In this week’s Global News Roundup, Ireland's Data Protection Commission fined Meta a record 1.2 billion euros for EU General Data Protection Regulation violations. Belgium's data protection authority ruled the transfer of certain taxpayer data to the U.S. is illegal under the GDPR. The European Data Protection Board elected a new chairperson. And Privacy Commissioner of Canada Philippe Dufresne announced his office will partner with provincial DPAs to investigate generative AI developer OpenAI.
The Latest
India's Minister of State for Electronics and Information Technology Rajeev Chandrasekhar indicated the proposed Digital Personal Data Protection Bill will bring "deep behavioural changes" to platforms operating in India.
The Office of the Privacy Commissioner of Canada published guidance on workplace privacy for employers outlining considerations for managing employees' personal information and topics like monitoring employees.
The Texas Legislature signed off on final text for a proposed comprehensive privacy bill, House Bill 4, following a resolution struck between chambers in a conference committee.
Enforcement
Belgium's data protection authority, the APD, ruled transfers of generalized taxpayer data by the Belgian Federal Public Service Finance to U.S. tax authorities violate the EU General Data Protection Regulation.
The European Data Protection Board elected Finland Data Protection Ombudsman Anu Talus as the board's next chairperson.
The European Data Protection Board published a case digest, commissioned as part of its Support Pool of Experts initiative, analyzing one-stop-shop decisions under the GDPR.
France's data protection authority, the Commission nationale de l'informatique et des libertés, closed a December 2022 injunction against Microsoft.
France's data protection authority, the Commission nationale de l'informatique et des libertés, published its 2022 annual report.
Finland's Office of the Data Protection Ombudsman ordered the Finnish Meteorological Institute to halt EU-U.S. data transfers using Google Analytics and Google's reCAPTCHA.
The U.K. Information Commissioner's Office issued a formal reprimand to the Ministry of Justice after 14 bags of confidential documents, including medical and security data, were left unsecured in a prison holding area for 18 days.
The U.S. Federal Trade Commission announced an enforcement order against education technology provider Edmodo over alleged Children's Online Privacy Protection Act violations.
Asia-Pacific
The Real Estate Institute of Australia opposes certain reforms to the Privacy Act on the grounds they may harm small businesses.
Data use and transfer restrictions within China's Personal Information Protection Law are negatively impacting international collaboration among researchers.
US
U.S. Sens. Michael Bennet, D-Colo., and Peter Welch, D-Vt., introduced the Digital Platform Commission Act.
Guidance
The Office of the Privacy Commissioner of New Zealand published a report highlighting privacy considerations for small- and medium-sized businesses.
The Bavarian State Office for Data Protection Supervision issued fresh guidance on facilitating cross-border data transfers.
The U.K. ICO published guidance for responding to subject access requests.
ICYMI
At the IAPP Canadian Privacy Symposium 2023, Privacy Commissioner of Canada Philippe Dufresne announced his office would partner with multiple provincial data protection authorities to investigate generative artificial intelligence developer OpenAI. IAPP Staff Writer Alex LaCasse covered Dufresne's opening keynote address at the conference.
After its introduction in Canada's Parliament last year, Bill C-27, the Digital Charter Implementation Act, became a major point of debate among privacy professionals. IAPP Staff Writer Alex LaCasse has the details.
The world's first comprehensive law to regulate AI is approaching the finish line two years after it was presented. "The EU AI Act has the potential to become the international benchmark for regulating the fast-paced AI field," journalist Luca Bertuzzi writes.
Meta Platforms Ireland was fined a record 1.2 billion euros under the EU General Data Protection Regulation by Ireland’s Data Protection Commission for alleged unlawful data transfers from the EU to the U.S. Meta said it would appeal the ruling. IAPP Editorial Director Jedidiah Bracy, CIPP, has the details, including reaction from several privacy pros.
IAPP Vice President and Chief Knowledge Officer Caitlin Fennessy, CIPP, and IAPP Research and Insights Director Joe Jones evaluated Ireland Data Protection Commission’s Meta decision in terms of the orders it contains but also the political history that helped the DPC arrive at its final ruling.
Stearns Weaver Miller Shareholder Douglas Kilby, CIPP/US, breaks down the range of implications businesses face with the passage of Florida Senate Bill 262, the Florida Digital Bill of Rights.