Weekly Privacy Update: November 19th

Week‌ ‌in‌ ‌Review‌ 

This week, we have some trending stories for you from the world of privacy.   

The top privacy trends for this year highlight the essential levers that companies need to use in the next few years to manage liability and foster trust when handling personal data. 

OnlyFans has been included in a class-action lawsuit filed under Illinois’ biometrics privacy law, alleging that the company illegally scanned the faces of content creators in the state when they were forced to authenticate their age and identity using a facial recognition tool. 

The CNIL has developed an awareness guide to the general data protection regulations (GDPR) to assist associative structures in their compliance with its objectives: to recall the main concepts to know, the main principles to respect, and to propose an adapted action plan. 

Furthermore, an Ireland High Court judge has granted WhatsApp’s European arm permission to appeal the Data Protection Commission’s decision to penalize it €225 million. Also, Transavia was fined €400,000 by the Dutch Data Protection Authority (DPA) for poor personal data security. 

Top Stories and Updates 

The future of privacy: What businesses should plan for 

More than 60% of the world’s population will be able to use their privacy rights under existing or new privacy legislation within two years. According to Gartner, major firms’ average annual privacy budgets would top $2.5 million by 2024, “enabling a transition from compliance ethics to competitive differentiation.” By 2026, “enterprises that mismanage personal data will suffer three times more financial damage from class lawsuits and mass claims than from regulatory sanctions,” the report states. Read more here

OnlyFans sued for biometric data privacy claims

OnlyFans’ system for verifying the age and identity of content providers violated the Illinois Biometric Information Privacy Act. For verification, the subscription-based social media network requires content authors to take a selfie. As a result, it collected the face biometrics of over 2 million people around the world without disclosing how the information would be used or when it would be erased. According to the complaint, several of the users were from Illinois. It is seeking monetary penalties ranging from $1,000 to $5,000 per violation, plus attorneys’ expenses. Read more here.  

France: CNIL published guide to support organizations in GDPR compliance

The French data protection authority has released a guide to assist charitable, political, and other groups in complying with the EU’s General Data Protection Regulation. The guide lays out the legal framework for data protection, includes standards for organisation and professional practices, and a compliance action plan that walks you through the many stages of compliance. “These structures may need to examine and adapt their working procedures to comply with the GDPR,” the CNIL stated. Read more here

WhatsApp Ireland given permission to protest DPC’s €225 million fine

WhatsApp Ireland granted permission from a High Court judge to appeal the Data Protection Commission of Ireland’s EUR 225 million fine (DPC). This is due to the messaging platform’s violation of the EU GDPR’s transparency principles. The company claims that the high fine infringes on its constitutional property rights, and it has asked for the DPC’s decision to be overturned. Read more here

Dutch DPA fined Transavia airline €400,000 for poor personal data security

On 12 November 2021, the Dutch Data Protection Authority (DPA) fined Transavia airline €400,000 for violating Article 32 of the GDPR following a security breach. A hacker was able to breach Transavia’s networks in 2019, potentially gaining access to the data of 25 million passengers. Due to this poor security, the hacker downloaded the personal information of 83,000 people. Furthermore, the AP stated that Transavia notified them of the incident promptly and took numerous steps to protect the personal data of all end users and devices. Read more here

Seers Subject Request Management solutions enable businesses to process & manage all their data subject access requests easily and make sure they comply with GDPR and ePrivacy Regulations. 

For more information visit: Seers Data Subject Access Requests

Book a free demo

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month