On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. (NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020.
Investigative findings
In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images
There has been a big bang in the data protection world in Berlin as the first and most spectacular GDPR fine in Germany has just been declared invalid.
The Berlin Commissioner for Data Protection for Freedom of Information (Berliner
On 29 January 2021, the Personal Data Protection Commission (PDPC) announced that certain sections of the Personal Data Protection (Amendment) Act 2020 (the PDPA Amendments) will take effect from 1 February 2021 – please see PDPC’s announcement
A German state data protection authority has issued a fine of EUR 10.4m against a mid-size online retailer who allegedly violated the EU General Data Protection Regulation (GDPR) by monitoring their employees using CCTV.
The State Commissioner for Data Protection
The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in
On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within
In December 2019, the German Federal Commissioner for Data Protection and Freedom of Information (“Federal DPA”) levied a € 9.55m fine against 1&1 Telecom (“1&1”), a German telecom company. On 11 November 2020, the Regional Court
On 6 October 2020, the Court of Justice of the European Union (CJEU) published two decisions that further define the permitted scope of governmental access to personal data.
These decisions are relevant in two key areas:
Following the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) public consultation in May this year (Public Consultation), the Personal Data Protection (Amendment) Bill (Bill) was introduced and had its first reading