In the news this week
Coverage of DLA Piper’s GDPR report.
- EEA breach notifications and fines finds the Netherlands leads Ireland in notified data breaches per capita. France, Germany and Austria top the rankings for the total value of fines imposed to date with just over €51 million, €24.5 million and €18 million respectively.
- Europe’s privacy overhaul has led to $126 million in fines — but regulators are just getting started.
- EU Data Watchdogs Ramp Up New Privacy Powers With Bigger Fines.
- GDPR fine heat map from DLA Piper report (below).
“Clearview” technology might end privacy as we know it. Twitter demands Clearview stops ‘collecting faces’ from its site.
Betting firms were granted access to a database of 28 million children and used it to boost the number of young gamblers by up to 15% in one of Britain’s biggest ever data breaches. DfE refers itself to the ICO as a result.
The European Commission is considering a ban on the use of facial recognition in public areas for up to five years and recommends introducing new rules to bolster existing regulation of privacy and data rights.
NIST Releases Version 1.0 of its Privacy Framework.
ICO issues new ‘transformational’ code to protect children’s privacy online.
A useful comparison of the new Washington Privacy Act to the CCPA.
Microsoft data breach exposes 250 million customer service and support records.
CNIL draft recommendations on cookies and trackers.
US Hospitals give tech giants access to detailed medical records.
Adtech
- ICO blogs about its approach to the ongoing adtech investigation.
- Commentary on the ICO approach to tackling adtech.
- ICO slammed for lack of action against Google on the UK’s ‘largest ever data breach’.
South Africa’s Personal Information Act to enter into force in the second quarter of 2020.
Croatian Presidency tempers expectations on ePrivacy progress.
Fines
- Italian DPA fines Eni Gas and Luce SpA (EGL) €11.5 million (€8.5m and €3m) for unlawfulness of the processing (consent).
- Romanian DPA fines SC Enel Energie S.A. €6,000 for unlawfulness of the processing (consent).
Previous Privacy Updates can be found here.
