In this week’s Privacy Tracker global legislative roundup, learn about the development of South Africa’s Protection of Personal Information Act 2013 and a proposed new contact-tracing bill in Israel. Italy’s data protection authority, the Garante, issued a 600,000 euro fine against a banking institution after a 2017 data breach compromised the personal data of more than 700,000 customers. In the U.S., privacy advocates are raising concerns over the Senate’s proposed Eliminating Abusive and Rampant Neglect of Interactive Technology Act.

LATEST NEWS

The European Data Protection Supervisor released a report on how EU institutions, bodies and agencies have used data protection impact assessments since the EU General Data Protection Regulation went into effect.
More

Italy’s data protection authority, the Garante, issued a 600,000 euro fine to an unnamed banking institution following a 2017 data breach that compromised the personal data of more than 700,000 customers.
More

Privacy advocates expressed concern over the U.S. Senate's proposed Eliminating Abusive and Rampant Neglect of Interactive Technology Act, created to combat the proliferation of explicit images featuring children, the Guardian reports.
More

ICYMI

Thompson Hine’s Steven Stransky, CIPP/G, CIPP/US, and Jennifer Elleman analyze how the California Consumer Privacy Act’s draft regulations issued by the California attorney general handle identity verification in this Privacy Tracker piece.
More

In a piece for Privacy Tracker, Nerushka Bowan looks at the development of South Africa’s Protection of Personal Information Act 2013, which entered into force July 1, and the rights it gives to South African citizens.
More

Also for Privacy Tracker, Or-Hof Law Owner Dan Or-Hof, CIPP/E, CIPP/US, breaks down a proposed new contact-tracing bill in Israel.
More

The IAPP updated its “US State Comprehensive Privacy Law Comparison” chart to include the latest iteration of Iowa’s Right to Be Forgotten Act proposed by State Sen. Zach Nunn, R-Iowa.
More

ENFORCEMENT

France’s data protection authority, the Commission nationale de l’informatique et des libertés, will adjust its guidelines on cookies and future recommendations in accordance with the decision made by the country’s Council of State, the Conseil d’État.
More

European Data Protection Supervisor Wojciech Wiewiórowski published “The EDPS Strategy 2020–2024” with a focus on digital solidarity within Europe and internationally.
More

The Irish Data Protection Commission released guidance on the implementation of the Return to Work Safely Protocol developed by the departments of Business, Enterprise and Innovation and Health, created to ensure organizations are in compliance with the EU General Data Protection Regulation as they process personal data while implementing the protocol.
More  

The Danish data protection authority, Datatilsynet, fined Lejre Municipality DKK 50,000 for failing its obligations as a data controller in violation of the EU General Data Protection Regulation. (Original article is in Danish.)
More

In Germany, the Baden-Württemberg Commissioner for Data Protection and Freedom of Information issued a 1.24 million euro fine against health insurance company AOK Baden-Württemberg for not properly implementing measures, in accordance with the GDPR, when processing individuals’ data for advertising purposes. (Original article is in German.)
More

NTT Global Data Centers, formerly known as RagingWire Data Centers, settled U.S. Federal Trade Commission allegations that it falsely claimed participation in the EU-U.S. Privacy Shield Program.
More

A preliminary $2.8 million settlement of a data breach lawsuit against Iowa’s UnityPoint Health does not contain a “global cap” on the total claim amount to be paid to victims.
More

In Canada, the Office of the Privacy Commissioner and counterparts in Quebec, British Columbia and Alberta are investigating whether a Tim Hortons mobile-ordering app’s collection and use of geolocation data are in compliance with the Personal Information Protection and Electronic Documents Act.
More

US

Facebook will ask the Supreme Court of the United States to intervene in a lawsuit that alleges it violated federal wiretap law by tracking users via the “Like” button.
More

An Illinois resident is asking a judge to appeal her decision dismissing claims that headphone manufacturer Bose violated federal wiretapping statute by allegedly disclosing information about customers’ streaming choices.
More

Georgetown Law Project Manager Jeff Gary and Georgetown Institute for Technology Law and Policy Distinguished Fellow Gigi Sohn said broadband internet access providers’ challenge of a Maine law protecting internet users’ privacy could have broad legislative implications.
More