In this week’s global legislative roundup, the California Privacy Protection Agency released updated draft regulations for the California Privacy Rights Act. The European Data Protection Board published updates to its guidance for data controllers identifying their lead supervisory authority. Australia introduced legislation to increase fines for data breaches. And, France’s data protection authority fined Clearview AI 20 million euros.
The Latest
Australia Attorney-General Mark Dreyfus introduced to the Parliament of Australia a bill to "significantly increase penalties for repeated or serious privacy breaches."
More
National Cyber Security Coordinator of India Rajesh Pant said the revised Data Protection Bill will be tabled by Indian Parliament during the budget session starting February 2023, Fortune India reports.
More
The European Commission introduced the bloc's first approved EU General Data Protection Regulation certification system — Europrivacy.
More
The U.K. Information Commissioner's Office fined construction company Interserve Group 4.4 million GBP over alleged employee data protection issues.
More
New York’s Department of Financial Services reached a $4.5 million settlement with EyeMed Vision Care over Cybersecurity Regulation violations that led to a July 2020 breach.
More
Enforcement
The European Data Protection Board published updates to its guidance for data controllers identifying their lead supervisory authority.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued a 20 million euro fine to Clearview AI for alleged breaches of the EU General Data Protection Regulation.
More
Europe
The European Commission published its Work Programme 2023, which highlights planned initiatives around digital enforcement and improved data use.
More
German members of European Parliament came out against strength of measures included in the U.S. executive order to stand up the EU-U.S. Data Privacy Framework, Netzpolitik reports.
More
The Czech Presidency of the Council of the European Union offered its latest compromise text for the proposed Artificial Intelligence Act, Euractiv reports.
More
The Netherlands data protection authority, Autoriteit Persoonsgegevens, said a draft bill on money laundering would “open the door to unprecedented mass surveillance.”
More
The Netherlands Tax and Customs Administration's online system for filing and processing tax fraud hasn't complied with national privacy legislation for more than two years, NRC reports.
More
US
The U.S. Supreme Court decision to overturn Roe v. Wade resulted in data brokers becoming key cogs in some states’ efforts to criminalize reproductive health care, Duke University graduate Joanne Kim and undergrad student Aden Klein write in the Technology Policy Press.
More
The California Privacy Protection Agency Board canceled its open board meetings scheduled for Oct. 21-22.
More
The California Privacy Protection Agency released updated California Privacy Rights Act draft regulations with a summary of the latest modifications.
More
Voters will be asked to make privacy decisions in a pair of questions on Montana’s upcoming ballot, the Daily Inter Lake reports.
More
Guidance
The Office of the Australian Information Commissioner released its 2021-22 annual report, noting a 3% increase in privacy complaints and the completion of “a number of significant privacy Commissioner-initiated investigations” focusing on biometric data collection and facial recognition technology use.
More
Japan's data protection authority, the Personal Information Protection Commission, released a data mapping toolkit for private entities.
More
The Information and Privacy Commissioner of Ontario published a guide on protecting against ransomware, calling it a “top threat facing Ontario organizations.”
More
The U.K. Information Commissioner’s Office released guidance on direct marketing using electronic mail.
More
ICYMI
Greece’s Hellenic Data Protection Authority's 20 million euro fine against Clearview AI issued in July was a product of an in-depth investigation by the authority that revealed various violations of the EU General Data Protection Regulation. EY IT, IP and Data Protection Law Manager Antonios Broumas, CIPP/E, and Panagiotis Charalampakis parse through the HDPA's decision and break down key findings and orders.
More
