Ireland Data Protection Commission Fines WhatsApp Ireland $266 Million for GDPR Transparency Violations

On September 2, 2021, Ireland’s Data Protection Commission (“DPC”) announced that it would fine WhatsApp Ireland (“WhatsApp”) €225 million ($266 million) for its failure to meet the General Data Protection Regulation’s (“GDPR”) transparency requirements as set forth in Articles 12-14. The investigation of WhatsApp began after the DPC received complaints from individuals regarding WhatsApp’s data processing activities and a mutual assistance request from the German Federal Data Protection Authority about WhatsApp’s compliance with EU data protection law. The investigation focused on whether WhatsApp, which was acquired by Facebook in 2014, complied with its transparency obligations under Articles 12-14 of the GDPR, particularly regarding the sharing and processing of…

READ MORE

China Passes Personal Information Protection Law

On August 20, 2021, China’s 13th Standing Committee of the National People’s Congress passed the country’s first comprehensive data protection law, the Personal Information Protection Law (the “PIPL”). The law is modeled, in part, on other jurisdictions’ omnibus data protection regimes, including the EU General Data Protection Regulation (“GDPR”). When it comes into effect on November 1, 2021, The PIPL will govern personal information processing activities carried out by companies or individuals within China. Like the GDPR, the PIPL also will apply to a company’s processing activities conducted outside of China.  A company not established in China is also covered by the law if it processes personal information about…

READ MORE

Colorado Privacy Act Signed by Governor

As part of the continued movement towards increased privacy regulation, Colorado joins California and Virginia as it becomes the third state to enact a comprehensive data privacy law.  On July 8, 2021, Colorado Governor Jared Polis signed SB21-190, the Colorado Privacy Act (“the Act”), into law. The Act will go into effect on July 1, 2023, with some specific provisions taking effect at later dates. The Act applies to companies conducting business in Colorado or that produce or deliver commercial products or services targeted to Colorado residents.  These include those that either (1) control or process the personal data pertaining to at least 100,000 consumers during a calendar year;…

READ MORE

European Commission Publishes Final Version of Standard Contractual Clauses, Imposes Obligations on Data Controllers and Processors

On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses (“SCC”) for transfers of personal data to third countries under the EU General Data Protection Regulation (“GDPR”).  The Commission also released the final version of the new SCCs. (LINK) The new version of the SCCs is in part a response to the decision in the Schrems II case, which raised questions about whether they provide necessary protections for the trans-Atlantic transfer of data. The European Commission’s release in November 2020 of draft versions of the implementing decision and the SCCs was discussed previously in this blog. The guidance makes clear that…

READ MORE

Dutch Data Protection Authority Imposes €525,000 Fine for Failure to Appoint Article 27 Representative

The Dutch Data Protection Authority (“Dutch DPA”) has imposed a €525,000 fine on Locatefamily.com for failure to comply with the General Data Protection Regulation’s Article 27 requirement to appoint a representative in the European Union (“EU”). Locatefamily.com publishes contact details (including telephone numbers and addresses) of individuals on its online platform. According to the Dutch DPA, individuals often did not register to be listed on the platform and did not know how their personal information found its way to the platform. The Dutch DPA had received numerous complaints from individuals about Locatefamily.com. In a decision issued May 12, 2021 found that the online platform had failed to comply…

READ MORE