Issue 126

Enforcement updates

The Consumer Center Federal Association e.V. (Vzbz) had sued Facebook Ireland (Meta) for violations under GDPR for unfair competition and consumer protection. The Federal Court of Justice ruled against Meta but had submitted questions to The Court of Justice of European Union (CJEU) on Vzbz’s right to sue. The CJEU in its judgment affirmed that consumer protection organizations can bring representative actions for violations under GDPR.

Fast food chain Sonic has agreed to pay USD 5.7 million for settling a class action lawsuit filed by American Airlines Federal Credit Union, Redstone Federal Credit Union, and Arkansas Federal Credit Union. The allegations claimed that Sonic was negligent with consumer’s payment information which were exposed in a 2017 data breach. The settlement agreement is awaiting aproval from the Ohio Federal Court.

A federal judge of the US District Court for Maryland has granted class certification for the litigation to move forward in a data breach impacting over 133 million American consumers against hotel chain, Marriott and their data security vendor, Accenture. The Court will allow the case to proceed as a class action which will effect 45 million consumers situated in various states in the USA.

Guidance updates

  • Brazilian data protection authority published new version of its Guidance for Personal Data Processing Agents and Data Protection Officers.
  • Norwegian data protection authority published an updated version of its guide on consent of minors.
  • French data protection authority published guidance on the recording of telephone conversations for proof of contract.

Regulatory updates

  • China’s state administration for market regulation adopts its legislative plan for 2022.
  • Switzerland’s Federal Office of Justice announced that the new data protection law will enter into force on September 1, 2023.

US updates

  • Network Advertising Initiative released new guidance titled Best Practices for User Choice and Transparency.
  • The Federal Trade Commission published a blog on health data collection by businesses and how they were impacted by the pandemic.
  • Georgia Pines notified US Department of Health and Human Services, Office for Civil Rights of a data security incident involving 24,000 individuals.

News around the globe

  • New study finds US. consumers overwhelmingly concerned about the lack of control over their personal information. Reports PR news
  • Cambodia’s Minister of Post and Telecommunications emphasized to strengthen measures for cybersecurity and data protection in his keynote address for a cybersecurity seminar.
  • Cyber security authorities of US, UK, Australia and New Zealand publish a joint advisory on most frequently exploited cybersecurity vulnerabilities.

Big tech updates

  • Google introduced a feature for its users to remove their phone number and other information from search results. Reports CBS
  • App Developers will be required to inform Google about their apps’ privacy and security practices.

Read our digital newsletter here.