Data Privacy

TikTok building

TikTok facing $29M fine over U.K. children’s privacy violations


The Information Commissioner’s Office warned social media platform TikTok it could be fined £27 million (U.S. $29 million) for failing to protect children’s data in line with the U.K.’s version of the General Data Protection Regulation.

Instagram icon

Ireland interpretations of GDPR criticized again in Instagram case


In fining Instagram a record €405 million (U.S. $405 million) for General Data Protection Regulation violations regarding the safeguarding of teenage users’ data, the Irish Data Protection Commission took some heat of its own.

ground labs300x200

CPE Webcast: Data discovery and compliance with data protection legislation

2022-09-20T11:00:00+01:00Provided by

There is an increasing need for effective data discovery in the worldwide push toward data protection and privacy legislation. Data privacy laws have been passed in 71 percent of countries, and a further 9 percent have draft legislation in progress.


South Korea data regulator fines Google, Meta combined $72M


South Korea’s data regulator fined Google and Meta a total of ₩100 billion (U.S. $72 million) for violating the country’s personal data collection law, which forbids the collection and use of personal information without user consent.

HHS building

Dems seek stronger HIPAA privacy for abortion patients


Democratic senators are urging the Department of Health and Human Services to strengthen federal health privacy protections for abortion patients by updating the HIPAA Privacy Rule.

EU Artificial Intelligence

Experts: Europe’s AI Act to push companies to confront technology’s use


The Artificial Intelligence Act, along with upcoming EU rules addressing digital markets and services, should have companies considering their use of AI and other emerging technologies to determine how the laws might impact their business.


Instagram facing record $401M fine over children’s privacy violations


Instagram is set to be fined €405 million (U.S. $401 million) by Ireland’s data protection regulator for failing to adequately secure teenage users’ data in line with the General Data Protection Regulation.

FTC building

FTC sues Kochava for collecting, selling mobile phone user data


Data broker Kochava has been sued by the Federal Trade Commission for selling geolocation data on hundreds of millions of mobile phone customers that could unveil sensitive personal information without their knowledge or consent.


Accor fined $600K under GDPR after EDPB intervention


French hotel chain Accor had its initial fine for cross-border data privacy violations increased sixfold after one data regulator involved in the decision-making process complained an original penalty of €100,000 (U.S. $99,900) was too low.


Sephora fined $1.2M in first public CCPA enforcement


Cosmetics retailer Sephora agreed to pay $1.2 million in the first public enforcement action under California’s landmark consumer privacy law.


Snap agrees to $35M settlement in Illinois biometric data lawsuit


Social media company Snap reached a $35 million settlement in principle to resolve an Illinois class-action lawsuit alleging violations of the state’s Biometric Information Privacy Act through the collection of “facial biometric identifiers” without users’ consent.

Google building

Google fined $42M for misleading Australian customers on data collection


Google was ordered to pay 60 million Australian dollars (U.S. $42 million) to resolve charges levied by Australia’s competition regulator it misled its Australian customers about how to opt out from the collection of their personal location data.

FTC seal

FTC seeks to expand authority on data breaches, commercial surveillance


The Federal Trade Commission is seeking comment on potential rules that would penalize companies that suffer data breaches due to lax cybersecurity protocols and punish firms that engage in abusive commercial surveillance practices.


Adtech firm Criteo facing $61M GDPR fine in France


Adtech firm Criteo faces a proposed fine of €60 million (U.S. $61.4 million) from France’s data protection authority for noncompliance with the European Union’s General Data Protection Regulation.


CPE Webcast: Is your retention program ready for a penetration test?

2022-08-09T14:00:00+01:00Provided by

As organizations continue to collect and manage data, it is critical they understand the data retention requirements within their jurisdictions and the periods in which the data needs to be retained and respond to data subject access requests efficiently and defensibly.

Health records

Proposed NIST cybersecurity guide incorporates HIPAA Security Rule


The National Institute of Standards and Technology is seeking comment on proposed guidance intended to help healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s Security Rule.


One year later, Amazon GDPR fine details remain clouded


It’s been one year since online retailer Amazon announced it was on the receiving end of a record €746 million (U.S. $758 million) fine under the General Data Protection Regulation, but details about the decision—as well as the actual complaint—remain sketchy.


Volkswagen fined $1.1M under GDPR for unauthorized data collection


Volkswagen has agreed to pay €1.1 million (U.S. $1.1 million) to resolve allegations of violating the General Data Protection Regulation when a camera on one of its test vehicles recorded nearby drivers without their knowledge.

GDPR gears

EDPB adopts criteria for GDPR cross-border cooperation cases


The European Data Protection Board adopted a set of criteria to assess whether a cross-border matter might qualify as a case of “strategic importance” for closer cooperation—and how to proceed if it does.

Biometric scan

Clearview AI fined third time for GDPR violations


The Hellenic Data Protection Authority in Greece fined controversial facial image aggregator Clearview AI a record €20 million (U.S. $19.9 million) for unlawfully processing the biometric data of Greek citizens.

Wojciech Wiewiorowski

EDPS: U.K. GDPR reforms could create friction with EU


The United Kingdom’s keenness to agree to its own data adequacy decisions with countries like the United States could become a contentious issue with the European Union, according to European Data Protection Supervisor Wojciech Wiewiórowski.

Facebook Ireland

Facebook fate in EU thrusts transatlantic data flows back in spotlight


Reports of a potential shutdown of Meta services Facebook and Instagram in the European Union that could take place as soon as this summer underscore what’s at stake as the region works with the United States to finalize a new agreement on how to handle transatlantic data flows.

United Kingdom

U.K. data reform plan seeks to reduce ‘unnecessary burdens’ of GDPR


The U.K. government announced plans to reform the country’s data privacy laws to simplify procedures for businesses and reduce red tape, but the proposals might clash with certain elements of the EU’s General Data Protection Regulation.

GDPR EU flag

Experts: How to move forward with the GDPR


Data privacy experts speaking at an industry event believe the mechanisms in place under the General Data Protection Regulation to ensure compliance, enforcement, and redress need revisiting—and quickly.


European Commission assessing GDPR improvements, not overhaul


Three key members of the European Commission believe the General Data Protection Regulation should be enhanced by targeting aspects of data privacy through other laws rather than revamping the GDPR itself.


GDPR blame game: Who’s at fault for spotty enforcement record?


Regulators and privacy experts speaking at the European Data Protection Supervisor’s conference homed in on the flaws of the General Data Protection Regulation and what improvements need to be made to ensure more consistent enforcement of the law.

Google building

Google fine in Spain prompts revisit of GDPR effect on tech


Google’s latest fine for violations of the General Data Protection Regulation reignites the discussion around why Big Tech firms have not been more frequently penalized under the EU’s stringent privacy law.


California privacy board moves forward with draft CPRA regulations


The California Privacy Protection Agency unveiled draft rules for the soon-to-be enacted California Privacy Rights Act at its board meeting.


Bipartisan data privacy bill seeks to break through Congressional logjam


A bipartisan bill attempting to end the gridlock in Congress over crafting a federal data privacy law was introduced by a pair of Republicans and a Democrat.

Twitter HQ

Twitter agrees to $150M settlement with DOJ, FTC over data privacy lapses


Twitter agreed to a $150 million settlement with the Department of Justice and Federal Trade Commission for violating a 2011 administrative order by “misrepresenting” how it used nonpublic user information.


GDPR enforcement roundup: Spain stays on Vodafone, record fine in Poland


Vodafone running up its fine total in Spain and a record-setting action against a marketing firm in Poland highlight a roundup of notable enforcements announced under the General Data Protection Regulation during the first five months of 2022.

GDPR gears

Four years of GDPR: New tech testing data privacy law’s longevity?


It has been four years since the European Union’s flagship data privacy legislation came into force, but concerns are already being raised about whether the General Data Protection Regulation is being outpaced by technological developments and their use of data.


Oct. 25 | Why your CPRA compliance strategy is broken and how to fix it

2022-05-23T17:54:00+01:00Provided by

It is critical for organizations to carefully assess their CPRA compliance programs to identify gaps, avoid pitfalls, and minimize risks. Even organizations that have implemented a CCPA compliance program will need to consider enhancements to meet CPRA requirements.

Clearview AI

ICO fines Clearview AI $9.4M over alleged data privacy lapses


The U.K. Information Commissioner’s Office fined Clearview AI more than £7.5 million (U.S. $9.4 million) for collecting people’s images from internet and social media sites without their knowledge or consent.


Spanish DPA fines Google $10.6M for GDPR violations


Spain’s data protection authority has issued a record fine of €10 million (U.S. $10.6 million) against Google for two “serious infractions” of the EU’s General Data Protection Regulation regarding its sharing information with U.S. legal database Lumen.

Connecticut State Capitol

Connecticut fifth state to pass comprehensive data privacy law


Connecticut has joined four other states in passing a comprehensive data privacy law that requires companies to provide consumers with information about the personal data they collect.


CPE Webcast: Data: The ‘new gold’ or ‘new liability’?

2022-04-26T14:00:00+01:00Provided by

If organizations can wrest new insights from the data they harvest and process it can be a valuable business asset, but it has some serious limitations and can become a huge liability if they aren’t ensuring they are protecting the data.

FTC building

FTC chair: Agency reassessing rules amid current U.S. privacy landscape


The Federal Trade Commission is considering new rulemaking around commercial surveillance and lax data security practices while assessing whether other laws in place need to be updated, agency Chair Lina Khan said in a recent speech.

Bank of Ireland

Bank of Ireland fined $504K for credit rating data breaches


Bank of Ireland was fined €463,000 (U.S. $504,000) after an investigation by the Irish Data Protection Commission found customer data was accidentally altered in a way that could have damaged credit ratings and prevented getting loans.


Danske Bank fined $1.5M for data processing failures under GDPR


The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.

bryter ebook cover img

e-Book: How technology enables data protection

2022-03-31T13:00:00+01:00Provided by BRYTER

A Compliance Week and BRYTER survey analyzed 81 responses from compliance and legal practitioners who ranked data privacy and cybersecurity threats the No. 1 biggest risk entering 2022.

Data lock

Closing the data risk gap: How technology enables data protection


Legal and compliance teams ranked data privacy and cybersecurity threats the No. 1 biggest risk entering 2022. Further survey results reveal roadblocks to organizations’ proactive compliance.

Utah Capitol

New Utah privacy law ‘lighter’ than predecessors


Utah has become the fourth U.S. state to pass a comprehensive data privacy law, with others potentially on the way during this legislative session. Experts weigh in on how the Utah law compares to its counterparts in California, Colorado, and Virginia.

Transatlantic data

Experts optimistic, though wary, toward Privacy Shield successor


Legal and data privacy experts have expressed cautious optimism regarding the announcement that the United States and European Union have reached an agreement in principle to resume transatlantic data flows.

EU US privacy

Third time’s the charm? Agreement in principle reached on U.S.-EU data flows


The United States and European Union have reached an agreement in principle on how to handle transatlantic data flows, a thorny issue that has resulted in two prior frameworks being scrapped by the EU’s top court.

UK data

New ICO head strives for reassurance in first speech


John Edwards, head of the U.K. Information Commissioner’s Office, said he wants to bring greater certainty for companies regarding their data compliance needs, especially if the government’s drive to reduce regulatory burdens results in the EU withdrawing its data adequacy decision.

Privacy Shield

Momentum building toward Privacy Shield replacement?


Recent comments by EU and U.S. lawmakers and insights from privacy experts suggest a new mechanism to replace the defunct Privacy Shield and ensure safe transatlantic data transfers might soon be introduced.

GDPR EU flag

How EU regulators are warning of Russian data protection threats


Regulators in Norway, Germany, Lithuania, Estonia, Denmark, and Sweden address how companies can prepare for increased data protection and cybersecurity risks in the wake of Russia’s invasion of Ukraine.

FTC seal

Former CafePress owner to pay $500K in FTC settlement over data breach


Residual Pumpkin Entity, the former owner of CafePress, must pay $500,000 in redress under a proposed settlement with the Federal Trade Commission addressing allegations CafePress failed to secure personal data and covered up a data breach.

Facebook Ireland

Meta fined $18.6M under GDPR for 2018 data breaches


The Irish Data Protection Commission fined Meta’s Irish subsidiary 17 million euros (U.S. $18.6 million) for a series of personal data breaches that took place nearly four years ago.