Right on the heels of GDPR’s compliance deadline and hitting a little closer to home, the governor of California has signed AB 375—the California Consumer Privacy Act of 2018. This is a first-of-its-kind law, at least from a US-perspective, that has been called historic in terms of privacy and consumer protections. Much like GDPR, the comprehensive law gives users more control over their data and places penalties on companies that fail to comply. There is a very unique American aspect to this law however – the private cause of action that is given to California residents. Whereas the “teeth” in the EU-law is the threat of regulatory investigation and…
.@EU_Commission announced successful conclusion of adequacy talks with South Korea, confirming alignment of EU & SK #dataprotection laws. Finding covers commercial & public sector, enables data flows between the EU & SK. Adoption expected in coming months. https://ec.europa.eu/commission/presscorner/detail/en/statement_21_1506
Dutch DPA announced a €475,000 fine for Dutch headquartered @bookingcom for failure to report #databreach within 72 hours of becoming aware of the 2019 incident. Breach resulted in unauthorized access to login credentials, criminal access to data of 4000 customers.
Bavaria #DPA declared company’s (controller’s) use of US email marketing service #Mailchimp in #Bavaria impermissible due to failure comply with #SchremsII mitigation requirements with respect to transfer of e-mail addresses to Mailchimp in the US.