European Border and Coast Guard Agency criticized for data protection law violation
The European Data Protection Supervisor (EDPS) issued a reprimand to the European Border and Coast Guard Agency for violation of the Data Protection Regulation (EU) 2018/1725. The agency moved to the cloud without an appropriate data protection assessment. The agency’s cloud servers also failed to show limits on collection of necessary personal data. A review of the agency’s data protection impact assessment and record of processing activities has been requested by the EDPS.
EUR 3.7 million issued to Dutch tax authorities for GDPR violations
Tax authorities face a EUR 3.7 million fine, the highest issued by the Dutch data protection authority (DPA), Autoriteit Persoonsgegevens, for GDPR violations. Six violations were found, including keeping information for too long, maintaining incorrect or outdated data, and a lack of legal basis for the processing of personal data. The tax authorities can still appeal the decision.
Source: IAPP, Autoriteit Persoonsgegevens
An update on the Connecticut privacy law
Connecticut’s privacy law, Senate Bill 6, will possibly be heard on the floor this week. The legislation will involve personal data privacy and online monitoring. The bill contains similar provisions to the Colorado Privacy Act, which was passed last year. Opponents of the bill include business groups, who believe that access to personal data is essential to their work, and a group of lawyers, who take issue with enforcement being limited to the attorney general. If passed, the law will go into effect on July 1, 2023.
Source: IAPP, Hartford Courant
Appeals for privacy enhancement in Australia
With the coming federal elections in May, the Australian Privacy Foundation (APF) published a request for privacy improvements connected to regulation and company policies. Some of the changes they call for include updating the definition of consent to require “active and properly informed consent,” removing Privacy Act exemptions, and giving citizens the means to take legal action for privacy breaches. The APF has called for amendments to the Australian Broadcasting Corporation Act of 1983 to lessen the sharing of re-identifiable personal data.