The UK Data Protection Authority (the ICO) has approved the first UK GDPR accreditation schemes, in favour of two organisations. The first working for the destruction of personal data on re-used IT equipment and the second working for age verification and the protection of children’s data. Read the ICO’s press release here →
The company Blackbaud is facing several class-actions and allegations that its response to a ransomware attack was in breach of the CCPA. Read more about the case here →
The Spanish Data Protection Authority issued two fines against a company for being in breach of the principle of data minimisation and for a lack of transparency. The company had notably placed video surveillance cameras in the common areas of a building without the authorisation of the board of owners. It was also pointed out that access to images from a camera on behalf of a third party other than the data controller must be regulated by a contract. Read the decision here →
3) New and Upcoming Legislation
China – The Personal Information Protection Law (PIPL) is expected to come into effect on November 1st, 2021. It notably allows fines ranging between $7.7 million and up to 5% of the previous year’s business revenue. It also provides that cross-border transfers must be overseen by the Cyberspace Administration of China. TechCrunch reported →
The Chinese authorities have also recently found 43 applications to be in breach of Chinese data transfer rules.