In this week’s Privacy Tracker global legislative roundup, the European Data Protection Board published its response and recommendations to the European Commission's legislative proposals towards its digital and data strategies. Canada’s Privacy Commissioner will launch a consultation with stakeholders in preparation for federal privacy law reform. The Joint Parliamentary Committee reviewing India’s Personal Data Protection Bill adopted its final report on the legislation after nearly two years of discussion.
LATEST NEWS
Privacy Commissioner of Canada Daniel Therrien announced the March launch of a consultation with stakeholders in preparation for federal privacy law reform.
More
The European Data Protection Board published its response and recommendations to the European Commission's legislative proposals toward its digital and data strategies. The commission's proposals include the Digital Services Act, Data Governance Act, regulation on artificial intelligence and more.
More
The Joint Parliamentary Committee reviewing India's Personal Data Protection Bill adopted its final report on the legislation after nearly two years of discussion, India Today reports. The report's finalization sets the stage for the PDPB to be considered and potentially passed during Parliament's Winter Session beginning Nov. 29.
More
ICYMI
Berkeley Center for Law & Technology Executive Director James Dempsey aims to provide cybersecurity practitioners with a reasoned outline of the growing patchwork of cybersecurity law in "Cybersecurity Law Fundamentals."
More
ENFORCEMENT
Cyprus’ Commissioner for the Protection of Personal Data Irene Nicolaidou announced a 925,000 euro fine against surveillance solutions company WS WiSpear Systems for violating Article 5 of the EU GDPR.
More
The European Commission is pursuing legal action against Belgium over concerns its Data Protection Authority is not operating independently as required under the GDPR.
More
Supervisory authorities from France, Lithuania and Poland are conducting a joint investigation into Vinted’s EU GDPR compliance, focused on the clothing website’s practices around unblocking funds received from sales on a user’s account and corresponding retention periods.
More
The Netherlands’ data protection authority, Autoriteit Persoonsgegevens, fined Transavia 400,000 euros in response to a 2019 data breach in which a hacker accessed the airline’s systems and downloaded the personal data of 83,000 people.
More
ByteDance began accepting claims from TikTok users in the U.S. following the preliminary approval of the company's $92 million payout to settle a lawsuit alleging data had been taken from users without notice, NBC News reports.
More
The privacy officer for Utah’s State Board of Education Whitney Phillips, CIPP/US, CIPM, has been named the state’s first chief privacy officer, StateScoop reports.
More
AFRICA
Nigeria’s federal government abandoned a data protection bill completed in 2020 and is appropriating funds to engage a consultant on a new draft, the Premium Times reports.
More
ASIA-PACIFIC
The Cyberspace Administration of China released draft regulations for its data security laws, including the Personal Information Protection Law and others, Bloomberg reports.
More
Hong Kong’s Privacy Commissioner for Personal Data Ada Chung published a booklet to help the public and businesses better understand China’s Personal Information Protection Law. The document includes PIPL’s major requirements and a comparison to Hong Kong’s Personal Data (Privacy) Ordinance.
More
CANADA
The Office of the Privacy Commissioner of Canada opened a formal investigation into the breach that compromised data and potentially the safety of hundreds of Afghani refugees, CBC reports.
More
EUROPE
The Principality of Andorra updated its Personal Data Protection Act. The law states personal data must be treated in a “lawful and loyal manner,” should be collected for “specific, explicit and legitimate purposes,” and treated “in such a way as to ensure adequate security.”
More
US
U.S. Reps. Anna Eshoo, D-Calif., and Zoe Lofgren, D-Calif., proposed the Online Privacy Act, a bill previously raised by the two lawmakers in 2019. The bill includes prior provisions for data subject rights and the creation of the Digital Privacy Agency to handle privacy rights violations enforcement.
More
A class-action lawsuit alleges internet content subscription service OnlyFans’ age verification system violates Illinois’ Biometric Information Privacy Act.
More
GUIDANCE
The European Data Protection Board announced guidelines related to the interplay between data transfers and territorial scope under the GDPR. The guidance offers three "cumulative criteria" that would categorize data processing as a transfer.
More
France's data protection authority, the Commission nationale de l’informatique et des libertés, published its recommendations for companies' data logging measures.
More
The CNIL also published a guide to support data protection officers. The guidance discusses the process and factors to be considered when hiring a DPO as well as what resources should be provided to allow a DPO to do their job effectively.
More
Germany’s Federal Commissioner for Data Protection and Freedom of Information Ulrich Kelber issued an opinion on rules for checking employee vaccination
More
