On September 14, 2022, the US National Institute of Standards and Technology (NIST) issued NIST Internal Report titled ‘Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight.’ The report describes methods for combining risk information from across the organization. Read here →
2) Notable Case Law
The French data protection authority (CNIL) imposed a fine of€250,000 on G.I.E. INFOGREFFE for violating the General Data Protection Regulation (GDPR) following the receipt of a complaint. According to CNIL, 25% of the service’s users’ personal data (including bank details, surnames, first names, postal and email addresses) was retained for longer than the period defined by G.I.E. INFOGREFFE. Access here → (in French)
South Korean authorities announced that Google and Meta had been fined $71.8 million (100 billion KRW) for violating the country’s privacy rules. Reported on our blog →
On September 13, 2022, the Irish Data Protection Commission (DPC) announced that it had filed a draft decision in a large-scale investigation into TikTok Technology Limited to other EU regulatory authorities. Read here →
On September 8, 2022, the Danish data protection authority (Datatilsynet) issued a decision in which it temporarily suspended the Municipality of Helsingr’s ban on the use of Google Workspace and ordered the municipality to bring its practices in line with the General Data Protection Regulation. Reported here → (in Danish)
3) New and Upcoming Legislation
On September 15, 2022, the European Commission announced that it had submitted a proposal for a new Cyber Resilience Act, which was first suggested by the Commission’s President, Ursula von der Leyen, in September 2021. Access here →
According to multiple news sources in August, the German government is working on a rule that will set out the standards for so-called ‘consent management services,’ which are services for collecting and storing website users’ acceptance of the placement of cookies and similar technologies. Reported here →
4) Strong Impact Tech
Uber responded to a cybersecurity crisis last Thursday after the New York Times reported that a hack had compromised the company’s network, forcing it to shut down many internal communications and engineering systems. Reported here on our blog →
Peiter Zatko, Twitter’s former chief of security, told US senators that the company is “misleading the public” about how safe the network is. Read more here →
Other key information from the past weeks
This week, privacy officials from the Group of Seven countries met in Bonn, Germany, to examine methods to improve data flow between the world’s rich countries.
