In this week's Privacy Tracker global legislative roundup, the European Commission announced two adequacy decisions for the U.K. South Africa's data protection agency, the Information Regulator, published guidance on exemptions from the eight conditions for lawful personal data processing under the Protection of Personal Information Act. The Swiss Federal Council launched a consultation period for the Ordinance on the Data Protection Act. In the U.S., the Supreme Court ruled against portions of consumer claims in a case under the Fair Credit Reporting Act.
The Latest
The European Commission announced it officially adopted a pair of adequacy decisions for the U.K. IAPP Associate Editor Ryan Chiavetta, CIPP/US, has the details for The Privacy Advisor.
More
The U.S. Federal Trade Commission will begin a series of monthly virtual public meetings starting July 1. Meanwhile, FTC Chair Lina Khan announced appointments for three positions, including Sam Levine as acting director of the Bureau of Consumer Protection.
More
The U.S. Supreme Court ruled against portions of consumer claims in a case under the Fair Credit Reporting Act, Bloomberg Law reports.
More
ICYMI
Covington & Burling's Jetty Tielemans, Dan Cooper and Gabe Maldoff, CIPP/US, look at the European Data Protection Board's recommendations on supplementary measures for data transfers in this piece for The Privacy Advisor.
More
In The Privacy Advisor, IAPP Westin Research Fellows Sarah Rippy and Nicole Sakin break down the privacy implications of the U.S. Supreme Court Van Buren decision.
More
IAPP Staff Writer Joe Duball has the details on why Connecticut's last-minute push on a privacy law fell short in this piece for The Privacy Advisor.
More
IAPP Senior Westin Research Fellow Jetty Tielemans offers a breakdown of the European Commission's draft South Korean adequacy decision for The Privacy Advisor.
More
Enforcement
France's DPA, the Commission nationale de l’informatique et des libertés, issued a 500,000 euro EU General Data Protection Regulation fine to retailer Brico Privé related to unlawful data processing activities and consent issues.
More
Italy's DPA, the Garante, fined energy company Iren Mercato 3 million euros over GDPR violations related to unlawful data processing in its telemarketing practices.
More
Poland's DPA, the Urząd Ochrony Danych Osobowych, imposed a PLN 100,000 fine on P4 for violation of data breach notification rules.
More
South Korea’s Personal Information Protection Commission issued $45.4 million won in fines for alleged violations of the Act on Promotion of Information and Communications Network Utilization and Data Protection.
More
Sweden's DPA, Integritetsskyddsmyndigheten, announced a 16 million kroner fine against Stockholm Public Transport, SL, over unlawful surveillance via body cameras.
More
Turkey's DPA, Kişisel Verileri Koruma Kurumu, announced fines of TL 800,000 and TL 400,000 against two companies over separate data breaches.
More
The U.K. Information Commissioner's Office fined a home improvement company 130,000 GBP after it made more than 900,000 nuisance calls over an eight-month period.
More
The U.S. Federal Trade Commission finalized its settlement with Flo Health over data processing activities associated with its fertility-tracking application.
More
Africa
South Africa's DPA, the Information Regulator, published guidance on exemptions from the eight conditions for lawful personal data processing under the Protection of Personal Information Act.
More
EU
France's DPA, the Commission nationale de l’informatique et des libertés, published guidance for controllers on how to identify and process data transfers outside the European Union.
More
The Hessian Commissioner for Data Protection and Freedom of Information covers the steps it is taking to implement the requirements from the "Schrems II" ruling.
Ireland’s DPA, the Data Protection Commission, published guidance on processing employees’ COVID-19 vaccination data, addressing the collection of employee vaccination status by employers.
More
The Netherland's DPA, Autoriteit Persoonsgegevens, issued guidance on the responsibilities of and suggested practices for a data protection officer.
More
The Swiss Federal Council launched a consultation period for the Ordinance on the Data Protection Act.
More
Asia-Pacific
Japan’s DPA, the Personal Information Protection Commission, issued a notification of opt-out procedures within the revised Personal Information Protection Law
More
