In this week’s global legislative roundup, the U.K. Information Commissioner’s Office issued a warning to the Department of Education for mishandling millions of students’ personal data. The U.S. Securities and Exchange Commission reached a $26 million settlement with a solar energy company over a data breach. The Canadian Minister of Innovation, Science and Industry touted the new privacy standards the country’s proposed comprehensive privacy bill would set. And the European Union finalized the text of the proposed EU Artificial Intelligence Act.
The Latest
Ireland’s Data Protection Commission submitted a draft decision on its inquiry into Yahoo’s compliance with EU General Data Protection Regulation obligations regarding personal data processing.
More
The U.K. Information Commissioner’s Office reprimanded the Department for Education over the misuse of personal data belonging to 28 million children.
More
California Privacy Rights Act final regulations are around the corner. IAPP Staff Writer Joe Duball checked in with stakeholders on the modifications and expectations once the regulations are finalized.
More
Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados, is seeking opinions on a simplified registration model of personal data processing operations for small handling agents.
More
Enforcement
The Canadian territory’s Yukon Information and Privacy Commissioner's office published its 2021-2022 annual report.
More
The U.K. Information Commissioner's Office announced a reduction of its fine against the U.K. Cabinet Office over a January 2020 breach.
More
In a filing with the U.S. Securities and Exchange Commission, SolarWinds said it has tentatively agreed to pay $26 million to settle a lawsuit over its cybersecurity disclosures ahead of a December 2020 breach that exposed the data of thousands of companies and government offices, Reuters reports.
More
A U.S. Federal Trade Commission complaint alleged education technology company Chegg's “lax security practices” led to four separate data breaches affecting personal information of 40 million consumers.
More
Canada
During the Canadian Marketing Association’s annual privacy conference, Canadian Minister of Innovation, Science and Industry François-Philippe Champagne said proposed Bill C-27 will “set a new standard" in children’s privacy, IT World Canada reports.
More
CBC reports Nova Scotia Information and Privacy Commissioner Tricia Ralph criticized the provincial government over a lack of regulatory reform over privacy and freedom of information laws.
More
Europe
The Czech Presidency of the Council of the European Union is on the cusp of finalizing the text for the proposed Artificial Intelligence Act, Euractiv reports.
More
Euractiv reports the Czech Presidency of the Council of the European Union made revisions to the proposed Data Act ahead of further discussion on the proposal during the Working Party on Telecommunications and Information Society's Nov. 8 meeting.
More
Appearing on Euractiv’s The Tech Brief podcast, honorary chairman of EU-based NGO NOYB Max Schrems — who twice successfully challenged the EU-U.S. Privacy Shield in court — said, “it seems so far that we’re pretty much in for a third round.”
More
The Guardian reports TikTok updated its European privacy notice and divulged details of company-wide user data access.
More
The EU Digital Markets Act has entered into force, which aims to “put an end to unfair practices by companies that act as gatekeepers in the online platform economy,” the European Commission said.
More
Netherlands’ banks are turning to artificial intelligence to help police combat money laundering efforts, per a draft amendment to the Anti-Money Laundering and Anti-Terrorist Financing Act.
More
The U.K.’s proposed Data Protection and Digital Information Bill is facing delays as a new public consultation will launch in the coming weeks, Tech Monitor reports.
More
A draft data protection law has been submitted to the Parliament of Ukraine.
More
US
The California Privacy Protection Agency launched a 15-day comment period on the modified California Privacy Rights Act draft regulations.
More
Members of the Pennsylvania House of Representatives introduced a bill to create a state artificial intelligence registry.
More
Guidance
Spain’s data protection authority, the Agencia Española de Protección de Datos, created a tool designed to help organizations determine whether to notify a data protection regulator following a breach.
More
