The Data Protection Authorities for Hong Kong and for Luxembourg have each released their annual reports for 2020. Read the Hong Kong report → and the Luxembourg report →
The Federal Trade Commission (United States) issued a report on data processing by Internet Service Providers (ISPs). The report notably delves into consumer awareness of the extent of the data processing and sharing with third parties. It also studies the actual possibility of the consumer making choices surrounding their data. The report is available here →
The French Data Protection Authority (the CNIL) has opened a public consultation on recommendations on the topic of updated password management. Access it here →
The Brazilian Data Protection Authority has joined the Ibero-American Data Protection Network (‘RIPD’), which notably has as a goal to promote the necessary regulatory developments. Read their press release here →
2) Notable Case Law
The Italian Data Protection Authority is investigating a data breach notification received from the Italian Society of Authors and Publishers (‘SIAE’). They have also issued a €3.2M fine against a company for its direct marketing practices via phone calls. Read about the decision here →
The Spanish Data Protection Authority has issued the third-largest fine in its history, €6M, against a bank for conducting direct marketing without proper consent. Read about the decision here →
The Austrian Data Protection Authority has issued a €9.5M fine against a company for not respecting data subject claims. Read the company’s press release here →
3) New and Upcoming Legislation
European Data Protection Board (EDPB) – A Guidance that expands on Article 23 of the General Data Protection Regulation (GDPR) was validated. The Guidelines discuss the conditions for Member States or the EU legislator to use restrictions of data subject rights. Access the Guidance here → The EDPB has also launched its first coordinated action on the topic of cloud-based services. Access their press release here →
The browser Brave now defaults to its privacy-centric version, instead of the Google search version.
Microsoft has launched two privacy tools called Privacy Management for Microsoft 365 and Microsoft Compliance Manager.
Other key information from the past weeks
On October 13th, 2021, the Australian Government has announced a Ransomware Action Plan.
While the Data Protection Authority of Luxembourg (the CNPD) has issued a €746M fine against Amazon Europe Core in July 2021, the company has now appealed the decision.
The French Data Protection Authority (the CNIL) has published an article about alternatives to third-party cookies.