Going Global Data Privacy & Protection Insights – Monthly Newsletter October 2019

HBS Attorney Analysis


Ecuador Data Breach
by: Chase Langhorne, Esq.

On September 16th the State Attorney General’s Office of Ecuador released a statement (Spanish) indicating that a privacy breach concerning the personal data of Ecuadorian citizens was being investigated…Further investigation has revealed that the breach involved personal data of more than 20 million Ecuadorian citizens, including about 7 million children (some born as early as this spring).

The Court Of Justice Of The European Union Issues A Ruling On The Right To Be Forgotten
by: Chase Langhorne, Esq.

On September 24 the Court of Justice of the European Union (CJEU) issued a landmark ruling on GDPR’s “right to be forgotten.” The case was brought by Google challenging an order, and subsequent fine, issued by the French Data Protection Authority (CNIL), over Google’s choice not to comply with CNIL’s order globally.

The Court Of Justice Of The European Union Issues A Ruling On Cookie Consent Requirements
by: Richard Sheinis, Esq.

On October 1, 2019, the CJEU issued a ruling establishing that consent to use cookies cannot be validly obtained through a pre-checked box. In this particular case, an online gaming company, Planet49 GmbH, had a lottery which required internet users to provide personal data.

German Data Protection Authorities Releases A New Model To Calculate FDPR Fines
by: Richard Sheinis,Esq.

German data protection authorities have published a new model for calculating fines under GDPR, which, is likely to lead to higher fines. While this model is strictly being tested in Germany, since GDPR should be applied equally across the EU, it is possible that this model could be expanded to provide a model for other member states.

U.S. Federal Legislation On Data Privacy Unlikely This Year
by: Richard Sheinis,Esq.

With the California Consumer Privacy Act (“CCPA”) ready to go into effect in 2020, and other states lined up to follow with similar legislation, there has been a greater push for a federal privacy law. Unless there is a federal privacy law that supersedes state law, businesses will be in the unenviable position of having to navigate the requirements of a myriad of state laws.

Latest News and Headlines


Data Breaches

Zendesk discloses 2016 data breach

5 million DoorDash users affected in third-party breach

Data Stolen From 218 Million Words With Friends Users
Consumer Reports

Fines and Settlements

Polish retailer gets €645,000 fine under GDPR for “insufficient organizational and technical safeguards”
Security Boulevard

Turkey fines Facebook $282,000 over privacy breach

A trader was fined 10,000 euros for wanting to create a loyalty card with a customer’s electronic identity card!

United States

On keynote stage, Mactaggart addresses his ‘new’ CCPA

U.S. online privacy rules unlikely this year, hurting big tech

Nevada: Bucking the Wait and See Approach to Consumer Privacy Law
JD Supra

New York’s Breach Law Amendments and New Security Requirements


Ransomware incident to cost Danish company a whopping $95 million

China has released its version of COPPA

CNIL Issues Record-Keeping Guidance
The National Law Review

CAYMAN ISLANDS: New Data Protection Law Comes into Effect
International Trademark Association