Weekly Privacy News Update – Episode 43

EDPB announced a binding decision on the fine handed by CNIL

The European Data Protection Board (EDPB) gave a binding decision under the EU General Data Protection Regulation’s (GDPR) Article 65 dispute resolution mechanism. The decision is linked to a EUR 600,000 penalty given by France’s data protection authority, Commission nationale de l’informatique et des libertes (CNIL). The fine was issued to French hotel chain Accor which allegedly distributed nonconsensual marketing messages to their customers. The action for Article 65 was generated by supervisory authorities concerned with the planned sum for the penalty of CNIL.

Source: EDPB, IAPP

CPPA issues a letter disputing the American Data Privacy and Protection Act

A letter opposing the American Data Privacy and Protection Act (ADPPA) was sent by the California Privacy Protection Agency (CPPA) to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy. The bill advanced out of the House Energy and Commerce Committee and will probably take over California’s privacy law with watered-down protections and weakens the CPPA’s directive to ensure the privacy of Californians.

Source: CPPA, IAPP

Tech giants are getting ready for the EU Digital Markets Acts

US-based tech giants are preparing their intentions to comply with or challenge the EU Digital Markets Act (DMA). According to Gerard de Graaf, European Commission Directorate-General for Communications Networks, Content and Technology, “there will be litigation, no doubt.” The Commission’s office in San Francisco will soon have discussions with some Silicon Valley firms that are on the DMA radar.

Source: Politico, IAPP

Amendments to Russian data protection law will start enforcement on Sept. 1

Russia’s data protection authority, the Roskomnadzor, outlines the Federal Law on Personal Data amendments that will start its enforcement on Sept. 1. Included in the amendments are data breach notification and language prohibiting contractual data processing that includes conditions to restrict data subject rights. Future amendments planned by the Roskomnadzor will have harsher penalties and liability schemes around data breaches.

Source: Roskomnadzor, IAPP

More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author