Topic: Enforcement

$1.5 million GoodRx fine is FTC’s first Health Breach Notification Rule action

GoodRx has agreed to pay a $1.5 million civil penalty for allegedly sharing consumers’ data without their permission, in the first enforcement of the FTC’s Health Breach Notification Rule.

02 February 2023

ICO confirms end of 24-hour PECR data breach notification deadline

Days after appearing to backtrack on a commitment to stop enforcing a 24-hour data breach regime applying to communication providers, the UK data regulator has confirmed that it now expects low-risk PECR data notifications to be filed within 72 hours.

02 February 2023

Meta SCC decision referred to EDPB

The Irish Data Protection Commissioner’s investigation into Meta’s use of standard contractual clauses has been referred to the EDPB after member states were unable to find a consensus under the one-stop-shop mechanism.

27 January 2023

Home Depot sharing e-receipts with Meta deemed illegal

Canada’s federal privacy commissioner has warned that practices such as Home Depot’s sharing of e-receipts without obtaining consent could be widespread across various organisations.

26 January 2023

ICO data breach reporting backtrack

Communication service providers must continue to report data breaches within 24 hours, the ICO has said, despite saying a few days ago that it would cease enforcing the requirement.

26 January 2023

Reasoning behind EDPB order to expand WhatsApp inquiry revealed

Objections from Finland, France and Italy drove the EDPB’s order to the Irish Data Protection Commissioner to expand its investigation into WhatsApp.

25 January 2023

Spanish location data decision struck down

A Spanish court has annulled a regulatory decision that backed a telecommunications company’s refusal to provide a data subject with their location data – in an appeal that the regulator declined to resist.

25 January 2023

Belgium opens the door to third party appeals

Belgium’s Constitutional Court has ruled that interested third parties can challenge decisions by the Belgian data watchdog, in a move that could increase pressure on the regulator from NGOs and competitors dissatisfied with investigative outcomes.

25 January 2023

EDPB report bemoans state of EU public cloud procurement

The EDPB has named a lack of bargaining power on the part of public authorities as one of the factors pushing those bodies towards unfavourable and possibly illegal cloud service solutions.

23 January 2023

ICO may ease data breach reporting obligations

The UK data regulator could stop enforcing a 24-hour breach notification requirement for communication service providers as part of an ongoing effort to reduce compliance burdens for businesses.

20 January 2023

Unlock unlimited access to all Global Data Review content