Global News Roundup: July 13–20, 2020

In this week’s global legislative roundup, the IAPP provided full coverage and analysis of the Court of Justice of the European Union’s “Schrems II” ruling. EU General Data Protection Regulation fines were handed out in Belgium, Italy and Norway. IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, looked at state and federal proposals for U.S. facial recognition regulation. And California’s Office of the Attorney General released an updated California Consumer Privacy Act FAQ page.

LATEST NEWS

Egyptian President Abdel Fattah El Sisi approved the country’s draft privacy legislation, Egypt Today reports.
More

Germany’s Federal Constitutional Court, Bundesverfassungsgericht, ruled laws giving law enforcement access to users’ internet and phone data are unconstitutional and require improved privacy standards, BBC News reports.
More

LinkedIn filed papers with the U.S. Supreme Court to have its data-scraping lawsuit against hiQ Labs heard, MediaPost reports.
More

Facebook will go before U.S. District Judge James Donato to try to finalize its $550 million settlement over Illinois Biometric Information Privacy Act violations, NPR reports.
More

Gov. Chris Sununu, R-N.H., vetoed a bill that would have added privacy protections on the disclosure of public employees’ home address, email address and telephone numbers, NHPR reports.
More

ICYMI

In this piece for The Privacy Advisor, IAPP Editorial Director Jedidiah Bracy, CIPP, reports the Court of Justice of the European Union’s decision to invalidate the EU-U.S. Privacy Shield and uphold the validity standard contractual clauses with specific stipulations.
More

IAPP Research Director and former Privacy Shield Director at the U.S. Department of Commerce Caitlin Fennessy, CIPP/US, takes a look at the impact the CJEU ruling will have on data transfers going forward in this post for Privacy Tracker.
More

IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, breaks down the numerous U.S. proposals for facial recognition regulation and their importance in preserving fundamental rights in this Privacy Tracker piece.
More

ENFORCEMENT

Belgium’s Data Protection Authority announced a 600,000 euro fine against Google Belgium for violating a data subject’s right to be forgotten and a lack of transparency on its delisting application. (Original post is in Dutch.)
More

Colombia’s data protection authority, Superintendencia de Industria y Comercio, fined the Financial Information Center $702.2 million pesos for the unnecessary use of sensitive information that led to the denial of loans to 288,753 consumers. (Original post is in Spanish.)
More

The Italian data protection authority, the Garante, issued EU General Data Protection Regulation fines of 200,000, 800,000 and 17 million euros against three telecommunications operators. (Original post is in Italian.)
More

Norway’s data protection authority, Datatilsynet, announced a NOK 500,000 fine against the municipality of Rælingen for violating the GDPR. (Original post is in Norwegian.)
More

The Korea Communications Commission fined TikTok 186 million won for violating South Korean telecommunications law with its improper handling of minors’ personal data, Yonhap News Agency.
More

ASIA-PACIFIC

The Office of the Australian Information Commissioner found federal government department Services Australia breached a guiding privacy principle of the Privacy Act 1988, ZDNet reports.
More

The Supreme Court of India mandated telecommunications providers safeguard and separate electronic evidence, including call data records, during investigations, The Hindu reports.
More

According to Dentons, updates to Kazakhstan’s Personal Data Law and regulation on digital technologies took effect July 7. The amendments include a mandate for the creation of a regulatory office, rules for data processing and the right to be forgotten.
More

New Zealand’s Office of the Privacy Commissioner announced it will take public submissions for updating and replacing the six codes of practice under the Privacy Act 2020.
More

CANADA

Nova Scotia Information and Privacy Commissioner Tricia Ralph called for an update to the province’s privacy laws as her office releases its “2019-2020 Annual Report.”
More

EUROPE

The European Commission plans to examine whether infringement procedures are necessary for member states that are not compliant with the EU General Data Protection Regulation, Euractiv reports.
More

The European Data Protection Board published the final version of its guidelines for the criteria of the right to be forgotten related to search engine cases under Article 17 of the GDPR.
More

France’s data protection authority, the Commission nationale de l’informatique et des libertés, released guidance on handling data transfer requests from authorized third parties. (Original post is in French.)
More

US

Members of the U.S. House of Representatives want to restart talks regarding federal privacy legislation, MeriTalk reports.
More

The U.S. Department of Health and Human Services amended privacy provisions in portions of the Confidentiality of Substance Use Disorder Patient Records regulations, GovInfoSecurity reports.
More

California’s Office of the Attorney General updated its frequently asked questions page on the California Consumer Privacy Act.
More

Walmart faces a lawsuit for allegedly violating the CCPA following a data breach, MediaPost reports.
More

A lawsuit filed against Google claims the tech company violated federal and California privacy law by tracking app activity after a user opted out of the practice, Reuters reports.
More

Amazon, Alphabet and Microsoft have been sued for alleged violations of Illinois’ Biometric Information Privacy Act, CNET reports.
More

The Massachusetts Senate passed a police reform bill that places a moratorium on the use of facial surveillance technology while a commission investigates its use, which critics call an invasion of privacy, The Boston Globe reports.
More

Vermont Attorney General TJ Donovan released guidance on the state’s Security Breach Notice Act, Vermont Business Magazine reports.
More