In this week’s Privacy Tracker global legislative roundup, Ireland's Data Protection Commission proposed a fine of up to 36 million euros against Facebook for allegedly violating the EU General Data Protection Regulation's transparency requirements. Amazon filed an appeal to the proposed 746 million euro GDPR fine handed down by the Luxembourg's National Commission for Data Protection in July. Italy's new personal data protection provisions took effect Oct. 11. And U.S. President Joe Biden signed the K-12 Cybersecurity Act, which aims to protect sensitive information maintained by schools.

LATEST NEWS

On a podcast with Euractiv, European Data Protection Supervisor Wojciech Wiewiórowski addressed his proposal for a June 2022 review on the effectiveness of EU GDPR enforcement. Wiewiórowski also touched on GDPR one-stop shop, EU-U.S. Privacy Shield replacement and e-Privacy Regulation negotiations.
More

ICYMI

IAPP Westin Fellow Sam Adams dissects the draft regulations on the widespread use of algorithmic recommendation technology announced by the People’s Republic of China. The regulations will affect nearly one in five internet users on earth.

Bird & Bird's Ruth Boardman and Clara Clark Nevola summarize and offer a color-coding scale for assessing the severity of the main changes proposed in the U.K. Department for Digital, Media, Culture and Sport’s consultation document proposing a raft of changes to the U.K.’s data protection law.  
More

The Office of the Australian Information Commissioner published a decision against the use of facial recognition technology by convenience store chain 7-Eleven.
More

Ireland's Data Protection Commission proposed a fine of up to 36 million euros against Facebook for allegedly violating the EU GDPR’s transparency requirements, Euractiv reports. The fine pertains to insufficient information provided to Facebook users regarding the company's terms of service.
More

The High Court of Kenya halted the launch of the country's identification system, the Huduma Namba, over violations of the Data Protection Act, Nairobi News reports.
More

Amazon filed an appeal to the proposed 746 million euro GDPR fine handed down by the Luxembourg's National Commission for Data Protection in July, Bloomberg reports.
More

The Russian Office of the Federal Antimonopoly Service for Moscow fined telecommunications operator PJSC Megafon 500,000 rubles for alleged violation of advertising legislation. Including previous fines, the OFAS said the total amount imposed on PJSC Megafon for alleged violations is almost 2.5 million rubles.
More

U.S. Federal Trade Commission Chair Lina Khan and Director of the Consumer Financial Protection Bureau Rohit Chopra filed an amicus brief urging the U.S. Court of Appeals for the Fourth Circuit to overturn a lower court decision they argue would undermine the Fair Credit Reporting Act "by granting immunity to consumer reporting agencies under Section 230 of the Communications Decency Act."
More

The U.S. Commodity Futures Trading Commission fined swap dealer UBS AG $500,000 for failing to retain audio recordings for the required time under its regulations. The CFTC alleges UBS AG deleted over 1,000 hours of data after one day, including files required to be retained for one year.
More

The Diamond Institute for Infertility and Menopause clinic will pay $495,000 in a settlement with New Jersey's Office of the Attorney General and Division of Consumer Affairs over a data breach that compromised personal information of 14,663 patients.
More

ASIA-PACIFIC

Australia's government released its draft Ransomware Action Plan, a comprehensive framework for dealing with all facets of ransomware attacks.
More

EUROPE

According to Politico, European Parliament's Committee on Civil Liberties, Justice and Home Affairs voted in favor of a proposal to increase Europol's ability to process large datasets and share data with private companies.
More

The European Commission drafted rules that will force Big Tech companies to disclose how political groups execute targeted advertising, Politico reports.
More

Italy’s Council of Ministers approved a decree-law that includes provisions on the protection of personal data. The new provisions took effect Oct. 11.
More

The U.K. Information Commissioner's Office opened a public consultation on the opinion of how to address age assurance while complying with the Children's Code.
More

US

U.S. President Joe Biden signed the K-12 Cybersecurity Act, which aims to protect sensitive information maintained by schools.
More

The U.S. Senate Committee on Homeland Security and Governmental Affairs advanced a bill that would require critical infrastructure operators, like hospitals and oil companies, to report cyberattacks and ransomware payments within 72 hours, The Wall Street Journal reports.
More

GUIDANCE

European Parliament published a public service announcement on the importance of cybersecurity in the face of growing threats of cyberattacks across the EU, outlining the personal and societal consequences of cyberattacks through statistics.
More

The Office of the Privacy Commissioner of New Zealand published a white paper outlining how the Privacy Act covers the use of biometric technologies.
More

South Korea's Personal Information Protection Commission published guidance on preparations for the launch of a specialized binding agency dedicated to pseudonymized data.
More

U.K. Information Commissioner Elizabeth Denham announced a draft journalism code of practice featuring guidance on data protection practices for media outlets and their staff.
More