On July 7, 2022, NOYB made a statement in response to the draft ruling given by the Irish DPA over Meta’s personal data transfers from the EU to the US. NOYB pointed out that the decision will not result in an immediate block of data transfers, but it will initiate the process outlined in Article 60 of the GDPR, other European data protection authorities will have one month to offer comments on the draft decision. Read the full story →
The China Banking and Insurance Regulatory Commission issued the Draft of Administrative Measures for the Protection of Consumer Rights and Interests in Banking and Insurance Institutions on May 19, 2022. The draft guidelines specifically state that banks and insurance companies must implement procedures to protect consumers’ personal information, an audit plan for consumers’ rights and interests, effective internal management systems, internal control measures, and complaint handling processes. Access the announcement here → (In Chinese)
The Czech Republic DPA conducted an annual audit program to ensure GDPR compliance in terms of cookie processing. The Authority’s president stated that if there is noncompliance, there will be economic sanctions. Read more about this on our blog →
2) Notable Case Law
Following a report filed by the Guardia di Finanza, the Italian Garante issued Order No. 178, which fined an Italian automotive business € 3,000. The Authority discovered 14 closed-circuit television cameras installed both inside and outside the company’s facilities, allowing employees’ activities to be remotely watched. Full story on our blog →
3) New and Upcoming Legislation
On July 5, the European Parliament passed in first reading the Digital Markets Act (DMA) and the Digital Services Act (DSA), which the Commission proposed in December 2020. The DMA will implement a set of measures for the top tech businesses (those with more than 45 million EU users), including content moderation and due diligence requirements. The European Commission will have the authority to levy a monitoring fee of up to 1% of their yearly sales. At least 150 people will be hired to accelerate the legislative process. Reported here →
4) Strong Impact Tech
The Marriott International hotel group disclosed a significant data breach involving its customers and staff. A total of 20 terabytes of sensitive data, including credit card details and personal information, were compromised. Hackers used an email scam to obtain access to an employee’s PC. The company indicated that they are preparing to notify 300-400 persons about the issue and have already notified the appropriate police authorities. Access the full story →
The Garante has issued an emergency order and a warning to TikTok for its handling of personal data used for targeted advertising and there is the risk that the ads also target children. TikTok has decided to ‘pause’ its privacy policy update in Europe that was set to go live yesterday (July 13). Follow this story on our blog →
Other key information from the past weeks
Luxembourg is the first country to implement a GDPR-compliant certification procedure. On May 13, 2022, the National Data Protection Commission (CNPD) adopted its GDPR-CARPA certification system.
The California Age-Appropriate Design Code Act was approved by the California State Assembly by a vote of 72-0 and is now being submitted to the Senate for review.
