Weekly Privacy News Update – Episode 45


Advocacy groups ask Pelosi to pass ADPPA

Advocacy groups sent a letter to US House Speaker Nancy Pelosi, D-Calif., asking her to consider and pass the American Data Privacy and Protection Act (ADPPA). The letter praised the inclusion of civil rights protection for consumers in the US. It showed relief that the preemption provisions are better than existing state privacy laws, such as the California Privacy Rights Act (CCPA). The ADPPA got into resistance from California lawmakers concerned it may undermine their state privacy law. Pelosi says she is engaged in addressing California’s concerns with a bipartisan bill allowing US consumers cross-sector data privacy protections.

SourceBloomberg Law, IAPP

Initial CPPA enforcement penalizes cosmetics giant Sephora

Last Aug. 24, California Attorney General Rob Bonta announced a $1.2 million fine for cosmetics giant Sephora. The company is the first to be publicly penalized for California Consumer Privacy Act (CCPA) violations, and it will also be required to comply with specific terms. Allegedly Sephora failed to a “Do Not Sell My Personal Information” link the CCPA requires; was unable to provide a notice of the sale of personal information for the customers. The company also failed to provide two or more methods to opt-out of such sales and did not process requests to opt-out via user-enabled Global Privacy Controls (GPC). A 30-day right to cure notice was given to Sephora, but it failed to correct the issues, which resulted in the enforcement action.

Source: TechRepublic, Mondaq, JD Supra

Facebook will settle a federal lawsuit for allowing third-parties access to user data

Facebook has, in principle, agreed to settle a lawsuit in the San Francisco federal court for allowing third parties to access private user data. Among the third parties is Cambridge Analytica, a former U.K. political consulting firm. The parties have made a 60-day request to work out the settlement, but the settlement terms have not been disclosed.

Source: Reuters, IAPP

New Zealand seeking to expand data collection notification rules

The Ministry of Justice of New Zealand is seeking public consultation for Possible amendments to data collection notification provisions under the Privacy Act 2020. The ministry is exploring amendments covering “when an agency collects their personal information indirectly through a third party” to boost transparency. The amendments proposed are established to make New Zealand up-to-date with privacy laws and include a specific note to support cross-border data flows. The deadline for public consultation is on Sept. 30.

Source: Ministry of Justice, IAPP

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources