In this week’s global legislative roundup, the California Privacy Protection Agency modified the California Privacy Rights Act. The Office of the Australian Information Commissioner is expected to receive an increase of AU$5.5 million in funding to respond to the Optus breach. A German state data regulator said questions remain surrounding certain provisions of the EU-U.S. Data Privacy Framework. And the French and South Korean data protection authorities signed an agreement to conduct joint research on “new technologies and data protection issues.”
The Latest
Spain’s data protection authority, the Agencia Española de Protección de Datos, created a tool designed to help organizations determine whether to notify a data protection regulator following a breach event.
More
The California Privacy Protection Agency advanced modified proposed California Privacy Rights Act regulations with a plan to submit final rules to the Office of Administrative Law by the end of the year, according to Husch Blackwell’s “Byte Back.”
More
Enforcement
According to preliminary budget papers, the Office of the Australian Information Commissioner will receive AU$5.5 million in increased funding for its response to the Optus data breach in September, InnovationAus reports.
More
Peru’s National Authority for the Protection of Personal Data of the Ministry of Justice and Human Rights approved a document allowing for the transfer of personal data internationally in keeping with global standards.
More
The U.S. Federal Trade Commission announced an enforcement action against online alcohol marketplace Drizly and its CEO James Cory Rellas related to data security issues that led to a 2020 data breach involving 2.5 million customers.
More
The U.S. Department of Justice said it reached a “first-of-its-kind resolution” with Google over the loss of data related to a 2016 search warrant, Reuters reports.
More
Asia Pacific
A first reading of the bill amending the Australian Privacy Act 1988 to increase maximum penalties for “serious or repeated interferences with privacy” was held before Parliament.
More
Europe
Compromise text circulated by the Czech Presidency of the Council of the European Union clarifies areas of scope, data-sharing and public access within the Data Act.
More
Germany’s Baden-Württemberg Commissioner for Data Protection and Freedom of Information Stefan Brink said “legal ambiguity" remains in U.S. President Joe Biden’s executive order to reestablish the EU-U.S. Data Privacy Framework.
More
Members of the Irish Council for Civil Liberties penned a letter to the CEO of Tesco, a U.K. grocery chain, claiming its new practice of barring customers who have not enrolled in its loyalty program is illegal under the U.K. General Data Protection Regulation.
More
US
In its quarterly report to the U.S. Securities and Exchange Commission, Meta said it anticipates the Irish Data Protection Commission's decision on its EU-U.S. data transfers in early 2023.
More
U.S. Congressional Research Service published a report on the EU-U.S. Data Privacy Framework and its supporting U.S. executive order.
More
The U.S. Consumer Financial Protection Bureau launched a financial data rights rulemaking seeking to strengthen access and control for customers over their financial data.
More
Speaking at the Money 20/20 conference, U.S. Consumer Financial Protection Bureau Director Rohit Chopra said new rules will allow for bank customers to obtain their financial data easier.
More
The Global Privacy Assembly voted to admit the California Privacy Protection Agency as a full voting member during the 44th annual Global Privacy Assembly, “A Matter of Balance: Privacy in The Era of Rapid Technological Advancement” in Istanbul, Turkey.
More
The California Privacy Protection Agency announced a rescheduled board meeting for Nov. 4 to discuss California Privacy Rights Act rulemaking.
More
Guidance
The European Commission recently published its “Ethical Guidelines on the Use of Artificial Intelligence” in educational settings.
More
France’s data protection authority, the Commission nationale de l'informatique et des libertés, and South Korea’s Personal Information Protection Commission signed a declaration of cooperation to conduct joint research on new technologies and data protection issues, share best practices and experiences, and organize joint training initiatives.
More
