In this week's global legislative roundup, the European Parliament adopted the Digital Markets Act and Digital Services Act. South Korea and the U.K. announced they reached a data adequacy agreement "in principle." The European Data Protection Board published draft guidance on the use of certifications as tools for transfers. China’s National Information Security Standardization Technical Committee released guidance on conducting cross-border processing of personal information in accordance with the Personal Information Protection Law. And, in the U.S., California’s proposed Age-Appropriate Design Code Act passed the California State Assembly’s Senate Judiciary Committee.
The latest
The European Parliament adopted the Digital Markets Act and Digital Services Act, Reuters reports. Companies face a fine of up to 10% of annual global turnover for violations of the DMA, which requires providing business users access to their data, and 6% for violations of the DSA, banning dark patterns and targeted advertising aimed at children or based on sensitive data.
More
U.K. Department for Digital, Culture, Media & Sport, Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez and South Korea Personal Information Protection Commission Chair Jong In Yoon announced an adequacy agreement "in principle" between the U.K. and South Korea for transfers of personal data.
More
Enforcement
France's data protection authority, the Commission nationale de l'informatique et des libertés, announced its 35 million euro fine against Amazon for cookie violations under the EU General Data Protection Regulation was confirmed by the Council of State, Conseil d'État.
More
Norway’s data protection authority, Datatilsynet, issued a 5 million Norwegian krone penalty to Trump, a company with a chain of consumer goods stores, for improper user verification methods.
More
Norway’s Datatilsynet fined the Storting 2 million Norwegian krone for a data breach in 2020.
More
The U.K. Information Commissioner’s Office released a revised approach to engagement and enforcement in the public sector.
More
The U.K. ICO will publish its 2022-2025 strategic plan July 14. The regulator will draft the plan with the aim "to understand and describe our priorities, enabling us to make informed choices about the action we take and the interventions we make."
More
Axios reports U.S. President Joe Biden is drafting a letter calling on the U.S. Federal Trade Commission to tighten its monitoring and enforcement of unfair and deceptive practices related to women's health data.
More
Asia-Pacific
In an interview with the Australian Financial Review, Australia Attorney-General Mark Dreyfus said he intends to carry out "sweeping reforms" for the country's Privacy Act of 1988.
More
Canada
The Supreme Court of Canada upheld the constitutionality of expanded privacy protections for sexual assault complainants in a 6-3 decision, CBC News reports.
More
Europe
Liberty, a U.K. human rights organization, won a “landmark” court ruling that determined security and intelligence services must obtain “prior independent authorisation” to access individuals’ communication data from telecommunications companies, the Guardian reports.
More
U.S.
U.S. Speaker of the House Nancy Pelosi, D-Calif., wrote to House Democrats proposing work to draft legislation that "protects women’s most intimate and personal data stored in reproductive health apps."
More
United Press International reports the U.S. House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight held a hearing on privacy rights and standards associated with biometric technologies.
More
California’s proposed Age-Appropriate Design Code Act passed the California State Assembly’s Senate Judiciary Committee and is headed to the Committee on Appropriations.
More
Privacy operations management
The Office of the Privacy Commissioner of Canada with several international data protection authorities released guidance to help individuals protect against cyberthreats exploiting the re-use of usernames, email addresses and passwords across multiple accounts.
More
China’s National Information Security Standardization Technical Committee released guidance on conducting cross-border processing of personal information “in a standardized manner” and in accordance with the Personal Information Protection Law.
More
The European Data Protection Board published draft guidance on the use of certifications as tools for transfers.
More
Norway's Datatilsynet published new privacy rules for companies that process personal data.
More
The U.K. government released its response to a consultation on the use of artificial intelligence in the context of intellectual property, copyright and patents.
More
The U.S. Cybersecurity and Infrastructure Agency published the second version of its “Cloud Security Technical Reference Architecture,” providing guidance for organizations on secure transitions to the cloud, security management and more.
More
The U.S. Department of Health and Human Services published guidance on patient privacy related to reproductive health care.
More
