New CPRA regulations released by CPPA
The new draft regulations of the California Privacy Rights Acts (CPRA) have been released by the California Privacy Protection Agency (CPPA). The draft includes regulatory topics like privacy notice requirements, mandatory user opt-out signal acknowledgment, personal data collection and use restrictions, etc. The dialogue with stakeholders culminated with the CPPA releasing these draft regulations. The consultation for the draft is slated for the CPPA’s board meeting this June 8.
Joint investigation for probable GDPR violation by a clothing website
Vinted is under investigation by the collaboration between data protection authorities from Lithuania, the Netherlands, France, and Poland with back from the European Data Protection Board (EDPB). The action was due to potential violations of the EU General Data Protection Regulation (GDPR) after the authorities received a considerable amount of complaints. The authorities created a working group to analyze Vinted’s data storage related to data subject’s rights and personal data processing related to blocking users’ accounts.
Tim Hortons app investigated for privacy violations
Canadian federal and provincial privacy authorities questioned Tim Hortons’ app for tracking and recording users’ movements daily. The users were led to assume that the app collected data only when it was used. Allegedly the app frequently collected a massive amount of location data like where users lived, worked, and traveled. The fast-food restaurant chain settled to enforce the recommendations to delete the remaining location data under the company or third-party providers and create a privacy management program.
Source: IAPP, Office of the Privacy Commissioner of Canada
Thailand’s data protection law starts enforcement
The enforcement of Thailand’s Personal Data Protection Act (PDPA) started last June 1. The PDPA is the country’s first law made to govern data protection. The law sets out data controller and data processor requirements for public and private bodies and how to receive consent from data subjects before processing, collecting, or disclosing personal data. 8% of businesses have started the first steps towards compliance, while 31% have not, based on a survey of 4,000 businesses by the Thai Board of Trade and the University of the Thai Chamber of Commerce.
Source: IAPP, Bangkok Post