Privacy advocates worried about reduced data breach compensation
Privacy advocates are alarmed by a non-binding opinion issued by the Advocate General of the Court of Justice of the European Union (CJEU). The non-binding opinion could reduce the compensation for data breaches and curb users’ means to enforce privacy rights under the EU General Data Protection Regulation (GDPR). The non-binding opinion stemmed from the case of Austria’s national postal service’s unauthorized calculation of Austrians’ political affiliation violating the GDPR. The Austrian Data Protection Authority (DPA) issued a EUR 18 million fine to the national postal service after the use of personal datasets was offered for marketing services to political parties for advertising. The Austrian Supreme Court referred the case to the CJEU, inquiring whether the award of non-material damages could be limited if the anger of a plaintiff does not go beyond the anger relating to the violation of GDPR rights. This definition would include all types of anger originating from a GDPR violation, according to Schrems, that could result in non-material damages for GDPR violations that will be hardly granted.
Class-action lawsuits filed against Meta Pixel for video tracking
Consumers have filed cases against several companies, from the NFL to NPR, for sharing tracking data on what videos they watch. Since February, at least 47 proposed class-action lawsuits have been filed for violation of the federal Video Privacy Protection Act, claiming that Meta’s Pixel tracking tool violated sent the complainants’ personal video consumption data from online platforms to Facebook without their consent. Many of these companies facing lawsuits host videos, but still, they disclosed the protected data by allowing Meta’s embedded Pixel code to share a digital subscriber’s viewing activity and unique Facebook ID with the social media platform.
Source: Bloomberg Law, IAPP
EU-US Data Privacy Framework executive order hailed by UK DCMS
Michelle Donelan, secretary of state for the UK Department for Digital, Culture, Media, and Sport (DCMS), welcomed US Pres. Joe Biden’s executive order implementing the EU-US Data Privacy Framework. In a DCMS explanatory note, she recognized the development between the UK and US for an adequacy agreement. She expressed that the UK “intends to work expediently” to evaluate improved safeguards and new redress mechanisms. Donelan will also discuss with the UK Information Commissioner for assessment and prepare to introduce adequacy regulations and guidance for organizations and individuals before the UK Parliament in 2023.
Source: UK Department for Digital, Culture, Media, and Sport, IAPP
CNIL working to assist candidates and political parties in complying with data protection law
The Commission nationale de l’informatique et des libertés (CNIL), France’s data protection authority (DPA), has adopted an action plan to assist candidates and political parties comply with data protection law. The CNIL has noted an increase in reports, including 45 investigations of data-related complaints after the 2022 elections. Factors such as the rise of awareness of the EU General Data Protection Regulation (GDPR) have also increased the acknowledgment of the CNIL as the reference authority for personal data protection.