In this week’s global legislative roundup, a claim filed to the High Court of Justice accused YouTube of breaching U.K. and EU privacy laws by collecting data of more than 5 million children without parental consent. After Ireland's Data Protection Commission issued a preliminary order that Facebook must stop transferring user data to the U.S. following the “Schrems II” decision, the Irish High Court ruled the social media company can file a Judicial Review against the DPC. In the U.S., the Parent’s Accountability and Child Protection Act is before Gov. Gavin Newsom, D-Calif.
LATEST NEWS
A claim has been filed to the High Court of Justice against Google alleging YouTube collected the data of more than 5 million children without parental consent, in breach of U.K. and EU privacy laws, BBC News reports.
More
The Irish High Court determined Facebook can file a Judicial Review against the Irish Data Protection Commission, according to advocacy group NOYB, after the DPC issued a preliminary order that the social media company must stop transferring user data to the U.S.
More
In the U.S., a Vermont judge overruled Clearview AI’s motion to dismiss a lawsuit accusing the facial recognition company of illegally collecting photos without consent, Reuters reports.
More
US
In California, the Parent’s Accountability and Child Protection Act, which would require companies that operate on a social media platform to obtain parental consent for children the business knows are under the age of 13, is before Gov. Gavin Newsom, D-Calif.
More
LATIN AMERICA
A proposal in Brazil would suspend provisions establishing Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados, under the country’s General Data Protection Law, according to the Brazilian Chamber of Deputies.
More
ENFORCEMENT
The European Data Protection Board released its guidelines on the concept of data controllers and processors under the EU General Data Protection Regulation to “clarify the different roles and responsibilities between these actors.”
More
The EDPB reports that the Hungarian National Authority for Data Protection and Freedom of Information fined publisher Mediarey Hungary Services 4.5 million forints for two separate incidents that breached the GDPR.
More
Norway’s DPA, Datatilsynet, announced the finalization of the NOK 3 million fine handed down to the municipality of Bergen in May over GDPR violations.
More
The U.K. Information Commissioner’s Office launched the Accountability Framework, outlining 10 categories for how companies can demonstrate accountability along with key expectations and ways to achieve them for each category.
More
The U.K. Information Commissioner’s Office issued a 130,000 GBP fine to CPS Advisory for making more than 100,000 unauthorized direct marketing calls to people about their pensions.
More
Colombia’s DPA, the Superintendencia de Industria y Comercio, announced a 263,349,372 peso fine against Spanish telecommunications company Movistar Colombia for exposing a customer’s credit history without prior consent.
More
BBB National Programs’ Digital Advertising Accountability Program announced its work with Pinsight Media’s 1Weather app to bring it into compliance with the Digital Advertising Alliance’s Self-Regulatory Principles, including improved transparency, updated privacy policies and opt-out notices.
More
