Week in Review
This week has been exciting as Seers completed its participation in ICO’s Regulatory Sandbox to enhance its CMP to preserve children’s privacy. The report aims to achieve the benefits of ensuring data protection on consent management platforms for child privacy.
Also, the UK’s Information Commissioner’s Office (ICO) demands Information Society Services (ISS) to comply with the code’s age-appropriate application standard, to implement age assurance methods for processing children’s data.
Microsoft has designed a new tool to assist organisations in structurally managing privacy rights. Furthermore, Amazon filed an appeal against a fine imposed by the Luxembourg Administrative for violating the GDPR.
Also, California has strengthened its legislation for securing the management of genetic information by updating the California Privacy Rights Act (CPRA).
And finally, China’s most awaited PIPL will take effect next month, which will set comprehensive rules for companies to handle the personal data of individuals. The businesses have little more than one week to prepare for the new challenge.
Top Stories and Updates
ICO’s Sandbox Seers Report: Benefits of Consent Management Platform for Child Privacy
Seers have been working with the ICO’s Sandbox to enhance its CMP for its clients in a way that respects children’s privacy with the EU’s GDPR and ICO’s AADC. The Seers CPCMP feature enables kids to provide informed consent to process their data on their website and displays age-appropriate information about the cookies and scripts used on a client’s website. Read more here.
ICO has issued a call for evidence on the usage of age assurance under the Children’s Code
The UK’s Information Commissioner’s Office (ICO) aimed at providers of Information Society Services (ISS) to meet the code’s age-appropriate application standard, as well as a risk-based approach for organisations to implement age assurance measures that are appropriate for their use of children’s data within their organisational context. The opinion explains various methods of assurance, such as age verification, age estimation, account confirmation, and self-declaration that are likely to result in a high risk to children’s privacy. Read more here.
Privacy Management for Microsoft 365 is now generally available
On 19 October 2021, Microsoft announced the Privacy Management for Microsoft 365, a tool designed to assist organisations to get insight into privacy risks, subject-rights requests, automate privacy operations, and educate employees on how to appropriately manage personal information. They discover that the organisations facing issues in managing privacy and storing personal data, especially in an unstructured scenario. Read more here.
Amazon appeals a fine of $865M imposed by the Data Protection Authority
Amazon filed an appeal with the Luxembourg Administrative Tribunal challenging a fine of $865 million imposed by the country’s Data Protection Authority (DPA) in July for violating EU’s privacy law. This record-breaking penalty is the greatest ever imposed under the GDPR. According to Bloomberg, the fine reportedly related to Amazon’s personal data processing. Though neither Luxembourg’s DPA nor Amazon has discussed the case’s specifics. Read more here.
Three more California privacy bills that have become law, CPRA
Last week, California, Gov. Gavin Newsom signed three new privacy bills into law. The California Legislature updated the California Privacy Rights Act (CPRA) by clarifying the timeline for its rulemaking, expanding California’s data breach notification legislation to cover genetic data, and enacting a new law to further secure genetic data through the bills. Read more here.
China’s first Personal Information Protection Law (PIPL): Things you must know
On August 20, 2021, China’s Personal Information Protection Law (PIPL) was finally enacted, and it will take into effect on November 1, 2021. The PIPL focuses on personal information protection, sets comprehensive rules for companies on how to process personal data of individuals, and regulates the lifecycle process of handling personal information. It supplements the existing privacy rules established by the Cybersecurity Law and the Data Security Law. Read more here.
Let Seers assist you towards the latest and upcoming data privacy challenges worldwide and protect yourself from fines and litigation.
