Weekly Privacy Update: October 22nd

Week‌ ‌in‌ ‌Review‌ 

This week has been exciting as Seers completed its participation in ICO’s Regulatory Sandbox to enhance its CMP to preserve children’s privacy. The report aims to achieve the benefits of ensuring data protection on consent management platforms for child privacy. 

Also, the UK’s Information Commissioner’s Office (ICO) demands Information Society Services (ISS) to comply with the code’s age-appropriate application standard, to implement age assurance methods for processing children’s data.  

Microsoft has designed a new tool to assist organisations in structurally managing privacy rights. Furthermore, Amazon filed an appeal against a fine imposed by the Luxembourg Administrative for violating the GDPR.  

Also, California has strengthened its legislation for securing the management of genetic information by updating the California Privacy Rights Act (CPRA). 

And finally, China’s most awaited PIPL will take effect next month, which will set comprehensive rules for companies to handle the personal data of individuals. The businesses have little more than one week to prepare for the new challenge.  

Top Stories and Updates 

ICO’s Sandbox Seers Report: Benefits of Consent Management Platform for Child Privacy 

Seers have been working with the ICO’s Sandbox to enhance its CMP for its clients in a way that respects children’s privacy with the EU’s GDPR and ICO’s AADC. The Seers CPCMP feature enables kids to provide informed consent to process their data on their website and displays age-appropriate information about the cookies and scripts used on a client’s website. Read more here

ICO has issued a call for evidence on the usage of age assurance under the Children’s Code

The UK’s Information Commissioner’s Office (ICO) aimed at providers of Information Society Services (ISS) to meet the code’s age-appropriate application standard, as well as a risk-based approach for organisations to implement age assurance measures that are appropriate for their use of children’s data within their organisational context. The opinion explains various methods of assurance, such as age verification, age estimation, account confirmation, and self-declaration that are likely to result in a high risk to children’s privacy. Read more here

Privacy Management for Microsoft 365 is now generally available

On 19 October 2021, Microsoft announced the Privacy Management for Microsoft 365, a tool designed to assist organisations to get insight into privacy risks, subject-rights requests, automate privacy operations, and educate employees on how to appropriately manage personal information. They discover that the organisations facing issues in managing privacy and storing personal data, especially in an unstructured scenario. Read more here

Amazon appeals a fine of $865M imposed by the Data Protection Authority

Amazon filed an appeal with the Luxembourg Administrative Tribunal challenging a fine of $865 million imposed by the country’s Data Protection Authority (DPA) in July for violating EU’s privacy law. This record-breaking penalty is the greatest ever imposed under the GDPR. According to Bloomberg, the fine reportedly related to Amazon’s personal data processing. Though neither Luxembourg’s DPA nor Amazon has discussed the case’s specifics. Read more here

Three more California privacy bills that have become law, CPRA

Last week, California, Gov. Gavin Newsom signed three new privacy bills into law. The California Legislature updated the California Privacy Rights Act (CPRA) by clarifying the timeline for its rulemaking, expanding California’s data breach notification legislation to cover genetic data, and enacting a new law to further secure genetic data through the bills. Read more here

China’s first Personal Information Protection Law (PIPL): Things you must know 

On August 20, 2021, China’s Personal Information Protection Law (PIPL) was finally enacted, and it will take into effect on November 1, 2021. The PIPL focuses on personal information protection, sets comprehensive rules for companies on how to process personal data of individuals, and regulates the lifecycle process of handling personal information. It supplements the existing privacy rules established by the Cybersecurity Law and the Data Security Law. Read more here

Let Seers assist you towards the latest and upcoming data privacy challenges worldwide and protect yourself from fines and litigation.

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month