In this week’s Privacy Tracker global legislative roundup, Canada introduced new federal privacy legislation that would provide Canadians with enhanced control over their personal data. In the U.S., the Senate passed the Internet of Things Cybersecurity Improvement Act, mandating certain security requirements for IoT devices purchased by the federal government. Hanna Anderson and Salesforce.com reached a proposed agreement in one of the earliest class-action lawsuits alleging California Consumer Privacy Act violations.
THE LATEST
In one of the earliest class-action lawsuits alleging California Consumer Privacy Act violations, related to a 2019 data breach, Hanna Andersson LLC and Salesforce.com reached a proposed agreement, Reuters reports.
More
ICYMI
In this piece for The Privacy Advisor, IAPP Editorial Director Jedidiah Bracy, CIPP, has the details on the new federal privacy legislation introduced in Canada, which includes significant fining authority for noncompliant businesses and gives citizens enhanced data subject rights.
More
nNovation’s Constantine Karbaliotis, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, and Dustin Moores break down key elements of the Consumer Privacy Protection Act, including how it may impact provincial law updates and Canada’s adequacy status with the European Union.
More
APAC
The Australian government opened a public consultation on the privacy and consumer safeguards being considered for the update and expansion of the country’s Digital Identity legislation, which is used to simplify identity verification for Australian citizens.
More
Though it had hoped to fast-track the legislation during this current session, Indonesia’s House of Representatives is not expected to pass the anticipated Personal Data Protection Bill before the session ends Dec. 15, The Jakarta Post reports.
More
EUROPE
German Member of Parliament Birgit Sippel acknowledged an agreement on a proposed ePrivacy Regulation will not come before the European Commission’s Dec. 21 deadline, Politico Pro reports.
More
Reuters reports NOYB filed complaints with data protection authorities in Spain and Berlin against Apple for alleged violations of the ePrivacy Directive.
More
MIDDLE EAST
The Abu Dhabi Global Market opened a public consultation on the economic area’s proposed data protection law.
More
US
The U.S. Senate passed the Internet of Things Cybersecurity Improvement Act, mandating certain security requirements for IoT devices purchased by the federal government, FCW reports.
More
U.S. District Court Judge William Alsup in the Northern District of California granted preliminary approval to Facebook’s settlement of a class-action suit over a 2018 data security lapse that exposed the data of 30 million users to hackers, MediaPost reports.
More
Restaurant chain Nando’s agreed to a $1.787 million settlement based on current and former employees’ claims of Illinois Biometric Information Privacy Act violations, the Chicago Tribune reports.
More
Also in Illinois, a 7th Circuit Court of Appeals moved a BIPA claim against Dakkota Integrated Systems to federal court after previously being remanded to a state court, Reuters reports.
More
And U.S. District Court Judge Nancy Rosenstengel in the Southern District of Illinois denied Apple’s motion to dismiss a BIPA suit, MediaPost reports.
More
The U.S. District Court of New Hampshire ruled in favor of protecting internal whistleblower complaints about potential violations of the U.S. Health Insurance Portability and Accountability Act, National Law Review reports.
More
ENFORCEMENT
Denmark’s data protection authority, Datatilsynet, published requirements for data protection codes of conduct in accordance with EU General Data Protection Regulation and European Data Protection Board Guidelines.
More
During its 42nd plenary meeting, the European Data Protection Board analyzed the European Commission’s two drafts for new standard contractual clauses, which cover controller-to-processor contracts and international data transfers.
More
The District Court of Bonn, Germany, ordered the GDPR fine against 1&1 Telecom to be reduced from 9.55 million euros to 900,000 euros, BankInfoSecurity reports.
More
Facebook-owned messenger service WhatsApp has set aside 77.5 million euros in anticipation of a potential GDPR fine from Ireland’s Data Protection Commission, The Irish Times reports.
More
Italy's data protection authority, the Garante, announced a 12.25 million euro fine against Vodafone for violating the GDPR, finding Vodafone did not obtain consumer consent for telemarketing calls.
Full Story
Spain’s data protection authority, the Agencia Española de Protección de Datos, released a document on technologies and data protection in public administrations.
More
The U.K. Information Commissioner’s Office announced a 1.25 million GBP fine against Ticketmaster UK related to GDPR violations stemming from a data breach discovered in 2018.
More
The U.S. Department of Health and Human Services’ Office for Civil Rights announced a $65,000 fine and corrective actions against the University of Cincinnati Medical Center related to Health Insurance Portability and Accountability Act violations.
More
GUIDANCE
The European Data Protection Supervisor issued an opinion on the European Commission’s framework for a European Health Data Space as part of the EU data strategy.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, created a hub with its guidance for employers and employees on proper telework practices.
More
New Zealand’s Office of the Privacy Commissioner developed a set of model contract clauses for global data transfers, created to help organizations comply with privacy principle 12 within the Privacy Act 2020.
More
Singapore’s Personal Data Protection Commission published guidelines advising on key provisions of the recent amendments to the Personal Data Protection Act.
More
