seers-logo-1.svg

Privacy Updates This Week

Data protection bodies are becoming very stringent about cookie law compliance across the EU. General Data Protection Regulation (GDPR) outlines strict guidelines for companies to adhere to. Failure to do so results in bitter consequences such as in the case for Amazon and Google this week.

So, let’s get into the top stories of the week.

Top Stories and Updates

French CNIL fines Google £90M for breaching cookies law

France’s data privacy watchdog has handed out its biggest ever fine of £90M to Alphabet’s Google for breaching the country’s rules on online advertising trackers in the shape of cookies. This is an iconic fine in the cookie compliance category and sets out the tone for future negligence of any other company in the area.

Read more here.

The CNIL fines Amazon £31M for breaching cookies law

Amazon has been fined for £31M for breaching the cookie law along with Google. The CNIL is one of the most active data protection agencies that have ensured compliance among all big to small sized businesses. Through this fine it future establishes its stance on data protection and GDPR enforcement. Amazon and Google are both penalised under the cookie law for breach of the GDPR.

Read more here.

Apple and Cloudflare’s DNS addresses a gap in the privacy protections

Apple and Cloudflare introduced a new privacy protocol DNS to protect users’ internet traffic. The technical fix addresses a major gap in the privacy protections of the internet’s routing infrastructure. Currently, the users’ requests for websites are expressed in cleartext.

This means that ISPs can effectively see both the website address and the IP address that identifies the device from which a user browses. There is a lack of anonymization in the data collected. This is a direct violation of the GDPR law.

The new Oblivious DNS would engrain privacy protections into the fundamental addressing infrastructure of the internet and help in improving the compliance with the necessary laws in place.

Read more here.

Litigation Chamber rules on validity of employee consent under GDPR

The Litigation Chamber of the Data Protection Authority (DPA) provided its decision that introduces clarifications on the validity of employee consent. The Litigation Chamber gave practical guidelines concerning the purpose limitation principle (Article 5(1)(b) of the GDPR).

The DPA decided that:

  • The free consent of employees was possible and could be valid if all other conditions of Article 4.11 of the GDPR were fulfilled; and
  • The data was collected for a specified and legitimate purpose but the purpose of the processing was not explicit.

This sets the precedent for all cases in future of the DPA’s jurisdiction.

Read more here.

US President signs IoT cybersecurity improvement bill into law

On December 4, 2020, President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government.

The legislation, H.R. 1668, passed the House in September and the Senate in November. It has now been converted and approved to become the law throughout the nation.

Read more here.

Are all non-compliant companies prone to fines?

Yes, any non-compliant company can be fined under the GDPR, LGPD, ePrivacy, CPPA, CCPA and other valuable data protection frameworks. However, we promise that we are here for you, whenever you need any help with legal compliance we will be ready to serve you.

Public Notice: Important information on Brexit and data protection

During the transition period until 31 December 2020 while the UK and EU negotiate additional arrangements. The GDPR will be retained in domestic law at the end of the transition period, but the UK will have the independence to keep the framework under review. Some important considerations are going to influence the data protection and business activity after the transition period is over.

You may be exposing your business to risk and potential damages. Seers can help you mitigate these challenges with a 30 minutes complimentary consultation with a leading privacy expert that you can book here. You can use this free consultation to reduce any chances of litigation, fines and reputational damage by identifying any key gaps/ risks and implementing strategies to mitigate these risks and any potential threats to the bare minimum.

Book your free 30 minutes Brexit privacy compliance consultation now!

Consumer Privacy Protection Act