Topic: Enforcement
Subscribe to Enforcement RSS feed
CCPA: “Wait and see” is not the right approach
We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links … Continue reading
One-Month Countdown to Pass CCPA Amendments Begins
On August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline. As previously reported, any amendment … Continue reading
Website operators joint controllers with third-party plugin providers
Posted in Enforcement
On 29 July 2019, the European Court of Justice (ECJ) issued its judgement on Case C-40/17 (the “Fashion-ID” case). In its ruling, the ECJ held that operators of websites embedding Facebook’s “Like” button act as data controllers jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors … Continue reading
US CLOUD Act and International Privacy
The U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is apparently the Goldilocks of the privacy world, according to recent statements issued by two international jurisdictions. The CLOUD Act’s requirements are “too hard” for Australian law, according to the Law Council of Australia, but the privacy protections are “too soft” for the European … Continue reading
Back At The Negotiating Table: CCPA Amendments Debate Continues
In a 12-hour marathon hearing, the California Senate Judiciary Committee on July 9, 2019, debated, struck down, scaled back and put back on the negotiating table key amendments to the California Consumer Privacy Act (“CCPA”). Read below to find out what happened to the much-anticipated “employee exception” bill, “customer loyalty program” bill, and the bill … Continue reading
New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR
Posted in Data breach, Enforcement
Following the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading
Nevada, New York and other states follow California’s CCPA
CCPA: “Attorney General Amendment” Likely Dead
This is the Data Protection Report’s ninth blog post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. On May 16, 2019, the California Senate Appropriations Committee held a hearing that included S.B. 561, the “Attorney General amendment” to the … Continue reading
Google and other big data companies face increased scrutiny
Posted in Compliance and risk management, Enforcement
Big data companies like Google and Facebook are now facing increased scrutiny about the use of massive amounts of personal data in the digital ad marketplace.… Continue reading
Parenting support club Bounty fined in ‘unprecedented’ data breach
Posted in Enforcement
On 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading
French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law
Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal … Continue reading
German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right
Posted in Enforcement
A mid-level German employment court recently had to consider the scope of subject access requests under the EU General Data Protection Regulation (GDPR) in the context of compliance and whistle-blowing regimes. The Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance … Continue reading
GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019
Posted in Compliance and risk management, Enforcement
This is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and … Continue reading
EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR
On January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”).… Continue reading
First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalized ads
On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC. It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. We focus here on four key aspects … Continue reading
California Attorney General’s Office begins CCPA rulemaking process with first public hearing while Congress debates new federal privacy law
This is the Data Protection Report’s sixth post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. The California Consumer Privacy Act of 2018 (“CCPA”), California’s new privacy law which takes effect on January 1, 2020, requires the Attorney General to … Continue reading
Transition period under New York Cybersecurity Regulation ends March 1, 2019
The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other … Continue reading
