In this week’s global legislative roundup, Facebook is asking the Supreme Court of the United States to decide whether tracking logged-out users via its “Like” button violates the Electronic Communications Privacy Act. Parliament is expected to finalize India’s Personal Data Protection Bill “very soon.” In Sweden, the Administrative Court of Stockholm confirmed Google violated the EU General Data Protection Regulation by not properly exercising consumers’ right to be forgotten but also reduced a fine issued by Datainspektionen.
LATEST NEWS
France's data protection authority, the Commission nationale de l'informatique et des libertés, announced two fines amounting to 3.05 million euros to branches of multinational Carrefour for violations of the EU General Data Protection Regulation.
More
Indian Minister of Communications and Information Technology Ravi Shankar Prasad said Parliament will finalize the Personal Data Protection Bill “very soon,” The Economic Times reports.
More
Israel’s Ministry of Justice is seeking to amend the Privacy Protection Law and has opened a public consultation.
More
Facebook was fined 4 million rubles for breaching Russian data localization laws, The Moscow Times reports.
More
Sweden's data protection authority, Datainspektionen, issued a SEK 20,000 fine against the municipality of Gnosjö over unlawful use of surveillance cameras.
More
Facebook is asking the Supreme Court of the United States to decide whether tracking logged-out users via its “Like” button violates the Electronic Communications Privacy Act, MediaPost reports.
More
APAC
In China, Hangzhou Fuyang People’s Court ruled Hangzhou Safari Park must delete images collected by its facial recognition technology and pay 1,038 yuan in damages, the South China Morning Post reports.
More
EUROPE
The Administrative Court of Stockholm confirmed Google violated the GDPR by not properly exercising consumers’ right to be forgotten as laid out in the regulation but also reduced the SEK 75 million fine issued by Datainspektionen.
More
A law endorsed by the European Parliament would allow consumers to bring collective actions against organizations accused of violating EU rules.
More
ENFORCEMENT
In the U.S., the New York State Office of the Attorney General announced Home Depot agreed to a $17.5 million settlement with 46 U.S. states and Washington, D.C., over a 2014 data breach that affected approximately 40 million customers.
More
Ireland’s Department of the Environment, Climate and Communications published details on its implementation of the EU’s Framework for the Free Flow of Non-Personal Data.
More
The District Court of Central Netherlands ruled VoetbalTV does not have to pay a 575,000 euro GDPR fine because the Dutch data protection authority, Autoriteit Persoonsgegevens, failed to support allegations of a lack of legitimate interest.
More
Norway’s data protection authority, Datatilsynet, reduced a fine against Norwegian Customs from NOK 900,000 to NOK 400,000 after reassessing part of its investigation into the collection and storage of border-crossing images.
More
Singapore’s Personal Data Protection Commission announced financial penalties against five companies over various violations of the Personal Data Protection Act.
More
South Korea’s Personal Information Protection Commission announced a 6.7 billion won fine against Facebook for breach of consent provisions under the Personal Information Protection Act 2011 over a span of six years.
More
GUIDANCE
Brazil’s Special Secretariat for Debureaucratization, Management and Digital Government issued instructions for appointing data protection officers under the General Data Protection Law.
More
The European Data Protection Board issued a statement on the proposed ePrivacy Regulation saying “under no circumstances” should it offer a lower level of protection than the current ePrivacy Directive.
More
The European Commission proposed a new set of data governance rules to help facilitate data sharing across the European Union.
More
The South Korean Personal Information Protection Commission released its plan for how the country will approach data protection over the next three years.
More