Weekly Privacy News Update – Episode 26

Weekly Privacy News Update – Episode 25 featured image

European Border and Coast Guard Agency criticized for data protection law violation

The European Data Protection Supervisor (EDPS) issued a reprimand to the European Border and Coast Guard Agency for violation of the Data Protection Regulation (EU) 2018/1725. The agency moved to the cloud without an appropriate data protection assessment. The agency’s cloud servers also failed to show limits on collection of necessary personal data. A review of the agency’s data protection impact assessment and record of processing activities has been requested by the EDPS.

Source: IAPP, EDPS

EUR 3.7 million issued to Dutch tax authorities for GDPR violations

Tax authorities face a EUR 3.7 million fine, the highest issued by the Dutch data protection authority (DPA), Autoriteit Persoonsgegevens, for GDPR violations. Six violations were found, including keeping information for too long, maintaining incorrect or outdated data, and a lack of legal basis for the processing of personal data. The tax authorities can still appeal the decision.

Source: IAPP, Autoriteit Persoonsgegevens

An update on the Connecticut privacy law

Connecticut’s privacy law, Senate Bill 6, will possibly be heard on the floor this week. The legislation will involve personal data privacy and online monitoring. The bill contains similar provisions to the Colorado Privacy Act, which was passed last year. Opponents of the bill include business groups, who believe that access to personal data is essential to their work, and a group of lawyers, who take issue with enforcement being limited to the attorney general. If passed, the law will go into effect on July 1, 2023.

Source: IAPPHartford Courant

Appeals for privacy enhancement in Australia

With the coming federal elections in May, the Australian Privacy Foundation (APF) published a request for privacy improvements connected to regulation and company policies. Some of the changes they call for include updating the definition of consent to require “active and properly informed consent,” removing Privacy Act exemptions, and giving citizens the means to take legal action for privacy breaches. The APF has called for amendments to the Australian Broadcasting Corporation Act of 1983 to lessen the sharing of re-identifiable personal data.

Source: IAPP, iTWire

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources