12 Nov Going Global Data Privacy & Protection Insights – Monthly Newsletter November 2019
HBS Attorney Analysis
On October 21, the European Data Protection Supervisor (“EDPS”) issued an update on its investigation that began in April 2019 into contracts between Microsoft and EU institutions. “EU institutions” are comprised of the following seven decision making bodies of the EU: the European Parliament, the European Council, the Council of the European Union, the European Commission, the Court of Justice of the European Union, the European Central Bank, and the Court of Auditors.
While we await the completion of the ePrivacy Regulation, countries are taking matters into their own hands by both publishing guidance and issuing fines related to cookie consent mechanisms on websites. The existing ePrivacy Directive was published in 2009. Upon the passage of GDPR in 2018, an updated ePrivacy Regulation was expected, but to date there has been no sign of it
More than 2,000 websites, including court websites and the national TV station, were knocked out by a massive cyber attack in the country of Georgia. A state sponsored political attack is suspected as many of the website home pages were…
Singapore’s Personal Data Protection Commission (“PDPC”) has assessed two large fines against companies for data breaches. The telecommunications company, Tingtel, has been fined $25,000 for a data breach involving its My Singtel mobile app.
A soccer team in Denmark is using facial recognition technology to stop unruly fans, apparently with the approval of the Danish Data Protection Agency (“DDPA”). The technology is used to scan fans as they enter the stadium. The scans are then compared against a list of banned troublemakers to determine if they are allowed into the stadium.
With the California Consumer Privacy Act (“CCPA”) ready to go into effect in 2020, and other states lined up to follow with similar legislation, there has been a greater push for a federal privacy law. Unless there is a federal privacy law that supersedes state law, businesses will be in the unenviable position of having to navigate the requirements of a myriad of state laws.
Latest News and Headlines
Georgia hit by massive cyber-attack
St. Louis medical center alerts 152,000 patients of data breach
Becker’s Hospital Review
Fines and Settlements
European Data Protection Board
Unicredit Bank gets first GDPR-related fine issued in Romania
Business Review EU
Austrian Post fined €18m for GDPR violation
Apple Called Out for Sending Data to Tencent
Top European Court Rules Pre-Checked Cookie Consent Boxes Invalid
The National Law Review
Kenya Passes Data Protection Law Crucial for Tech Investments
The New York Times