworn in June 15 as chair of the U.S. Federal Trade Commission.
More
The U.S. Securities and Exchange Commission announced First American Financial Corporation was fined $487,616 in relation to a cybersecurity lapse that exposed sensitive customer information in violation of Rule 13a-15(a) of the Securities Exchange Act.
More
ASIA-PACIFIC
The European Commission published its draft decision for South Korea's adequacy status.
More
CANADA
Ontario’s government released a white paper titled “Modernizing Privacy in Ontario: Empowering Ontarians and Enabling the Digital Economy.”
More
The British Columbia and Yukon Information Privacy Commissioners and Ombudsman are calling for enhanced regulation of artificial intelligence in the public sector, raising fairness and privacy concerns in a report titled “Getting Ahead of the Curve.”
More
EUROPE
Netzpolitik.org reports European Union member states unanimously approved the European Commission's draft adequacy decisions for the U.K.
More
U.K. Parliament's Taskforce on Innovation, Growth and Regulatory Reform filed a report recommending the government reform its data protection regulation to something more protective and stringent than the EU General Data Protection Regulation.
More
US
Democratic members of U.S. Congress reintroduced the Facial Recognition and Biometric Technology Moratorium Act.
More
Vox reports U.S. Sen. Kirsten Gillibrand, D-N.Y., reintroduced her Data Protection Act, which would create a federal privacy regulator that absorbs the U.S. Federal Trade Commission's privacy enforcement powers.
More
The Connecticut General Assembly failed to pass comprehensive privacy law during a special legislative session called by Gov. Ned Lamont, D-Conn.
More
GUIDANCE
New Zealand’s Office of the Privacy Commissioner released a blog on its process in settling Privacy Act breach complaints. The OPC explains how the investigative process works, how settlements are facilitated and what happens if a settlement cannot be reached.
More
Spain’s DPA, the Agencia Española de Protección de Datos, announced the launch of a new data breach notification scheme that simplifies breach reporting.
More
