Weekly Privacy News Update – Episode 53


The Council of the European Union pushes on with Data Act

The Czech Presidency of the Council of the European Union made changes to the proposed Data Act before the scheduled discussion on Nov. 8. The modifications include an alignment of language regarding international data transfers to what is in the Data Governance Act.   Changes to provisions for enforcement and interoperability are also part of the modifications. The Data Act will regulate how data can be accessed, shared, and transferred.


SolarWinds to pay $26 million settlement tentatively for data breach

SolarWinds will tentatively pay the $26 million settlement in filing with the US Securities and Exchange Commission (SEC). The settlement is for the shareholder lawsuit on the company’s cybersecurity disclosures before the data breach. The software company did not admit the violation, which requires approval by a judge. SolarWinds also received a Wells notice from the SEC, maintaining that the company violated US securities law.

Source: Reuters, IAPP

TikTok’s privacy policy revamp in Europe discloses data access

TikTok amended its European privacy policy and disclosed the details of the company’s access to user data. The revised privacy notice is applied to users in the European Economic Area, the UK, and Switzerland. The updated privacy policy reveals that China is one of the several countries where employees can access user data for critical functions. According to Elaine Fox, TikTok’s Privacy Head in Europe, company employees in other countries can access data to manage a consistent, enjoyable, and safe user experience. TikTok is under GDPR investigation for the platform’s data exports to China, headed by Ireland’s Data Protection Commission (DPC).

Source: TechCrunch, IAPP

CPPA launches a 15-day comment period for CPRA draft regulations

A 15-day comment period was announced by the California Privacy Protection Agency (CPPA) for the California Privacy Rights Act (CPRA) draft regulations. It will run until Nov. 21. The public consultation was launched following the approval of the modified draft regulations by the CPPA Board. The final regulations are aimed to be in place before the end of 2022.

Source: CPPA, IAPP

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources