Privacy Law Update: October 25, 2021
The COVID-19 pandemic and the evolution of remote/hybrid/office work, compliance issues related to the EU General Data Protection Regulation and California Consumer Privacy Act, emerging laws around the world and throughout the U.S., and more, have shaped the state of the privacy profession in 2021. The “Privacy Governance Report,” produced by the IAPP in collaboration with EY and EY Law, takes an in-depth look at the ongoing effects of privacy leadership, budgets, staff and reporting structures, and the workflow around data subjects and processing vendors over the past year.
In September, the U.K. The Department for Digital, Media, Culture and Sport released a consultation document proposing a raft of changes to the U.K.’s data protection law. Some are small changes and clarifications intended to resolve uncertainties in the EU General Data Protection Regulation’s drafting, while others are fundamental reforms to the operation of the U.K.’s data protection laws and the obligations and protections they bring. Bird & Bird’s Ruth Boardman and Clara Clark Nevola summarize and offer a color-coding scale for assessing the severity of the main changes proposed in the consultation document.
Amazon.com Inc. appealed a record 746 million-euro ($865 million) penalty for allegedly violating the European Union’s tough data-protection rules. The challenge comes after CNPD, Luxembourg’s data protection regulator, where Amazon has its EU base, slapped the U.S. tech giant with the fine in July. The regulator ruled that Amazon violated the bloc’s General Data Protection Regulation, or GDPR, through its processing of users’ personal data. The decision was triggered by a 2018 complaint from French privacy rights group La Quadrature du Net.