07 Oct Going Global Data Privacy & Protection Insights – Monthly Newsletter October 2019
HBS Attorney Analysis
On September 16th the State Attorney General’s Office of Ecuador released a statement (Spanish) indicating that a privacy breach concerning the personal data of Ecuadorian citizens was being investigated…Further investigation has revealed that the breach involved personal data of more than 20 million Ecuadorian citizens, including about 7 million children (some born as early as this spring).
On September 24 the Court of Justice of the European Union (CJEU) issued a landmark ruling on GDPR’s “right to be forgotten.” The case was brought by Google challenging an order, and subsequent fine, issued by the French Data Protection Authority (CNIL), over Google’s choice not to comply with CNIL’s order globally.
German data protection authorities have published a new model for calculating fines under GDPR, which, is likely to lead to higher fines. While this model is strictly being tested in Germany, since GDPR should be applied equally across the EU, it is possible that this model could be expanded to provide a model for other member states.
With the California Consumer Privacy Act (“CCPA”) ready to go into effect in 2020, and other states lined up to follow with similar legislation, there has been a greater push for a federal privacy law. Unless there is a federal privacy law that supersedes state law, businesses will be in the unenviable position of having to navigate the requirements of a myriad of state laws.
Latest News and Headlines
Zendesk discloses 2016 data breach
Data Stolen From 218 Million Words With Friends Users
Fines and Settlements
New York’s Breach Law Amendments and New Security Requirements
CNIL Issues Record-Keeping Guidance
The National Law Review
CAYMAN ISLANDS: New Data Protection Law Comes into Effect
International Trademark Association