Topic: Enforcement

Subscribe to Enforcement RSS feed

One-Month Countdown to Pass CCPA Amendments Begins

Photo of Jeewon Kim Serrato (US)Photo of Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in CCPA, Compliance and risk management, Enforcement
Data Protection Report - Norton Rose FulbrightOn August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline.  As previously reported, any amendment … Continue reading

Website operators joint controllers with third-party plugin providers

Photo of Lara White (UK)Photo of Natalia Filkina (DE)Photo of Shiv Daddar (UK)By Lara White (UK), Natalia Filkina (DE) and Shiv Daddar (UK) on Posted in Enforcement
Norton Rose Fulbright - Data Protection Report blogOn 29 July 2019, the European Court of Justice (ECJ) issued its judgement on Case C-40/17 (the “Fashion-ID” case). In its ruling, the ECJ held that operators of websites embedding Facebook’s “Like” button act as data controllers jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors … Continue reading

US CLOUD Act and International Privacy

Photo of Marcus Evans (UK)Photo of David Kessler (US)Photo of Jim Lennon (AU)Photo of Susan Ross (US)By Marcus Evans (UK), David Kessler (US), Jim Lennon (AU) and Susan Ross (US) on Posted in Compliance and risk management, Enforcement, General
Norton Rose Fulbright - Data Protection Report blogThe U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is apparently the Goldilocks of the privacy world, according to recent statements issued by two international jurisdictions. The CLOUD Act’s requirements are “too hard” for Australian law, according to the Law Council of Australia, but the privacy protections are “too soft” for the European … Continue reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Photo of Nadège Martin (FR)Photo of Nilofar Moini Shabestari (FR)By Nadège Martin (FR) and Nilofar Moini Shabestari (FR) on Posted in Data breach, Enforcement
Data Protection Report - Norton Rose FulbrightFollowing the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading

Parenting support club Bounty fined in ‘unprecedented’ data breach

Photo of Lara White (UK)By Lara White (UK) on Posted in Enforcement
Norton Rose Fulbright - Data Protection Report blogOn 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Photo of Cécile Auvieux (FR)Photo of Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Dispute resolution and litigation, Enforcement
Norton Rose Fulbright - Data Protection Report blogFive years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal … Continue reading

German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right

Photo of Christoph Ritzer (DE)Photo of Cornelia Marquardt (DE)Photo of Natalia Filkina (DE)By Christoph Ritzer (DE), Cornelia Marquardt (DE) and Natalia Filkina (DE) on Posted in Enforcement
Data Protection Report - Norton Rose FulbrightA mid-level German employment court recently had to consider the scope of subject access requests under the EU General Data Protection Regulation (GDPR) in the context of compliance and whistle-blowing regimes. The Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance … Continue reading

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

Photo of Jeewon Kim Serrato (US)Photo of Daniel Rosenzweig (US)By Jeewon Kim Serrato (US) and Daniel Rosenzweig (US) on Posted in CCPA, Compliance and risk management, Enforcement
Norton Rose Fulbright - Data Protection Report blogThis is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and … Continue reading

EDPB issues new opinion on interplay between Clinical Trials Regulation and the GDPR

Photo of David Kessler (US)Photo of Christoph Ritzer (DE)Photo of Sven Jacobs (DE)Photo of Anna Rudawski (US)Photo of Max Kellogg (US)By David Kessler (US), Christoph Ritzer (DE), Sven Jacobs (DE), Anna Rudawski (US) and Max Kellogg (US) on Posted in Compliance and risk management, Enforcement, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn January 23, 2019, the European Data Protection Board (“EDPB”) issued an opinion on the interplay between the Clinical Trials Regulation (“CTR”) and the General Data Protection Regulation (“GDPR”).… Continue reading

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalized ads

Photo of Marcus Evans (UK)Photo of Lara White (UK)Photo of Cécile Auvieux (FR)By Marcus Evans (UK), Lara White (UK) and Cécile Auvieux (FR) on Posted in Compliance and risk management, Cybersecurity, Enforcement, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC.  It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. We focus here on four key aspects … Continue reading

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Photo of Kathleen Scott (US)Photo of Susan Ross (US)Photo of Tristan Coughlin* (US)By Kathleen Scott (US), Susan Ross (US) and Tristan Coughlin* (US) on Posted in Compliance and risk management, Cybersecurity, Enforcement, Fintech, General, Vendor management and transactions
Data Protection Report - Norton Rose FulbrightThe two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other … Continue reading
LexBlog