The U.K. government recently launched a consultation proposing significant changes to the U.K. General Data Protection Regulation (UK GDPR). The U.K. aims to craft a bespoke “pro-growth and pro-innovation regime whilst maintaining…world-leading data protection standards.” The Consultation sets out in detail the significant reforms which the U.K. government seeks to implement – at the potential risk of losing its adequacy status for data transfers from the EU.
Category: GDPR
British Airways Faces Significantly Reduced £20M Fine for GDPR Breach
At £20 million, the fine imposed on British Airways for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO). Whilst markedly lower than the fine initially proposed, the process by which the revised figure was reached provides some interesting insights on the factors that regulators will take into account and is a clear sign that despite the current economic climate, the ICO is not afraid to enforce strict GDPR compliance.
For the full alert, visit the Faegre Drinker website.
New Washington State Privacy Bill Incorporates Some GDPR Concepts
A new bill, titled the “Washington Privacy Act,” was introduced in the Washington State Senate on January 18, 2019. If enacted, Washington would follow California to become the second state to adopt a comprehensive privacy law.
Similar to the California Consumer Privacy Act (CCPA), the Washington bill applies to entities that conduct business in the state or produce products or services that are intentionally targeted to residents of Washington and includes similar, though not identical size triggers. For example, it would apply to businesses that 1) control or process data of 100,000 or more consumers; or 2) derive 50 percent or more of gross revenue from the sale of personal information, and process or control personal information of 25,000 or more consumers. The bill would not apply to certain data sets regulated by some federal laws, or employment records and would not apply to state or local governments.
Continue reading “New Washington State Privacy Bill Incorporates Some GDPR Concepts”
European Union Adopts Adequacy Decision For Safe Data Flows With Japan
On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data. Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations. Japan adopted an equivalent decision with the EU on January 22, 2019. These reciprocal findings of adequacy will create the largest area of safe data flows in the world.
Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”
CNIL issues $57 million dollar fine under GDPR
Issues of lack of transparency and consent formed the basis of the CNIL’s $57 million dollar fine against Google under the GDPR. CNIL is France’s highest ranking data-privacy agency. It’s the first large penalty for a U.S. technology company since the GDPR went into effect last May.
Continue reading “CNIL issues $57 million dollar fine under GDPR”
First Notice Filed Under GDPR against Canadian Analytics Firm
The UK Information Commissioner’s Office (ICO) has issued an Enforcement Notice against a Canadian data analytics firm, AggregateIQ (AIQ) that allegedly produced targeted advertisements for pro-Brexit campaigns. This action is the first enforcement Notice issued under the GDPR.
Continue reading “First Notice Filed Under GDPR against Canadian Analytics Firm”