Data Privacy


3x2 web graphic

Compliance Week National Conference is going back in person in May

2021-10-25T12:00:00+01:00By

Mark your calendars: Compliance Week’s National Conference in Washington, D.C. will be held in person for the first time in nearly three years from May 16-18, 2022.

Data privacy

Global Privacy Assembly takeaways: ‘Time to get real’ on cross-border cooperation

2021-10-21T18:02:00+01:00By

Privacy regulators believe there must be a push toward greater international cooperation and enforcement if failure to ensure data protection is to be taken as seriously as other corporate offenses.

Sky

Sky Italia latest fined under GDPR over telemarketing practices

2021-10-20T16:24:00+01:00By

Sky Italia was ordered to pay nearly €3.3 million (U.S. $3.8 million) by Italy’s data protection authority Garante for allegedly misusing customer data to make unwanted promotional phone calls.

Austrian Post

GDPR enforcement roundup: Austrian Post facing new record fine

2021-10-18T16:56:00+01:00By

The Austrian Post is once again appealing what would be a record GDPR fine in the country after successfully defending itself in the first instance. Other recent decisions under the law provide further enforcement trends.

Facebook Ireland

‘Soft-hearted’ Irish DPC proposes $42M GDPR fine against Facebook

2021-10-15T15:24:00+01:00By

The Irish Data Protection Commission has set out plans to fine Facebook between €28 million and €36 million (U.S. $32 million and $42 million) for violations of the General Data Protection Regulation.

FTC seal

Senators waiving white flag on privacy law with request to FTC?

2021-10-06T22:06:00+01:00By

The request by a group of prominent Democratic senators that the Federal Trade Commission launch rulemaking on data privacy signals Congress is not close to passing a federal law anytime soon, experts say.

California

California privacy agency names executive director

2021-10-05T17:24:00+01:00By

The nation’s first state data privacy agency has selected former FTC Chief Technologist Ashkan Soltani to serve as its executive director overseeing enforcement and rulemaking of the CCPA and, eventually, the CPRA.

WhatsApp phone

WhatsApp GDPR fine fallout: EDPB actions shift enforcement landscape

2021-09-20T15:27:00+01:00By

Experts weigh in on the Irish Data Protection Commission’s €225 million (U.S. $267 million) GDPR fine against WhatsApp, which saw the European Data Protection Board rule to increase the fine total and compliance obligations.

/web/img/field/image/sec_0.jpg

App Annie to pay $10M in landmark SEC action

2021-09-15T17:31:00+01:00By

The Securities and Exchange Commission charged App Annie with securities fraud—the agency’s first enforcement action against an alternative data provider.

WhatsApp

Ireland shakes up GDPR enforcement with $267M fine against WhatsApp

2021-09-02T19:42:00+01:00By

Ireland’s Data Protection Commission announced a record-breaking €225 million (U.S. $267 million) fine against WhatsApp that is equally significant for the compliance lessons it imparts and inconsistency of the GDPR it exposes.

csiweb sept 2021 img

White paper: Solving Today’s Top KYC Compliance Challenges

2021-09-02T05:53:00+01:00Provided by

Read this white paper to learn the top KYC compliance challenges and how to create a modernized approach to meet KYC/IDV requirements.

UK privacy

U.K. signals divergence from GDPR with new data transfer approach

2021-09-01T15:44:00+01:00By

The United Kingdom announced plans to strike independent data adequacy decisions with key countries—including the United States—as part of its post-Brexit economic strategy.

China data

Preparing for China’s new GDPR-like data privacy law

2021-08-31T13:25:00+01:00By

China is set to enact a tough data privacy law that mirrors the EU’s General Data Protection Regulation in content but likely will be more strictly enforced, experts say.

T-Mobile

CEO: T-Mobile ‘humbled’ by data breach, taking steps to prevent future attacks

2021-08-27T15:51:00+01:00By

T-Mobile CEO Mike Sievert lamented the recent breach of company servers that led to a hacker stealing the personal information of nearly 55 million customers, but said the company is “fully committed to take our security efforts to the next level.”

ICO

​ICO’s first GDPR fine reduced on appeal

2021-08-24T16:28:00+01:00By

The U.K. Information Commissioner’s Office’s fine against pharmacy Doorstep Dispensaree for violations of the General Data Protection Regulation has been slashed approximately two-thirds on appeal to £92,000 (U.S. $126,000).

T-Mobile

T-Mobile ups compromised customer account total to 55M

2021-08-20T13:45:00+01:00By

A “highly sophisticated” cyber-attack illegally accessed nearly 55 million customer records of mobile phone carrier T-Mobile, the largest such attack against the company that has been hit at least four previous times since 2018.

Zoom

Hamburg DPA warns Zoom incompatible with GDPR

2021-08-19T16:24:00+01:00By

The Hamburg data protection authority has warned local government departments to stop using Zoom because it believes the videoconferencing app is not compliant with the General Data Protection Regulation.

Courthouse

GDPR fines worth appealing? Factors to consider

2021-08-19T13:03:00+01:00By

Experts weigh in on the results of a report from the European Data Protection Board showing which countries have seen the most GDPR fines annulled or modified following court appeal.

Brasseur_opinion

T-Mobile the least surprising data breach of 2021

2021-08-18T16:10:00+01:00By

Cyber-attacks catch most companies and their customers off guard, but T-Mobile, the victim of at least five data breaches since 2018, had many red flags indicating its vulnerability ahead of its latest incident.

ibm 300x200

CPE Webcast: Data privacy isn’t a compliance checkbox but a competitive advantage

2021-08-17T14:00:00+01:00Provided by

In the post-GDPR era, data privacy has taken center stage yet again due to digital transformation across the globe. Governments everywhere are enforcing more robust data protection guidelines to address new digital interactions between enterprises and consumers.

Euros chained

Resource demand to enforce GDPR weighing heavy on EU authorities

2021-08-13T16:53:00+01:00By

A new report from the European Data Protection Board has found an overwhelming majority of data protection authorities believe they are under-resourced to deal with the demands of the General Data Protection Regulation.

Employee spying

Employee monitoring proving hot target for GDPR enforcement

2021-08-11T18:23:00+01:00By

Recent fines in Italy against two food delivery companies for violating the privacy of their drivers should act as a warning that employee surveillance can prove to be a major breach of the General Data Protection Regulation.

Investigations

What factors are driving change in your corporate investigations process?

2021-08-10T15:00:00+01:00By

A recent survey from Compliance Week and OpenText reveals while investigations and data volumes are on the rise, machine learning combined with external expertise may give companies the upper hand in accelerating response and results.

Plaid

FinTech firm Plaid settles privacy lawsuit at $58M

2021-08-09T20:12:00+01:00By

Plaid has reached a $58 million settlement with a group of customers who claimed the FinTech company sold their bank transaction histories to third parties without their consent.

Deliveroo

Italian DPA fines Deliveroo $3M for worker privacy violations

2021-08-04T15:38:00+01:00By

Italy’s data protection authority Garante fined U.K.-based food delivery company Deliveroo €2.5 million (U.S. $3 million) under the GDPR for violating the privacy rights of its Italian drivers.

Zoom

Zoom agrees to enhance compliance in $85M settlement

2021-08-02T20:36:00+01:00By

Zoom has agreed to a preliminary class-action settlement with terms that would require the video-conferencing platform to establish an $85 million fund and improve its data privacy and security practices.

Walmart

Judge dismisses CCPA-related lawsuit against Walmart

2021-08-02T16:46:00+01:00By

A federal judge in California dismissed a lawsuit alleging a data breach at Walmart was a violation of the California Consumer Privacy Act, noting the plaintiff failed to prove a breach occurred.

Amazon building

Amazon discloses record-shattering $887M GDPR fine

2021-07-30T18:20:00+01:00By

Amazon disclosed it has received notice of a €746 million (U.S. $887 million) GDPR fine in Luxembourg for unlawful processing of personal data. The company intends to appeal the penalty, which would be more than 15 times the current record under the law.

TikTok

TikTok fined $883K under GDPR for children’s privacy violations

2021-07-23T18:25:00+01:00By

The Dutch Data Protection Authority imposed a €750,000 (U.S. $883,000) fine on TikTok for violating the privacy of young children following a wide-scale investigation launched last year.

California AG

California AG: ‘Great progress’ under CCPA despite no fines

2021-07-22T15:23:00+01:00By

California Attorney General Rob Bonta commemorated one year of CCPA enforcement with praise for the law despite there not yet being a publicly announced fine against a business.

Food delivery

Italian DPA cites biased tech in $3.1M GDPR fine

2021-07-08T15:46:00+01:00By

Italy’s data protection authority fined food delivery company Foodinho €2.6 million (U.S. $3.1 million) because the app at the core of its business model allegedly discriminated against employees.

Colorado capitol

Colorado third state to enact comprehensive privacy law

2021-07-08T14:16:00+01:00By

The Colorado Privacy Act largely mirrors its predecessors in California and Virginia but includes greater fines per violation of $20,000. The law is set to take effect July 1, 2023.

AdobeStock_322995135_Editorial_Use_Only

British Airways settles 2018 data breach class action

2021-07-07T16:50:00+01:00By

British Airways has settled one of the U.K.’s largest group actions after thousands of people sought compensation following a 2018 data breach that resulted in the airline being fined under the GDPR.

IBM-Online

e-Book: The current state of global privacy regulation

2021-06-29T17:48:00+01:00Provided by

Will states be able to move forward with their own privacy laws? A provision in a recent bill passed in Florida may be a stumbling block.

Privacy future

New tech, legal precedent forcing GDPR to evolve

2021-06-23T15:26:00+01:00By

Companies’ priorities regarding compliance with the GDPR are likely to become more focused because of a mixture of recent legal decisions and efforts by the European Commission to keep privacy rules in sync with changes in technology.

hyperproof300x200

CPE Webcast: How Motorola is transforming evidence collection for data protection compliance

2021-06-22T14:00:00+01:00Provided by Hyperproof

A popular saying among security, privacy and corporate compliance circles is “trust, but verify”. It’s a popular saying because it neatly captures so much of what compliance professionals have to do: collecting evidence to verify compliance.

Data privacy

New rules for SCCs: What you need to know

2021-06-17T16:28:00+01:00By

The latest set of standard contractual clauses for companies transferring data between the European Union and third countries, such as the United States, is meant to align more closely with the GDPR and root out government snooping.

onspring 300x200

CPE Webcast: Streamlining HIPAA & HITRUST compliance with an alternative reporting approach

2021-06-17T14:00:00+01:00Provided by

Your organization might be using HITRUST to manage multiple compliance initiatives, including HIPAA, NIST and the ISOs. The framework sets up a good set of practices that lend well to various privacy regulations and standards, yet connecting all that data for fast reporting is where most organization’s hit a wall.

Facebook privacy

CJEU ruling opens Facebook, others to greater GDPR liability

2021-06-16T15:53:00+01:00By

The EU’s top court ruled any of the bloc’s national data protection authorities can pursue a privacy complaint against Facebook or any other Big Tech firm and not just the supervisory authority where the company has its European headquarters.

Amazon

Reported Amazon fine ($425M) ‘biggest test’ of GDPR enforcement yet

2021-06-15T15:11:00+01:00By

Amazon reportedly faces a fine of more than $425 million under the GDPR that would show EU regulators firmly have Big Tech companies—and their practices—in their crosshairs.

Microsoft 365

EU probes of Microsoft, Amazon reignite calls for new Privacy Shield

2021-06-03T18:05:00+01:00By

European investigations into whether Amazon and Microsoft’s cloud-based services infringe EU privacy rules have once again shone a spotlight on how—and when—the United States and the European Union intend to come up with a new Privacy Shield.

Rising data

Report: GDPR fines more than doubled in Year 3

2021-05-27T17:05:00+01:00By

Data protection authorities issued 287 known GDPR fines between March 2020 and March 2021—a 120 percent increase in frequency, according to a new report from CMS.

GDPR

GDPR’s future: Fine amounts, transparency among top points of contention

2021-05-26T18:08:00+01:00By

Experts believe the GDPR is largely “future-proof,” though fine decisions that vary considerably from one EU country to the next and lack of transparency remain areas of concern for the privacy law three years in.

GDPRgavel

Three years of GDPR: Many milestones, but calls for change increase

2021-05-25T19:19:00+01:00By

Despite its achievements, the General Data Protection Regulation’s flaws have become evident. Some are already questioning whether the regulation—and the way it is regulated—are fit for purpose and whether the law needs to be changed.

Cloud data

Survey: Data access further complicated by emerging privacy laws

2021-05-21T16:50:00+01:00By

A recent survey of 100 executives from Fortune 500 companies found more than half are struggling to balance easy access to company data with privacy and security compliance under laws like the GDPR and CCPA.

Data lawsuit

Private right of action proving problematic for state privacy laws

2021-05-05T19:40:00+01:00By

An enforcement provision allowing customers to sue businesses that misuse their personal data is a key stumbling point for state-level data privacy legislation.

AI

What you need to know about proposed EU rules for trustworthy AI

2021-04-29T18:27:00+01:00By

With various levels of defined risk and the potential for steep fines for offenders, the European Commission’s recent proposal to ensure trust in the use of artificial intelligence should receive urgent attention from industries beyond Big Tech.

GDPR

GDPR one-stop shop ‘unsustainable,’ says key regulators

2021-04-27T19:07:00+01:00By

Irish Data Protection Commissioner Helen Dixon and European Data Protection Supervisor Wojciech Wiewiórowski are among those who believe the one-stop shop provision of the GDPR needs to be reformed for the long term.

Child Privacy

Lawmakers push FTC to investigate Google Play for COPPA violations

2021-04-23T20:15:00+01:00By

Two lawmakers sent a letter to the Federal Trade Commission urging the agency to investigate Google Play for potentially violating children’s privacy.

Data money

Fines key attention to data privacy from boards, says ICO head

2021-04-21T15:04:00+01:00By

The threat of fines has done more to focus boardroom attention on data privacy and effective cyber-security than any other measure, U.K. Information Commissioner Elizabeth Denham believes.