Going Global Data Privacy & Protection Insights – Monthly Newsletter November 2019

HBS Attorney Analysis


EU Investigations Into Microsoft
by: Chase Langhorne, Esq.

On October 21, the European Data Protection Supervisor (“EDPS”) issued an update on its investigation that began in April 2019 into contracts between Microsoft and EU institutions. “EU institutions” are comprised of the following seven decision making bodies of the EU: the European Parliament, the European Council, the Council of the European Union, the European Commission, the Court of Justice of the European Union, the European Central Bank, and the Court of Auditors.

Cookies – The Need For Regulation
by: Chase Langhorne, Esq.

While we await the completion of the ePrivacy Regulation, countries are taking matters into their own hands by both publishing guidance and issuing fines related to cookie consent mechanisms on websites. The existing ePrivacy Directive was published in 2009. Upon the passage of GDPR in 2018, an updated ePrivacy Regulation was expected, but to date there has been no sign of it

Country Of Georgia Hit By Massive Cyber Attack
by: Richard Sheinis, Esq.

More than 2,000 websites, including court websites and the national TV station, were knocked out by a massive cyber attack in the country of Georgia. A state sponsored political attack is suspected as many of the website home pages were…

Singapore’s Privacy Watchdog Issues Two Fines
by: Richard Sheinis,Esq.

Singapore’s Personal Data Protection Commission (“PDPC”) has assessed two large fines against companies for data breaches. The telecommunications company, Tingtel, has been fined $25,000 for a data breach involving its My Singtel mobile app.

Facial Recognition Technology And GDPR Compliance
by: Richard Sheinis,Esq.

A soccer team in Denmark is using facial recognition technology to stop unruly fans, apparently with the approval of the Danish Data Protection Agency (“DDPA”). The technology is used to scan fans as they enter the stadium. The scans are then compared against a list of banned troublemakers to determine if they are allowed into the stadium.

Fighting Fire With Fire: Legal And Ethical Issues Of Active Defense And Hacking Back
by: Sean Cox, Esq.

With the California Consumer Privacy Act (“CCPA”) ready to go into effect in 2020, and other states lined up to follow with similar legislation, there has been a greater push for a federal privacy law. Unless there is a federal privacy law that supersedes state law, businesses will be in the unenviable position of having to navigate the requirements of a myriad of state laws.

Latest News and Headlines


Data Breaches

TransUnion says data on 37,000 Canadians may have been compromised

Georgia hit by massive cyber-attack
BBC News

St. Louis medical center alerts 152,000 patients of data breach
Becker’s Hospital Review

Malware inflicts major cyber attack on Government of Nunavut’s network

Ransomware hits Spanish companies sparking WannaCry panic

Fines and Settlements

The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros
European Data Protection Board

Australia: 81 penalties handed down under the General Data Protection Regulation (GDPR)

Unicredit Bank gets first GDPR-related fine issued in Romania
Business Review EU

Austrian Post fined €18m for GDPR violation
Apex Insight

Polish DPA issues PLN$40K GDPR fine to city mayor

Facebook Pays $643,000 Fine For Role In Cambridge Analytica Scandal

German housing giant fined £12.5m for GDPR violations
IT Pro

United States

Critics say attorney general’s proposed CCPA regulations add confusion, not clarity

Apple Called Out for Sending Data to Tencent
Bloomberg (video)

Senator proposes data privacy bill with serious punishments


Microsoft’s EU Contracts ‘Breach GDPR’

Munich Court Ruling Contains Key Takeaways For Consumer Access Requests Under GDPR And CCPA

Top European Court Rules Pre-Checked Cookie Consent Boxes Invalid
The National Law Review

GDPR in the eyes of the member states

Australia’s regulator to take Google to court over data privacy

Kenya Passes Data Protection Law Crucial for Tech Investments
The New York Times