Weekly Privacy News Update – Episode 12

JAN 3 featured image

EDPB publishes breach notification, handling guidelines

New guidelines for examples of data breach notifications were published by the European Data Protection Board (EDPB). These focus on definitive recommendations and best practices on managing data breaches and risk assessment. Incidents in the guidelines include ransomware attacks, human error, lost or stolen devices, and more. The guidelines were based on the deliberations from last December’s EDP plenary.

Source: IAPP, EDPB

New ICO commissioner John Edwards starts his term

The U.K.’s latest Information Commissioner, John Edwards, started his five-year term for the role last January 4. Having spent eight years as New Zealand Privacy Commissioner, he gave comments on his new position saying, “privacy is a right, not a privilege” and that “we all deserve to have our data treated with respect.” He also wants to start for companies to “respect our privacy with ease whilst still reaping the benefits of data-driven innovation.” Edwards expresses the need to make sure people can manage their data and “access remedies if things go wrong.”


Mobile telephone operator and finance company faces penalty for GDPR violations

French DPA Commission nationale de l’informatique et des libertés (CNIL) issues EUR 300,000 fine to mobile phone operator for violations of EU General Data Protection Regulation. The company allegedly failed to respond to their customer’s request to access their personal data during enforced time limits and failed to secure personal data through sharing the passwords of their users via email after subscribing to offers. Slimplay, a finance company, faces a EUR 180,000 fine from CNIL for the lack of security on its user’s personal data and the incorrect notification of a data breach that affected 12 million people in February 2020.


Google and Facebook face EUR 210 million ePrivacy penalty

Google and Facebook face a combined EUR 210 million penalty from CNIL, France’s data protection authority, for cookie violations covered by the ePrivacy Law. According to CNIL the companies prohibited French users to deny tracking through cookies freely. Up to EUR 60-90 million worth of penalties was given to Google’s U.S. and Irish operation, and 60 million to Facebook Ireland. Another possibility of EUR 100,000 daily fines if the users were not given an option to opt-out of tracking within three months.


Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources