Weekly Privacy News Update – Episode 38


To comply with EU consumer regulations, Amazon will modify its cancellation policy

After their talk with the European Commission and national consumer protection authorities, Amazon has decided to change its cancellation practices to comply with EU consumer guidelines. In the past, to unsubscribe, European customers had to go through multiple pages with distracting information and confusing button labels. With the planned changes, it will be possible for customers in the EU and European Economic Area to cancel their Amazon Prime subscriptions in two clicks, and a notable cancel button will be featured on the platform.

Source: IAPP, European Commission

DMA and DSA approved by EU Parliament

The European Parliament has passed the Digital Markets Act (DMA) and the  Digital Services Act (DSA). The landmark rules deter tech giants like Google, Amazon, Apple, Facebook, and Microsoft; the regulators’ minimal resources could still hinder enforcement. For DMA violations, companies could be fined up to 10% of annual global turnover and will them to provide business users access to their data. They could face 6% for DSA violations, and a ban on dark patterns and targeted ads for children based on sensitive data will also be implemented.

Source: IAPP, Reuters

CPPA commences the rulemaking process for CPRA

The  California Privacy Protection Agency (CPPA) has officially started the formal rulemaking process for the California Consumer Privacy Rights Act (CPRA). Last June, the CPPA called for draft regulations that maintain pre-existing California Consumer Privacy Act regulations while changing specific provisions and proposing new regulations. The public is encouraged to engage in the rulemaking process by submitting written comments by August 23, or they can attend the public hearing on August 24 and 25.

Source: IAPP, CPPA

Dutch DPA’s version of GDPR found too strict by the EU Commission

The Dutch data protection authority (DPA), Autoriteit Persoonsgegevens(AP), misread the EU General Data Protection Regulation (GDPR), resulting in a strict interpretation according to the European Commission. The AP’s variation creates a serious obstacle for companies to process personal data based on commercial interest since it will require them to receive permission from every data subject.

Source: IAPP, NRC


Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources