Data Privacy

Clearview AI

ICO fines Clearview AI $9.4M over alleged data privacy lapses


The U.K. Information Commissioner’s Office fined Clearview AI more than £7.5 million (U.S. $9.4 million) for collecting people’s images from internet and social media sites without their knowledge or consent.


Spanish DPA fines Google $10.6M for GDPR violations


Spain’s data protection authority has issued a record fine of €10 million (U.S. $10.6 million) against Google for two “serious infractions” of the EU’s General Data Protection Regulation regarding its sharing information with U.S. legal database Lumen.

Connecticut State Capitol

Connecticut fifth state to pass comprehensive data privacy law


Connecticut has joined four other states in passing a comprehensive data privacy law that requires companies to provide consumers with information about the personal data they collect.


CPE Webcast: Data: The ‘new gold’ or ‘new liability’?

2022-04-26T14:00:00+01:00Provided by

If organizations can wrest new insights from the data they harvest and process it can be a valuable business asset, but it has some serious limitations and can become a huge liability if they aren’t ensuring they are protecting the data.

FTC building

FTC chair: Agency reassessing rules amid current U.S. privacy landscape


The Federal Trade Commission is considering new rulemaking around commercial surveillance and lax data security practices while assessing whether other laws in place need to be updated, agency Chair Lina Khan said in a recent speech.

Bank of Ireland

Bank of Ireland fined $504K for credit rating data breaches


Bank of Ireland was fined €463,000 (U.S. $504,000) after an investigation by the Irish Data Protection Commission found customer data was accidentally altered in a way that could have damaged credit ratings and prevented getting loans.


Danske Bank fined $1.5M for data processing failures under GDPR


The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.

bryter ebook cover img

e-Book: How technology enables data protection

2022-03-31T13:00:00+01:00Provided by BRYTER

A Compliance Week and BRYTER survey analyzed 81 responses from compliance and legal practitioners who ranked data privacy and cybersecurity threats the No. 1 biggest risk entering 2022.

Data lock

Closing the data risk gap: How technology enables data protection


Legal and compliance teams ranked data privacy and cybersecurity threats the No. 1 biggest risk entering 2022. Further survey results reveal roadblocks to organizations’ proactive compliance.

Utah Capitol

New Utah privacy law ‘lighter’ than predecessors


Utah has become the fourth U.S. state to pass a comprehensive data privacy law, with others potentially on the way during this legislative session. Experts weigh in on how the Utah law compares to its counterparts in California, Colorado, and Virginia.

Transatlantic data

Experts optimistic, though wary, toward Privacy Shield successor


Legal and data privacy experts have expressed cautious optimism regarding the announcement that the United States and European Union have reached an agreement in principle to resume transatlantic data flows.

EU US privacy

Third time’s the charm? Agreement in principle reached on U.S.-EU data flows


The United States and European Union have reached an agreement in principle on how to handle transatlantic data flows, a thorny issue that has resulted in two prior frameworks being scrapped by the EU’s top court.

UK data

New ICO head strives for reassurance in first speech


John Edwards, head of the U.K. Information Commissioner’s Office, said he wants to bring greater certainty for companies regarding their data compliance needs, especially if the government’s drive to reduce regulatory burdens results in the EU withdrawing its data adequacy decision.

Privacy Shield

Momentum building toward Privacy Shield replacement?


Recent comments by EU and U.S. lawmakers and insights from privacy experts suggest a new mechanism to replace the defunct Privacy Shield and ensure safe transatlantic data transfers might soon be introduced.

GDPR EU flag

How EU regulators are warning of Russian data protection threats


Regulators in Norway, Germany, Lithuania, Estonia, Denmark, and Sweden address how companies can prepare for increased data protection and cybersecurity risks in the wake of Russia’s invasion of Ukraine.

FTC seal

Former CafePress owner to pay $500K in FTC settlement over data breach


Residual Pumpkin Entity, the former owner of CafePress, must pay $500,000 in redress under a proposed settlement with the Federal Trade Commission addressing allegations CafePress failed to secure personal data and covered up a data breach.

Facebook Ireland

Meta fined $18.6M under GDPR for 2018 data breaches


The Irish Data Protection Commission fined Meta’s Irish subsidiary 17 million euros (U.S. $18.6 million) for a series of personal data breaches that took place nearly four years ago.


Clearview AI fined $22M in Italy over unlawful data collection


Facial image aggregator Clearview AI was fined €20 million (U.S. $22 million) for unlawfully processing the biometric and geolocation data of Italian citizens in violation of privacy laws including the General Data Protection Regulation.

Amazon trucks

Amazon transport arm GDPR fine imparts lesson on criminal record checks


Amazon Road Transport was fined €2 million (U.S. $2.2 million) for trying to carry out criminal record checks on freelance truck drivers it wanted to hire without Spanish law to back up the practice.

Online advertising

IAB Europe fighting back against ‘grossly unfair’ GDPR fine


Townsend Feehan, chief executive of the European arm of the Interactive Advertising Bureau, discusses the ramifications of her organization’s €250,000 (then-U.S. $286,000) fine under the General Data Protection Regulation in Belgium.


Telenor caught in GDPR conundrum over Myanmar subsidiary sale


A complaint filed with the Norwegian Data Protection Authority alleges Telenor’s progressing sale of its Myanmar-based subsidiary violates the EU’s General Data Protection Regulation by potentially exposing its customers in the region to military surveillance.

Locked files

Lawsuit by BitMEX co-founder could test GDPR’s reach over SARs


Ben Delo, co-founder of cryptocurrency exchange BitMEX, filed a complaint against Wise Payments after the company allegedly refused his requests under the General Data Protection Regulation to provide him with personal information it submitted via suspicious activity reports.

California flag

Rulemaking on CPRA facing delay


The newly formed California Privacy Protection Agency appears behind schedule on rulemaking for the transition to the California Privacy Rights Act, putting the law’s July 2023 enforcement date in question.


Strategies for complying with multiple data privacy regimes


Complying with multiple data privacy regimes is not simple, but it is increasingly becoming expected. A panel at CW’s virtual Cyber Risk & Data Privacy Summit offered their advice regarding the current global privacy landscape.

Business defense

Why high-growth companies should prioritize data privacy


A group of experts at CW’s virtual Cyber Risk & Data Privacy Summit explained how complying with data privacy regulations from Day 1 can provide high-growth companies with certain competitive advantages.

Cyber Risk employee monitoring

​Transparency key to navigating modern employee monitoring risk landscape


The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.


How Accor manages global data privacy compliance


Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.


Cosmote, parent company OTE fined $10.6M under GDPR


The Hellenic Data Protection Authority fined mobile phone operator Cosmote and its parent company OTE a total of €9.25 million (U.S. $10.6 million) for a data breach caused by a September 2020 cyberattack and for illegally processing customer data.

Meta Platforms

Meta threatens to pull Facebook, Instagram in Europe over GDPR data transfer dispute


Meta Platforms is threatening to pull down Facebook and Instagram in the European Union over concerns it cannot meet data-sharing rules set in the region’s General Data Protection Regulation.


IAB Europe fined $286K under GDPR for data processing violations


The European arm of the Interactive Advertising Bureau was fined €250,000 (U.S. $286,000) by the Belgian Data Protection Authority for data privacy violations regarding its Transparency and Consent Framework.

Ransomware Epilogue

Epilogue: What happened to Betsy?


The “patient zero” of fictional private utility company Vulnerable Electric’s ransomware crisis learns her fate.

Ransomware Chapter 4

Chapter 4: Recovery and lessons learned post-ransomware attack


Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.

Ransomware Glossary

Ransomware case study glossary


The field of cybersecurity features a growing list of terminology to describe the many forms, channels, and motivations behind cyberattacks and hacking culture. Learn further definitions for some key terms featured throughout the ransomware case study.

Ransomware Chapter 3

Chapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?


No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?

Ransomware Chapter 2_2

Chapter 2, Part 2: Ransomware damage control and when to alert stakeholders


Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.

Ransomware Chapter 2_1

Chapter 2, Part 1: Containment key to ransomware defense


With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.

Data money

Survey: Privacy budgets rise as businesses see consistent ROI


Companies believe effective privacy management improves trust, transparency, and provides a return on investment, according to the latest benchmark study by technology vendor Cisco.

Ransomware Chapter 1_2

Chapter 1, Part 2: All hands on deck in C-suite ransomware response


Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).

Ransomware Chapter 1_1

Chapter 1, Part 1: Betsy’s human error triggers ransomware crisis


When one of fictional private utility company Vulnerable Electric’s most dedicated employees falls victim to a social engineering hack, her actions in the immediate aftermath are crucial to what will soon become a crisis for the C-suite.

Ransomware cover

CW case study offers 360-degree view of ransomware attack


Learn through the eyes of the C-suite at Vulnerable Electric, a fictional private utility company impacted by a significant ransomware attack, as part of Compliance Week’s third case study.


Gensler says SEC to consider new rules for cybersecurity, data privacy disclosures


The Securities and Exchange Commission is kicking the tires on new cybersecurity and data privacy disclosure requirements for investment companies, investment advisers, broker-dealers, and public companies, according to agency Chair Gary Gensler.


REWE International $9M GDPR fine a lesson in managing subsidiary risk


A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.

Enel Energia

Italian DPA fines Enel Energia $30.1M under GDPR over telemarketing practices


Italian energy supplier Enel Energia has been fined €26.5 million (U.S. $30.1 million) under the General Data Protection Regulation for aggressive telemarketing.


NAVEX: Top 10 risk and compliance trends for 2022


Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.


Report: GDPR fines surpass $1B in 2021; breach notifications also rise


Nearly €1.1 billion (U.S. $1.2 billion) worth of fines have been issued against organizations in the past year for violations of the General Data Protection Regulation, according to the latest annual report by law firm DLA Piper.

archive360 300x200

CPE Webcast: Impact of privacy regulations on businesses

2022-01-18T14:00:00+00:00Provided by

As more states and individual countries create their own differing privacy laws, what will be the impact on companies trying to comply?


Accellion to pay $8.1M in proposed data breach settlement


The Accellion data breach that last year affected a variety of private- and public-sector organizations and compromised the personal data of millions of individuals could be resolved in an $8.1 million class-action settlement.

UK privacy

Difficult path ahead for new ICO head John Edwards


The United Kingdom’s newly appointed information commissioner, John Edwards, might find it hard to steer a successful path between ensuring citizens’ data rights are preserved while also trying to make U.K. laws more palatable for data-driven business.


Report: Financial services fines drop 49 percent in 2021


The value of penalties against global financial services firms in 2021 dropped to half the total levied in 2020, according to research by compliance technology provider Fenergo.

Google Ireland

France’s CNIL fines Google, Facebook $237M combined over cookies consent


French data privacy watchdog CNIL again sidestepped the GDPR in fining Google and Facebook a combined €210 million (U.S. $237 million) for making it too difficult for users to refuse cookies when accessing their websites.