The six-month implementation period of IAB Europe’s Transparency and Consent Framework (TCF) action plan has been suspended by the Belgian data protection authority (APD) on its own initiative. Read about it on our blog →
The CNIL has published a guide to its “priority themes,” which serve as direction for its investigations. The goal for 2023 is to prioritize inquiries and monitor app makers’ use of digital trackers, amongst others. Access here →
The 2022 activity report has been published by the German BfDI which refers to the 10,658 reports of data protection violations received by the Authority and 491 submissions related to the right to information. Citizens also contacted the Federal Data Protection Commissioner with 6,619 complaints and inquiries. Reported here → (In German)
The U.S. Federal Trade Commission‘s new Office of Technology has published an analysis and pertaining guidance on third-party tracking pixels, offering explanations on how they work, and five principal findings related thereto. Access here →
The High Court of Australia‘s decision to revoke Facebook, Inc.’s (now Meta Platforms Inc.) special leave to appeal to the High Court has been strongly welcomed by the Office of the Australian Information Commissioner. Read about it here →
The Wall Street Journal has reported that national courts are siding with multinational companies in Privacy Appeals and overturning fines imposed by national DPAs. Read here →
Facebook Ireland was found to have processed Dutch “users’ personal data for advertising purposes without a legal basis and provided users’ data to third parties without proper notification from 2010-2020.” The Authority’s summary can be found here → (In Dutch)
The Spanish agencia española protección datos (AEPD) imposed a fine of €100,000 on Orange Espagne, S.A.U., for violations of Article 5(1)(c) of the GDPR due to unlawful processing of national identity cards of its customers, further to a complaint submitted by an individual. Access here → (in Spanish)
AEPD imposed a fine of €170,000, which was eventually reduced to €136,000, on Vodafone España, S.A.U., for violations of Articles 6 and 32 of the GDPR, due to the execution of a data portability request without the correct security information being provided. Read here → (in Spanish)
The Irish Data Protection Commission has published its decision further to an inquiry concerning the Bank of Ireland’s 365 app and the data breaches committed wherein individuals gained unauthorized access to other people’s accounts via the said app. The Commission imposed an administrative fine of €750,000 in conjunction with a reprimand and an order to bring processing into compliance.
3) New and Upcoming Legislation
EU: MEPs adopted the draft Data Act and are now ready to enter into negotiations with the Council in an effort to finalize the law. Access here →
Argentina: A bill has been published by the Argentinian Data Protection Authority (AAIP) which will serve to amend law 25,326 being the current Personal Data Protection Act. Reported here → (in Spanish)
Kentucky: Senate Bill 15 on consumer data privacy passes State Senate and moves to House of Representatives
Colorado: The AG has filed finalized CPA Rules with the Secretary of State’s Office. Reported here →
Iowa: Senate File 262 concerning consumer data protection passes both House and Senate.
4) Strong Impact Tech
The Federal Trade Commission finalizes an order which requires Fortnite developer Epic Games to pay the sum of US$245 million for tricking users into paying several misleading charges. Access the press release here →
The British Prime Minister Rishi Sunak has hinted that the United Kingdom may follow suit of its US and Canadian counterparts and ban TikTok ban from UK government devices. He said that he will take “whatever steps necessary” to protect Britain’s security. Read about this on our blog →
Other key information from the past weeks
Ireland’s Data Protection Commission released its 2022 annual report, which detailed its workload and regulatory accomplishments over the past year.
The Czech Republic’s Office for Personal Data Protection (UOOU) published FAQs in relation to cookie bars and consent.