Week in Review
This week is insightful as the recent research revealed that the European Union data protection authorities had issued a total of $1.2 billion in fines for violations of the GDPR.
The fines for breaches of the European Union’s landmark privacy law have increased nearly sevenfold over the last year and companies are required to provide a clear legal basis for collecting and processing users’ data.
According to the regulations, companies must provide a clear legal basis for collecting and processing users’ data. Firms must also report authorities within 72 hours of becoming aware of a data breach.
Furthermore, failure to comply can result in substantial fines of up to 4% of a company’s annual global revenues or 20 million euros ($22.8 million), whichever is bigger.
Top Stories and Updates
Google publishes update on privacy sandbox
In a blog post, Google has revised its approach to the Privacy Sandbox that it has launched a multi-year project to develop the Android Privacy Sandbox to introduce additional private advertising options. These will restrict the sharing of user data with third parties and will not employ cross-app identifiers such as advertising ID. Read more here.
Denmark DPA publishes new guidelines on cookies
On 24 February, 2022, the Danish Business Authority (DBA) published guidelines on using third-party cookies and similar tracking technology on government self-service solutions and national web portals used by citizens. According to the DBA, the guidance stipulates that cookies may no longer be used on such solutions and websites if third parties can then use the collected data for their purposes, ensuring the protection of citizens’ personal data. Read more here.
California: employee new privacy rights
As of January 1, 2022, California companies must notify job seekers and employees if they share personal information to third parties unless specified data processing conditions are incorporated in their contracts. Employers should be prepared to react to requests for data access, deletion, correction, portability, and other requests from both employers and employees beginning 1 January, 2023. Read more here.
Priorities for CNIL enforcement in 2022
In 2022, the CNIL has established major enforcement priorities to examine industry compliance, particularly among data brokers, in direct marketing. The CNIL will examine employer compliance using teleworking monitoring techniques. The authority will concentrate on data transfers outside the EU and the contractual connection between controllers and cloud service providers. Read more here.
Oman approves data protection law
Oman has passed its Personal Data Protection Law, which will take effect in February 2023. The law, which establishes a number of data subject rights, emphasises permission and allows for a wide range of exceptions. The Ministry of Transportation, Communications, and Information Technology will be in charge of enforcing it and drafting additional regulations. Read more here.
Upcoming Webinar: “The UK’s New Data Protection Framework: Role of Technology.”
Seers has organised a webinar on “The UK’s New Data Protection Framework: Role of Technology” on 17th March at 16:00 GMT.
Eleonor Duhs (Head of Data Privacy – Bates Wells LLP)
Ralph O’Brien (Global Privacy & Security Advisor – REINBO Consulting)
Zahra Shah (Co-Founder, Non-Executive Director – Seers)
Please register free here.
This webinar will discuss the impact of the UK’s constantly evolving regulatory landscape, new data privacy legislation, and framework.
This speaker will discuss a broad range of topics, including:
- The UK Withdrawal Agreement and the framework for the UK-EU future relationship,
- Essential requirements to implement a privacy program in a modern business environment,
- How to ensure compliance with new data protection and privacy laws such as GDPR, CCPA, CNIL, etc.,
- What are some “tips and tricks” to design a customer transparency journey?
- The role of technology in proactive business operations along with the privacy program.
Our well-known privacy experts will present their real-world experiences in assisting businesses in implementing emerging tech products to operationalise data privacy compliance.
In case you missed the Seers webinar on “Cookie Compliance: Emerging Challenge & Their Solutions,” here is the video recording for you.