Weekly Privacy News Update – Episode 33


New CPRA regulations released by CPPA

The new draft regulations of the California Privacy Rights Acts (CPRA) have been released by the California Privacy Protection Agency (CPPA). The draft includes regulatory topics like privacy notice requirements, mandatory user opt-out signal acknowledgment, personal data collection and use restrictions, etc. The dialogue with stakeholders culminated with the CPPA releasing these draft regulations. The consultation for the draft is slated for the CPPA’s board meeting this June 8.

Source: IAPP, CPPA

Joint investigation for probable GDPR violation by a clothing website

Vinted is under investigation by the collaboration between data protection authorities from Lithuania, the Netherlands, France, and Poland with back from the European Data Protection Board (EDPB). The action was due to potential violations of the EU General Data Protection Regulation (GDPR) after the authorities received a considerable amount of complaints. The authorities created a working group to analyze Vinted’s data storage related to data subject’s rights and personal data processing related to blocking users’ accounts.

Source: IAPP, EDPB

Tim Hortons app investigated for privacy violations

Canadian federal and provincial privacy authorities questioned Tim Hortons’ app for tracking and recording users’ movements daily. The users were led to assume that the app collected data only when it was used. Allegedly the app frequently collected a massive amount of location data like where users lived, worked, and traveled. The fast-food restaurant chain settled to enforce the recommendations to delete the remaining location data under the company or third-party providers and create a privacy management program.

Source: IAPP, Office of the Privacy Commissioner of Canada

Thailand’s data protection law starts enforcement

The enforcement of Thailand’s Personal Data Protection Act (PDPA) started last June 1. The PDPA is the country’s first law made to govern data protection. The law sets out data controller and data processor requirements for public and private bodies and how to receive consent from data subjects before processing, collecting, or disclosing personal data. 8% of businesses have started the first steps towards compliance, while 31% have not, based on a survey of 4,000 businesses by the Thai Board of Trade and the University of the Thai Chamber of Commerce.

Source: IAPP, Bangkok Post

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources