RD Privacy Pulse - Weekly Privacy News

11.12.24?

Welcome to the latest edition of RD PRIVACY PULSE, our weekly newsletter, designed to keep you updated on the most recent developments in data protection and privacy regulations in the EEA/UK and globally. Here are the key highlights from this week:?

?

?? Latest GDPR Updates ???

?? CNIL fined Orange €50M for inserting ads into emails and using cookies after consent withdrawal.?

?? Meta to limit advertisers’ access to health-related user data starting January, impacting marketing strategies.?

?? EDPS is reviewing the European Commission’s compliance with its March 2024 decision on Microsoft 365 usage.?

?? Maynooth University fined €40,000 for failing to secure employee email accounts, leading to unauthorized access and fraud.?

?? ICO takes action against four public authorities for failing to meet FOI Act obligations, including issuing an enforcement notice to City of London Police.?

?? EDPB issues guidelines on data transfer requests from non-EU authorities, clarifying compliance under GDPR Article 48.?

?? Court of Appeal upholds ICO’s ￡92,000 fine against Doorstep Dispensaree for data protection violations.?

?? CNIL’s health data consultation highlights the need to update guidelines for AI, decentralized trials, and remote monitoring while balancing innovation with data protection.?

?? EDPB Chair urges detailed review of adequacy decisions, focusing on data protection and government access in future evaluations.?

?? EDPB approves Infosys Group’s Controller Binding Corporate Rules, facilitating compliant international data transfers.?

?? ICO’s two-year trial of public sector approach with reduced fines and reprimands, demonstrated improved compliance through reputational impact. Review planned for late 2024.?

?? EDPB adopts statement on GDPR application report, emphasizing the need for legal certainty and coherence in digital legislation.?

?? Latvia’s Data State Inspectorate (DVI) issues guidance on personal data sharing in private social platform discussions, emphasizing compliance with data protection laws.?

?? Luxembourg designates CNPD to enforce the EU AI Act, overseeing AI systems and promoting responsible innovation via a regulatory sandbox.?

?? Norway’s Datatilsynet releases webinar on security incident response, guiding businesses on breach notification requirements and exemptions.?

?? The U.K. Data Use and Access Bill moves to committee stage, aiming to modernize GDPR and reshape ICO functions, with discussions on its impacts ongoing.?

?? EDPB emphasizes the need for coherence between digital legislation and the GDPR, highlighting ongoing efforts to clarify enforcement interplay with the AI Act, EU Data Strategy, and Digital Services Package.??

?? The EU Commission is investigating a covert advertising partnership between Google and Meta that allegedly violated Google’s policies by targeting personalized ads at minors.??

?? A Manchester insurance employee received a six-month suspended sentence for unlawfully accessing over 32,000 customer records without authorization.?

?

?? Top Global Privacy Updates ???

?? HealthAlliance reached a $550K settlement over a cyberattack that exposed data of 242,641 patients due to system vulnerabilities.?

?? Children’s Hospital Colorado fined $548,265 for HIPAA violations after phishing attacks compromised patient data.?

?? Michigan Senate passes bill restricting the sale and collection of reproductive health data, requiring explicit consent and prohibiting geofencing around reproductive health facilities.??

?? Google faces privacy lawsuit for allegedly creating a faceprint database without user consent, violating Illinois biometric privacy law.?

?? Brazil’s Senate approves AI regulation bill, establishing a risk-based framework emphasizing human rights and transparency.??

?? Texas Attorney General Ken Paxton issued enforcement warnings to four companies for alleged data privacy law violations, signaling increased scrutiny of corporate data practices.?

?? New Zealand’s Privacy Commissioner reports a record 1,003 privacy complaints in the last financial year, indicating ongoing issues with privacy practices.??

?? South Korea’s PIPC fines Coupang 1.58 billion won for cybersecurity failures, exposing data of delivery workers and customers.?

?? Gulf Coast Pain Consultants fined $1.19M for HIPAA violations after a breach exposed 34,310 patients’ data due to poor access controls.?

?? Monaco enacts Act No. 1.054, aligning its data protection laws with EU standards, including the GDPR, and establishing a new Personal Data Protection Authority (APDP).??

?? TikTok files emergency motion to delay U.S. ban set for January 19, 2025, pending Supreme Court review. The Department of Justice plans to oppose the request.??

?? U.S. senators reintroduce the Health and Location Data Protection Act to ban data brokers from selling Americans’ sensitive health and location data.??

?? Turkey’s data protection authority, KVKK, fined Meta 11.5 million lira for allowing minors’ accounts to be converted into publicly accessible business profiles, violating children’s privacy.?

?? LinkedIn halts AI model training using Canadian user data amid privacy concerns, following similar actions in the UK and EU.??

?? Hong Kong’s Privacy Commissioner is investigating a data breach at the Electrical and Mechanical Services Department, which exposed personal information of 17,000 individuals due to inadequate data deletion policies.??

?

We remain dedicated to providing you with updates and practical insights to navigate the evolving landscape of data protection regulations in clinical research. Should you have any questions or require further information on any of the topics covered in this newsletter, please feel free to reach out.?

Thank you for your attention and continued partnership.?

Diana?

??

*Disclaimer: This newsletter is intended for informational purposes only and should not be construed as legal advice.?