Data Privacy


Amazon building

Amazon discloses record-shattering $887M GDPR fine

2021-07-30T18:20:00+01:00By

Amazon disclosed it has received notice of a €746 million (U.S. $887 million) GDPR fine in Luxembourg for unlawful processing of personal data. The company intends to appeal the penalty, which would be more than 15 times the current record under the law.

TikTok

TikTok fined $883K under GDPR for children’s privacy violations

2021-07-23T18:25:00+01:00By

The Dutch Data Protection Authority imposed a €750,000 (U.S. $883,000) fine on TikTok for violating the privacy of young children following a wide-scale investigation launched last year.

California AG

California AG: ‘Great progress’ under CCPA despite no fines

2021-07-22T15:23:00+01:00By

California Attorney General Rob Bonta commemorated one year of CCPA enforcement with praise for the law despite there not yet being a publicly announced fine against a business.

Food delivery

Italian DPA cites biased tech in $3.1M GDPR fine

2021-07-08T15:46:00+01:00By

Italy’s data protection authority fined food delivery company Foodinho €2.6 million (U.S. $3.1 million) because the app at the core of its business model allegedly discriminated against employees.

Colorado capitol

Colorado third state to enact comprehensive privacy law

2021-07-08T14:16:00+01:00By

The Colorado Privacy Act largely mirrors its predecessors in California and Virginia but includes greater fines per violation of $20,000. The law is set to take effect July 1, 2023.

AdobeStock_322995135_Editorial_Use_Only

British Airways settles 2018 data breach class action

2021-07-07T16:50:00+01:00By

British Airways has settled one of the U.K.’s largest group actions after thousands of people sought compensation following a 2018 data breach that resulted in the airline being fined under the GDPR.

IBM-Online

e-Book: The current state of global privacy regulation

2021-06-29T17:48:00+01:00Provided by

Will states be able to move forward with their own privacy laws? A provision in a recent bill passed in Florida may be a stumbling block.

Privacy future

New tech, legal precedent forcing GDPR to evolve

2021-06-23T15:26:00+01:00By

Companies’ priorities regarding compliance with the GDPR are likely to become more focused because of a mixture of recent legal decisions and efforts by the European Commission to keep privacy rules in sync with changes in technology.

hyperproof300x200

CPE Webcast: How Motorola is transforming evidence collection for data protection compliance

2021-06-22T14:00:00+01:00Provided by Hyperproof

A popular saying among security, privacy and corporate compliance circles is “trust, but verify”. It’s a popular saying because it neatly captures so much of what compliance professionals have to do: collecting evidence to verify compliance.

Data privacy

New rules for SCCs: What you need to know

2021-06-17T16:28:00+01:00By

The latest set of standard contractual clauses for companies transferring data between the European Union and third countries, such as the United States, is meant to align more closely with the GDPR and root out government snooping.

onspring 300x200

CPE Webcast: Streamlining HIPAA & HITRUST compliance with an alternative reporting approach

2021-06-17T14:00:00+01:00Provided by

Your organization might be using HITRUST to manage multiple compliance initiatives, including HIPAA, NIST and the ISOs. The framework sets up a good set of practices that lend well to various privacy regulations and standards, yet connecting all that data for fast reporting is where most organization’s hit a wall.

Facebook privacy

CJEU ruling opens Facebook, others to greater GDPR liability

2021-06-16T15:53:00+01:00By

The EU’s top court ruled any of the bloc’s national data protection authorities can pursue a privacy complaint against Facebook or any other Big Tech firm and not just the supervisory authority where the company has its European headquarters.

Amazon

Reported Amazon fine ($425M) ‘biggest test’ of GDPR enforcement yet

2021-06-15T15:11:00+01:00By

Amazon reportedly faces a fine of more than $425 million under the GDPR that would show EU regulators firmly have Big Tech companies—and their practices—in their crosshairs.

Microsoft 365

EU probes of Microsoft, Amazon reignite calls for new Privacy Shield

2021-06-03T18:05:00+01:00By

European investigations into whether Amazon and Microsoft’s cloud-based services infringe EU privacy rules have once again shone a spotlight on how—and when—the United States and the European Union intend to come up with a new Privacy Shield.

Rising data

Report: GDPR fines more than doubled in Year 3

2021-05-27T17:05:00+01:00By

Data protection authorities issued 287 known GDPR fines between March 2020 and March 2021—a 120 percent increase in frequency, according to a new report from CMS.

GDPR

GDPR’s future: Fine amounts, transparency among top points of contention

2021-05-26T18:08:00+01:00By

Experts believe the GDPR is largely “future-proof,” though fine decisions that vary considerably from one EU country to the next and lack of transparency remain areas of concern for the privacy law three years in.

GDPRgavel

Three years of GDPR: Many milestones, but calls for change increase

2021-05-25T19:19:00+01:00By

Despite its achievements, the General Data Protection Regulation’s flaws have become evident. Some are already questioning whether the regulation—and the way it is regulated—are fit for purpose and whether the law needs to be changed.

Cloud data

Survey: Data access further complicated by emerging privacy laws

2021-05-21T16:50:00+01:00By

A recent survey of 100 executives from Fortune 500 companies found more than half are struggling to balance easy access to company data with privacy and security compliance under laws like the GDPR and CCPA.

Data lawsuit

Private right of action proving problematic for state privacy laws

2021-05-05T19:40:00+01:00By

An enforcement provision allowing customers to sue businesses that misuse their personal data is a key stumbling point for state-level data privacy legislation.

AI

What you need to know about proposed EU rules for trustworthy AI

2021-04-29T18:27:00+01:00By

With various levels of defined risk and the potential for steep fines for offenders, the European Commission’s recent proposal to ensure trust in the use of artificial intelligence should receive urgent attention from industries beyond Big Tech.

GDPR

GDPR one-stop shop ‘unsustainable,’ says key regulators

2021-04-27T19:07:00+01:00By

Irish Data Protection Commissioner Helen Dixon and European Data Protection Supervisor Wojciech Wiewiórowski are among those who believe the one-stop shop provision of the GDPR needs to be reformed for the long term.

Child Privacy

Lawmakers push FTC to investigate Google Play for COPPA violations

2021-04-23T20:15:00+01:00By

Two lawmakers sent a letter to the Federal Trade Commission urging the agency to investigate Google Play for potentially violating children’s privacy.

Data money

Fines key attention to data privacy from boards, says ICO head

2021-04-21T15:04:00+01:00By

The threat of fines has done more to focus boardroom attention on data privacy and effective cyber-security than any other measure, U.K. Information Commissioner Elizabeth Denham believes.

Privacy design

Privacy by design: How to lower risk and improve outcomes

2021-04-19T12:35:00+01:00By Amy Holcroft, CW guest columnist

Amy Holcroft, chief privacy officer at Hewlett Packard Enterprise, shares her experience using privacy-by-design practices to help her company develop and utilize technology in a way that meets compliance requirements.

Brasseur_opinion

New chief compliance officer, same Facebook

2021-04-16T14:29:00+01:00By

It isn’t surprising to see Facebook think it doesn’t have an ethical obligation to alert users to its latest data leak, writes Kyle Brasseur, but it is disappointing knowing the company now has a chief compliance officer in place.

exterro300x200

CPE Webcast: Mastering knowing your data and establishing a defensible data inventory

2021-04-15T14:00:00+01:00Provided by

In today’s data drive world, legal and compliance professionals must know their organization’s data, meaning the legal department must clearly understand how to quickly find and access data requested for litigation, audits and investigations, and how to protect data in compliance with privacy laws.

Facebook

Facebook facing 10th GDPR probe over data leak

2021-04-14T17:10:00+01:00By

The Irish Data Protection Commission has launched an inquiry into Facebook over concerns the social media giant may not have properly disclosed the full extent of its recent data leak.

Facebook privacy

Facebook’s new leak: Assessing its liability under the GDPR

2021-04-08T20:19:00+01:00By

Old personal data of more than 533 million Facebook users was recently made publicly available on a hacker forum. Could the social media giant face a new investigation under the GDPR in response?

Facebook

​Irish DPC seeking answers on Facebook breach

2021-04-07T19:37:00+01:00By

The Irish Data Protection Commission has reached out to Facebook seeking to determine whether the social media giant’s weekend data breach should receive scrutiny under the General Data Protection Regulation.

Fastweb

Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing

2021-04-06T18:04:00+01:00By

The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.

Booking

Booking.com fined $557K under GDPR for reporting data breach late

2021-04-01T20:55:00+01:00By

Online reservation Website Booking.com has been fined €475,000 (U.S. $557,000) by the Dutch Data Protection Authority for reporting a data breach 22 days later than the 72 hours required under the GDPR.

European Union

Local laws proving to be roadblocks for GDPR harmonization

2021-03-24T17:07:00+00:00By

Recent cases in Germany, France, and Austria underscore the difficulty of getting EU members on the same page regarding GDPR enforcement—particularly when other local laws take priority.

Clubhouse

Popular Clubhouse app being probed for GDPR violations

2021-03-19T17:19:00+00:00By

France’s data privacy watchdog adds to a growing list of regulators that have launched investigations into Alpha Exploration, the publisher of the Clubhouse application, regarding measures it has taken (or not taken) to comply with the GDPR.

Boardroom

Board members named to California’s first-in-the-nation data privacy board

2021-03-19T16:48:00+00:00By

The California Privacy Protection Agency, tasked with enforcing the state’s groundbreaking data privacy laws, now has a five-member board of directors.

Vodafone

​Vodafone Spain fined record $9.72M for data protection failures

2021-03-15T20:56:00+00:00By

Vodafone Spain has been fined €8.15 million (U.S. $9.72 million) for aggressive telemarketing tactics and other data protection failures under the GDPR. The penalty is the highest the Spanish Data Protection Agency has handed out.

GDPR industry fines

GDPR fines by industry: Telecoms far outpace Big Tech

2021-03-11T16:12:00+00:00By

Since the GDPR came into force in 2018, Big Tech firms have not been on the receiving end of fines as frequently as expected. Meanwhile, other industries have shown to be more prone to data privacy violations, namely telecommunications.

Roberts Ask a CCO

Ask a CCO: Are you in favor of federal data privacy legislation?

2021-03-09T21:30:00+00:00By Compliance Week

It’s a clean sweep: All five CCOs we spoke with are in favor of U.S. federal data privacy legislation. Read on for the reasoning behind their answers.

Technology sandbox

‘An invaluable asset’: Participants praise opportunity for feedback via GDPR sandboxes

2021-03-09T21:23:00+00:00By

Regulatory sandboxes launched by EU data protection authorities provide firms the opportunity to collaborate and make use of the regulator’s expertise to reduce GDPR compliance risks.

Deutsche Wohnen

GDPR dealt blow as German court drops $17.2M Deutsche Wohnen fine

2021-03-08T21:29:00+00:00By

A €14.5 million (U.S. $17.2 million) fine against Deutsche Wohnen has been dropped after a German court found under German law the company could not be held responsible for violating the GDPR unless blame could be attached to a specific individual or executive.

Kortney Nordrum quote

Ask a CCO: How has your company prioritized data privacy compliance?

2021-03-05T13:44:00+00:00By Compliance Week

Five senior compliance practitioners tell us how their companies have reacted to recent privacy legislation like the GDPR, CCPA, and other state regulations in the pipeline.

Nailedit1200x800

Video: Google ad change a boon for privacy; red flags apparent in Greensill downfall

2021-03-04T21:55:00+00:00By Compliance Week

Aaron Nicodemus acknowledges Google’s decision to stop selling ads based on user browsing history as a good first step, while Kyle Brasseur laments apparent red flags ignored in the seemingly impending collapse of Greensill Capital.

Virginia Capitol

More than a CCPA clone? Virginia passes nation’s second comprehensive privacy law

2021-03-03T16:02:00+00:00By

In what might be a sign of things to come for data privacy legislation nationwide, Virginia passed the country’s second comprehensive data privacy law. How does it stack up to its peer in California?

LifePoint

Special report: Compliance, infosec & battling cyber-threats

2021-03-02T16:54:00+00:00By

LifePoint Health’s VP for Compliance Program Operations/Chief Privacy Officer Ellen Hunt and VP/CISO Andy Heins share how they work ”hand in glove” to protect their company’s data from bad actors.

TikTok

TikTok $92M settlement includes data privacy compliance training program

2021-02-26T18:01:00+00:00By

TikTok is seeking preliminary approval of a class-action settlement with terms that would require the video sharing platform to establish a $92 million settlement fund and create a new compliance framework, according to court documents.

Nailedit1200x800

Video: SEC on right path with climate disclosures; alleged privacy lapses at Amazon troubling

2021-02-25T22:39:00+00:00By Compliance Week

Aaron Nicodemus applauds the SEC for taking steps to clarify how companies should disclose economic risks posed by climate change, while Dave Lefort is critical of alleged lapses in data security at Amazon.

Social media

Ireland GDPR report: Big fines coming soon for Big Tech?

2021-02-25T21:48:00+00:00By

Ireland’s data regulator has 27 ongoing cross-border inquiries into Big Tech firms, according to its latest annual report. It expects several cases to be resolved in the coming year.

New workplace screenshot

CW panel: Preparing for the return to the workplace—and the next pandemic

2021-02-25T17:06:00+00:00By

Experts at CW’s “Compliance Considerations for the New Workplace” virtual summit discuss striking the balance between complying with laws applicable to matters of health and safety while still respecting employee privacy in the return to the office and beyond.

Targeted advertising

EDPS opinion puts targeted advertising in crosshairs

2021-02-22T20:22:00+00:00By

The EU’s chief data regulator says planned regulations to oversee the tech sector should be tightened further to ban targeted advertising based on tracking online activity—an opinion that could prompt Big Tech and adtech firms to lobby hard against the changes.

Facebookcrop

Facebook fined $8.4M for data collection practices in Italy

2021-02-17T16:37:00+00:00By

Facebook has been fined €7 million (U.S. $8.4 million) by Italy’s antitrust regulator for failing to address issues related to its personal data collection practices.

Cyber-guard

Survey: Firms enhanced cyber-security in 2020, but not enough

2021-02-17T14:26:00+00:00By

Companies forced to pivot to remote work in a global health crisis spent the bulk of 2020 grappling with heightened cyber-security risks. A year later, compliance practitioners say their companies’ cyber-security postures are better for it—even in the wake of the stunning SolarWinds hack.