Issue 123

Enforcement updates

The Danish Data Protection Agency (DPA) has issued a fine of DKK 10 million (EUR 1.3 million) to Danske Bank in addition to reporting them to the police. It was assessed by the DPA that the bank had failed to document rules for deletion and storage of personal data, or justify whether the deletion was done manually from systems which process personal data of millions of people.

The Government of Estonia issued a sanction against a “Yandex”, a Russian ride sharing application. The Prime Minister of Estonia stated that the ban is important to protect the personal data of Estonians as Yandex was collecting and storing personal information in its servers located in Russia, which may be used by Russian authorities for intelligence activities against Estonia. 

Belgium’s Data Protection Authority fined airports in Zaventem and Charleroi, which are located in Brussels for EUR 200,00 and EUR 100,00 respectively. In its statement, the authority said that the airports failed to establish a legal basis for collecting and storing passengers temperature, which is considered as sensitive personal information under the EU law despite the fact that there was a public health emergency.

Guidance updates

  • French Data Protection Authority published guidelines on GDPR compliance and self assesment tools for Artificial Intelligence.
  • Latvia’s Data State Inspectorate issued guidance on cookies.
  • Singapore’s Computer Emergency Response Team released an advisory on protecting companies from business email compromise.

Regulatory updates

  • Government of Dubai issued the Digital Services Law which includes cybersecurity requirements.
  • Iceland’s Parliament passed first reading of its bill on Telecommunication law which contains provisions  relating to privacy in telecommunications.
  • Brazilian Chamber of Deputies proposed a bill to amend General Data Protection Law (LGPD) and educational law on children’s data.

US updates

  • Securites and Exchange Committee announced examination priorities which include examination of emerging technologies and crypto assets. 
  • Cash app filed a regulatory filing with Securities Exchange Committee revealing a potential data breach of over 8 million users by a former employee.
  • Connecticut General Assembly published a bill for personal data privacy and online monitoring.

EU updates

  • Germany’s Federal Commissioner for Data Protection and Freedom of Information published its 2021 activity report.
  • European Parliament announced its vote to approve the proposed Data Governance Act.
  • Swedish Data Protection Authority issued a statement on EU US transatlantic data privacy framework.

News around the globe

  • Singapore’s Data Protection Authority announced the launch of Data Protection Essentials Programme.
  • Republic of Moldova published its decision on the approved list of states that ensure an adequate level of data protection.

Big tech updates

  • Facebook users report being locked out of their accounts for no specific reason. Reports BBC
  • Google announced Google Analytics 4 to address concerns of EU regarding use of analytic cookies and data transfers.

Read our digital newsletter here.