Data Privacy


columnist icons - kyle

New chief compliance officer, same Facebook

2021-04-16T14:29:00+01:00By

It isn’t surprising to see Facebook think it doesn’t have an ethical obligation to alert users to its latest data leak, writes Kyle Brasseur, but it is disappointing knowing the company now has a chief compliance officer in place.

exterro300x200

CPE Webcast: Mastering knowing your data and establishing a defensible data inventory

2021-04-15T14:00:00+01:00Provided by

In today’s data drive world, legal and compliance professionals must know their organization’s data, meaning the legal department must clearly understand how to quickly find and access data requested for litigation, audits and investigations, and how to protect data in compliance with privacy laws.

Facebook

Facebook facing 10th GDPR probe over data leak

2021-04-14T17:10:00+01:00By

The Irish Data Protection Commission has launched an inquiry into Facebook over concerns the social media giant may not have properly disclosed the full extent of its recent data leak.

Facebook privacy

Facebook’s new leak: Assessing its liability under the GDPR

2021-04-08T20:19:00+01:00By

Old personal data of more than 533 million Facebook users was recently made publicly available on a hacker forum. Could the social media giant face a new investigation under the GDPR in response?

Facebook

​Irish DPC seeking answers on Facebook breach

2021-04-07T19:37:00+01:00By

The Irish Data Protection Commission has reached out to Facebook seeking to determine whether the social media giant’s weekend data breach should receive scrutiny under the General Data Protection Regulation.

Fastweb

Italian DPA fines Fastweb $5.3M under GDPR for aggressive telemarketing

2021-04-06T18:04:00+01:00By

The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.

Booking

Booking.com fined $557K under GDPR for reporting data breach late

2021-04-01T20:55:00+01:00By

Online reservation Website Booking.com has been fined €475,000 (U.S. $557,000) by the Dutch Data Protection Authority for reporting a data breach 22 days later than the 72 hours required under the GDPR.

European Union

Local laws proving to be roadblocks for GDPR harmonization

2021-03-24T17:07:00+00:00By

Recent cases in Germany, France, and Austria underscore the difficulty of getting EU members on the same page regarding GDPR enforcement—particularly when other local laws take priority.

Clubhouse

Popular Clubhouse app being probed for GDPR violations

2021-03-19T17:19:00+00:00By

France’s data privacy watchdog adds to a growing list of regulators that have launched investigations into Alpha Exploration, the publisher of the Clubhouse application, regarding measures it has taken (or not taken) to comply with the GDPR.

Boardroom

Board members named to California’s first-in-the-nation data privacy board

2021-03-19T16:48:00+00:00By

The California Privacy Protection Agency, tasked with enforcing the state’s groundbreaking data privacy laws, now has a five-member board of directors.

Vodafone

​Vodafone Spain fined record $9.72M for data protection failures

2021-03-15T20:56:00+00:00By

Vodafone Spain has been fined €8.15 million (U.S. $9.72 million) for aggressive telemarketing tactics and other data protection failures under the GDPR. The penalty is the highest the Spanish Data Protection Agency has handed out.

GDPR industry fines

GDPR fines by industry: Telecoms far outpace Big Tech

2021-03-11T16:12:00+00:00By

Since the GDPR came into force in 2018, Big Tech firms have not been on the receiving end of fines as frequently as expected. Meanwhile, other industries have shown to be more prone to data privacy violations, namely telecommunications.

Roberts Ask a CCO

Ask a CCO: Are you in favor of federal data privacy legislation?

2021-03-09T21:30:00+00:00By Compliance Week

It’s a clean sweep: All five CCOs we spoke with are in favor of U.S. federal data privacy legislation. Read on for the reasoning behind their answers.

Technology sandbox

‘An invaluable asset’: Participants praise opportunity for feedback via GDPR sandboxes

2021-03-09T21:23:00+00:00By

Regulatory sandboxes launched by EU data protection authorities provide firms the opportunity to collaborate and make use of the regulator’s expertise to reduce GDPR compliance risks.

Deutsche Wohnen

GDPR dealt blow as German court drops $17.2M Deutsche Wohnen fine

2021-03-08T21:29:00+00:00By

A €14.5 million (U.S. $17.2 million) fine against Deutsche Wohnen has been dropped after a German court found under German law the company could not be held responsible for violating the GDPR unless blame could be attached to a specific individual or executive.

Kortney Nordrum quote

Ask a CCO: How has your company prioritized data privacy compliance?

2021-03-05T13:44:00+00:00By Compliance Week

Five senior compliance practitioners tell us how their companies have reacted to recent privacy legislation like the GDPR, CCPA, and other state regulations in the pipeline.

Nailedit1200x800

Video: Google ad change a boon for privacy; red flags apparent in Greensill downfall

2021-03-04T21:55:00+00:00By Compliance Week

Aaron Nicodemus acknowledges Google’s decision to stop selling ads based on user browsing history as a good first step, while Kyle Brasseur laments apparent red flags ignored in the seemingly impending collapse of Greensill Capital.

Virginia Capitol

More than a CCPA clone? Virginia passes nation’s second comprehensive privacy law

2021-03-03T16:02:00+00:00By

In what might be a sign of things to come for data privacy legislation nationwide, Virginia passed the country’s second comprehensive data privacy law. How does it stack up to its peer in California?

LifePoint

Special report: Compliance, infosec & battling cyber-threats

2021-03-02T16:54:00+00:00By

LifePoint Health’s VP for Compliance Program Operations/Chief Privacy Officer Ellen Hunt and VP/CISO Andy Heins share how they work ”hand in glove” to protect their company’s data from bad actors.

TikTok

TikTok $92M settlement includes data privacy compliance training program

2021-02-26T18:01:00+00:00By

TikTok is seeking preliminary approval of a class-action settlement with terms that would require the video sharing platform to establish a $92 million settlement fund and create a new compliance framework, according to court documents.

Nailedit1200x800

Video: SEC on right path with climate disclosures; alleged privacy lapses at Amazon troubling

2021-02-25T22:39:00+00:00By Compliance Week

Aaron Nicodemus applauds the SEC for taking steps to clarify how companies should disclose economic risks posed by climate change, while Dave Lefort is critical of alleged lapses in data security at Amazon.

Social media

Ireland GDPR report: Big fines coming soon for Big Tech?

2021-02-25T21:48:00+00:00By

Ireland’s data regulator has 27 ongoing cross-border inquiries into Big Tech firms, according to its latest annual report. It expects several cases to be resolved in the coming year.

New workplace screenshot

CW panel: Preparing for the return to the workplace—and the next pandemic

2021-02-25T17:06:00+00:00By

Experts at CW’s “Compliance Considerations for the New Workplace” virtual summit discuss striking the balance between complying with laws applicable to matters of health and safety while still respecting employee privacy in the return to the office and beyond.

Targeted advertising

EDPS opinion puts targeted advertising in crosshairs

2021-02-22T20:22:00+00:00By

The EU’s chief data regulator says planned regulations to oversee the tech sector should be tightened further to ban targeted advertising based on tracking online activity—an opinion that could prompt Big Tech and adtech firms to lobby hard against the changes.

Facebookcrop

Facebook fined $8.4M for data collection practices in Italy

2021-02-17T16:37:00+00:00By

Facebook has been fined €7 million (U.S. $8.4 million) by Italy’s antitrust regulator for failing to address issues related to its personal data collection practices.

Cyber-guard

Survey: Firms enhanced cyber-security in 2020, but not enough

2021-02-17T14:26:00+00:00By

Companies forced to pivot to remote work in a global health crisis spent the bulk of 2020 grappling with heightened cyber-security risks. A year later, compliance practitioners say their companies’ cyber-security postures are better for it—even in the wake of the stunning SolarWinds hack.

TikTok

TikTok faces more backlash, now from EU consumer group

2021-02-16T20:12:00+00:00By

TikTok has come under the scrutiny of European consumer advocacy organization BEUC, which is urging authorities to put an end to the video sharing platform’s abuse of EU users’ rights—especially those of children.

Facebook privacy

The great privacy race? Apple, Facebook pitch data transparency

2021-02-08T14:48:00+00:00By

Apple and Facebook, two of the world’s most powerful companies, are jockeying over how transparent to be with their customers on whom they share users’ personal data with and what they do with it.

skillsoft 300x200

CPE Webcast: Adapting your compliance program for the next new normal

2021-02-04T11:00:00+00:00Provided by

With the global workplace in a fractious state in 2020, many companies transitioned employees to working from home. This created new challenges for compliance leaders from providing clear data security guidance to reinforcing HR policies like harassment prevention for the remote work environment.

Nailedit1200x800

Video: Thumbs-down to all parties in GameStop madness

2021-01-28T22:28:00+00:00By Compliance Week

While Kyle Brasseur gives Data Privacy Day the shout-out it deserves, Dave Lefort explains why retail investors, the apps they use, and regulators all “Failed It” in the GameStop stock market craze.

Spain and Italy

Spain, Italy setting new standard for GDPR enforcement

2021-01-28T20:36:00+00:00By

While big fines against big companies make headlines, Spain and Italy have flown under the radar as two of the most frequent enforcers of the GDPR, instead primarily focusing on smaller penalties. Might other countries follow suit?

Grindr

Norwegian DPA warns Grindr of $11.7M GDPR fine

2021-01-26T20:38:00+00:00By

Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.

CaixaBank

Spanish DPA fines CaixaBank record $7.3M under GDPR

2021-01-25T20:31:00+00:00By

Spain’s data protection authority recently fined CaixaBank €6 million (U.S. $7.3 million) for misuse of customer data, the largest GDPR fine the country has handed out.

Privacy data access

Three best practices for handling GDPR and CCPA ‘right of access’ requests

2021-01-22T18:36:00+00:00By

A panel discussion on a recent Webcast analyzed common data subject access request compliance challenges, as well as leading practices designed to best comply with the EU’s GDPR and the CCPA in the United States.

Cyber-risk panel

Cyber-Risk Summit: 7 best practices for protecting employee health data

2021-01-21T21:19:00+00:00By

Experts at CW’s virtual Cyber-Risk and Data Privacy Summit explain the importance for companies to review and enhance their current data security compliance policies and procedures.

EU US privacy

EU regulators beef up SCCs as temporary Privacy Shield alternative

2021-01-15T19:41:00+00:00By

The key data regulators that oversee the European Union’s strict privacy regulation agreed to a beefed up set of contractual terms to provide more clarity about the level of protection data transfers to countries outside the EU can enjoy.

British Airways

British Airways breach could cost billions in landmark class-action push

2021-01-15T15:12:00+00:00By

British Airways faces the largest group claim ever made in U.K. legal history over a 2018 data breach that exposed the financial and personal details of more than 400,000 of its customers.

skillsoft white paper cover img

White paper: Managing compliance for a remote workforce

2021-01-15T05:26:00+00:00Provided by

In 2020, companies are experiencing new dilemmas regarding compliance. With COVID-19, millions of workers have shifted from working in an office space — an employer-controlled environment — to working from home offices.

Nailedit1200x800

Video: Gensler a strong choice for SEC; Flo’s alleged privacy lapses inexcusable

2021-01-14T21:27:00+00:00By Compliance Week

Aaron Nicodemus explains why President-elect Joe Biden’s SEC chairman pick, Gary Gensler, is getting rave reviews, while Aly McDevitt criticizes the alleged privacy misdeeds of Flo Health that led to an FTC settlement.

Big Tech

CJEU opinion could further expose Big Tech under GDPR

2021-01-13T19:24:00+00:00By

Any European Union data protection authority should be allowed to pursue legal action against Big Tech firms over privacy issues, according to an opinion from the advocate general of the region’s top court.

Employee monitoring

German laptop retailer fined $12.7M under GDPR for employee surveillance

2021-01-11T19:08:00+00:00By

A German data regulator fined an online laptop and electronic goods retailer €10.4 million (U.S. $12.7 million) for video-monitoring employees for at least two years without legal basis.

columnist icons - kyle

Temper expectations on a U.S. federal privacy law in 2021

2020-12-30T19:04:00+00:00By

With the collapse of the EU-U.S. Privacy Shield comes an opportunity for the United States to address its data protection shortcomings. Just don’t expect a quick fix, as a litany of issues remain.

Global

Report: Fines against financial institutions hit $10.4B in 2020

2020-12-22T21:14:00+00:00By

Financial institutions have been hit with $10.4 billion in global fines and penalties related to AML, KYC, data privacy, and MiFID regulations in 2020, according to a recent Fenergo report.

Europedata

GDPR priorities for 2021: Twitter ruling stresses need for harmonization

2020-12-22T20:43:00+00:00By

European data protection authorities need to speed up their decision-making processes—especially with regard to cross-border complaints—before regulators lose patience and find legal means to mete out penalties under national laws instead of the GDPR.

archive360 300x200

CPE Webcast: Schrems II: The end of the EU-U.S. Privacy Shield

2020-12-22T14:00:00+00:00Provided by

The invalidation of the EU-U.S. Privacy Shield has many U.S. companies wondering if they will ever be able to take possession of EU data again.

New Zealand

New Zealand’s new privacy law comes with a refreshing twist—it allows for apologies

2020-12-21T17:02:00+00:00By Mary Shirley, CW guest columnist

New Zealand’s new data privacy law allows an apology to be made without admitting guilt, a provision that follows with the island’s non-traditional form of leadership as one that focuses on empathy and the well-being of the people.

nailedit1200x800_778257

Video: Twitter GDPR fine too little or just right?

2020-12-17T20:03:00+00:00By Compliance Week

Aaron Nicodemus and Dave Lefort debate whether the Irish Data Protection Commission’s €450,000 (U.S. $547,000) fine against Twitter under the GDPR is an appropriate figure or way too small for the social media company.

aparavi300x200

CPE Webcast: CCPA year in review

2020-12-17T14:00:00+00:00Provided by

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and is currently the most comprehensive consumer data privacy law in the United States.

FTC

FTC data requests could pave way to federal privacy law, experts say

2020-12-15T22:16:00+00:00By

FTC requests issued to nine social media and video streaming services for information about how they collect and use personal information could be a step toward the U.S. government enacting federal privacy legislation.

Twitter

Twitter’s tiny $547K GDPR fine leaves many scratching their heads

2020-12-15T20:19:00+00:00By

Ireland’s first major decision against a Big Tech company under the GDPR has stirred controversy as the country’s data regulator hit Twitter with an underwhelming €450,000 (U.S. $547,000) fine for a 2018 data breach.