Andreea Lisievici, Author at The PrivacyCraft Blog

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case

Datatilsynet, Denmark, Enforcement, EU law, GDPR, Google | July 29, 2024

The Danish Data Protection Authority (Datatilsynet) reports that municipalities are taking steps to comply with the orders issued in January 2024. KL (Local Government Denmark), representing 52 municipalities, announced that from August 1, 2024, municipalities will stop sharing personal data with Google for purposes deemed unlawful by the Authority. Datatilsynet noted contract adjustments ensuring data processing strictly follows municipal instructions, except as required by EU law. Allan Frank, IT security specialist at Datatilsynet, highlighted remaining issues. The Authority awaits an opinion from the European Data Protection Board on documentation of subprocessors to make a final assessment.

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case Read More »

New DPO Regulation in Brazil

ANPD, Brazil, DPO | July 29, 2024

On 17 July 2024, the Brazilian data protection authority (ANPD) issued Resolution CD/ANPD No. 18, detailing the roles and responsibilities of Data Protection Officers (DPOs). This regulation outlines the formal appointment process, required qualifications, and the specific duties of DPOs. It mandates public disclosure of the DPO’s identity and contact information. Additionally, it specifies the duties of data controllers and processors in supporting DPOs and ensuring compliance with data protection laws.

New DPO Regulation in Brazil Read More »

Turkish SCCs and BCRs Now in Effect

Data Transfers, KVKK, SCCs, Turkey | July 29, 2024

On 10 July 2024, the Personal Data Protection Authority (KVKK) in Turkey released documents on standard contracts (SCCs) and Binding Corporate Rules (BCRs) to ensure appropriate safeguards for international data transfers. These documents follow the public consultation of draft versions and align with the amended Article 9 of the Law on Protection of Personal Data No. 6698. The publications include standard contractual clauses for 4 scenarions similar to the EU ones, as well as binding corporate rules application forms and companion guides detailing essential issues for both data controllers and processors.

Turkish SCCs and BCRs Now in Effect Read More »

Italian Competition Authority Initiates Investigation into Google for Unfair Practices

Competition, EU law, Google, Italy | July 29, 2024

The Italian Competition Authority has initiated an investigation against Google and its parent company Alphabet for potential misleading and aggressive commercial practices regarding user consent. The Authority alleges that Google’s consent requests for linking services lack adequate, complete, and clear information, potentially influencing users’ decisions on data usage. These practices might condition consumers’ freedom of choice, leading them to consent to data combination and cross-use across multiple services without full understanding.

Italian Competition Authority Initiates Investigation into Google for Unfair Practices Read More »

Nigeria’s FCCPC Fines Meta and WhatsApp USD 220M for Privacy Violations

Enforcement, Meta, Nigeria | July 29, 2024

On 18 July 2024, the Federal Competition and Consumer Protection Commission (FCCPC) of Nigeria has imposed a $220 million fine on Meta Platforms Inc. and WhatsApp LLC for breaching data privacy laws. The breaches include enforcing an updated privacy policy that violated Nigerian consumer rights, coercing users into accepting terms without proper consent, and sharing user data with third parties. Additionally, Meta was found to have discriminated against Nigerian users compared to European users by offering fewer protections. The fine must be paid within 60 days, along with a $35,000 reimbursement for the investigation costs.

Nigeria’s FCCPC Fines Meta and WhatsApp USD 220M for Privacy Violations Read More »