Issue 114

Enforcement updates

The AG has announced an investigation on businesses operating loyalty programs in California, for non compliance with the California Consumer Privacy Act (CCPA). CCPA requires the business to provide a financial incentive notice if they are profiting from the collection of personal information and should clearly describe the terms of the loyalty program. The businesses have been given 30 days to adhere with the requirements of the Act.

The Conseil d’État (French Council of State) confirmed that the violations made by Google under the French Data Protection Act, were serious punishable offence and within the jurisdiction of CNIL. It was further stated that the fines imposed were proportionate and thus refused to overturn the appeal made by Google against the imposition of a EUR 100 million administrative fine by CNIL. 

The lawsuit against Accellion Inc. for a data breach in October 2020, has reached settlement in the US District Court for the Northern District of California, which requires the company to pay a total of USD 8.1 millions settlement fund and give claimants an option of credit monitoring and insurance services, reimbursement of documented losses, cash fund payment etc.

Guidance updates 

  • Garante, the Italian Data Protection Authority issued a favorable opinion on the draft decree of the President of the Republic, which would offer protection against aggressive telemarketing.
  • Japan’s Personal Information Protection Commission has released a report on foreign data protection systems examining the data transfers, localization, retention of different jurisdictions. 
  • Finland’s Office of the Data Protection published their plans for audit of personal data and inspections on the premise of the controller or processor. 

Regulatory updates

  • Ministry of Digital Development, Telecommunications and Mass Media of the Russian Federation has released draft amendments to regulate the activities of credit institutions for the collection of biometric personal data and remote biometric identification.
  • Washington Foundational Data Privacy Act has been introduced in the House of Representatives for public hearing, which would grant rights to individuals to protect personal data.

US updates

  • The Federal Communications Commission proposes rulemaking for notifications upon occurrence of breaches as a response to security breaches in the Telecommunications Industry. 
  • US Lawmakers propose a federal legislation ‘the Banning Surveillance Advertising Act of 2022’  in order to restrict targeted advertising practices. 
  • A bill for Hawaii Consumer Privacy Act was introduced in the House of Representatives to enhance protection of personal data. 

EU updates

  • The European Parliament approved amendments to the Digital Services Act, to provide clear responsibility and accountability to online service providers. 
  • The European Data Protection Board has published their decisions adopted Guidelines on Examples regarding Data Breach Notification and Guidelines on Right to Access.
  • The European Union Agency for Cybersecurity has published its report on data protection engineering to encourage practical implementation of Data Protection by Design and by Default. 

News around the globe

  • Healthcare system, Broward Health, faces class action lawsuit over cyberattack in October 2020. 
  • Thailand’s Personal Data Protection Committee was established on 11 January 2022. 
  • Morocco’s National Control Commission for the Protection of Personal Data urges to have synchronized national and international visions for personal data protection. Reports Morocco World News
  • Telangana state’s use of facial recognition has been questioned in a lawsuit. Reports Thomson Reuters Foundation

 Statements issued

  • Danish data protection authority has issued a statement on the Austrian data protection authority’s decision on Google Analytics. 
  • The Office of the Australian Information Commissioner has released a statement welcoming the proposal to strengthen privacy put forth by the Attorney General. 

 Big tech updates

  • Google announces a new privacy sandbox proposal, Topics, which will help the browser determine topics of interests based on browsing history. 
  • Electric vehicle charging stations may increase privacy risk. Reports IAPP

 UK updates

  • Department for Digital, Cultural, Media & Sports (DCMS) releases proposed amendments to the Network and Information Systems Regulations 2018. 
  • The Cabinet office has published the ‘Government Cyber Security Strategy: 2022-2030’ mapping the approach to strengthen cyberspace.
  • DCMS announces the launch of the International Data Transfer Expert Council.

Read our digital newsletter here.

© 2019 Reina Consulting LLP – All rights reserved