ARTICLE
10 December 2024

Two-Minute Recap Of Data Protection Law Matters Around The Globe

GT
Gen Temizer

Contributor

Gen Temizer logo
Gen Temizer is a leading independent Turkish law firm located in Istanbul's financial centre. The Firm has an excellent track record of handling cross-border matters for clients and covers the full bandwidth of most complex transactions and litigation with its cross-departmental, multi-disciplinary and diverse team of over 30 lawyers. The Firm is deeply rooted in the local market with over 80 years of combined experience of the name partners while providing the highest global standards of legal services.
The Australian government has passed the controversial law prohibiting under-16s using social media. The legislation aims to tackle cyberbullying...
Worldwide Privacy

Australia Bans Social Media Use for Under-16s

The Australian government has passed the controversial law prohibiting under-16s using social media. The legislation aims to tackle cyberbullying, psychological pressure and other risks children may encounter online and calls on social media platforms to provide solutions to these issues. It will require stricter identity verification procedures, mandates parental consent, and allow for the imposition of significant fines on non-compliant companies.

South Korea Fines Meta for Privacy Breach

The South Korean data protection authority has fined Meta approx. EUR 14 million for the nonconsensual collection and sharing of sensitive Facebook user data. Said data included political views and same-sex relationships and involved 4,000 advertisers between 2018-2022. The authority also cited security lapses, such as inactive pages left vulnerable to cyberattacks, which resulted in data breaches. Meta's data practices were criticized for lacking transparency and failure to implement adequate safeguards. The company stated it would review the decision but offered no further comment.

EDPB's First Review of EU-US DPF

The European Data Protection Board (“EDPB”) published its first review of the EU-US Data Privacy Framework (“DPF”) and the High-Level Group's recommendations regarding law enforcement data access. While implementation of certification processes and US authorities' establishment of a redress mechanism were welcomed, it emphasized the need for increased monitoring of compliance. The review also highlighted the importance of safeguarding fundamental rights and warned against weakening encryption or imposition of excessive data retention requirements (while urging compliance with the principles of necessity and proportionality). Finally, the EDPB recommended maintaining cooperation to ensure the protection of EU citizens' rights and called for the next review to be conducted within three years.

Investigation of Italian Bank

Italy's data protection authority is investigating a data breach at a private bank after an employee allegedly accessed the information of approximately 3,500 customers without authorization. The incident is said to have posed risks such as the exposure of individuals' financial details and reputational damage. The authority announced it would assess the adequacy of security measures and requested the bank's feedback within 30 days.

New Privacy Law for Alberta

The government of the Canadian state of Alberta has introduced Bill 33, the Protection of Privacy Act, to enhance personal data protection and enforce stricter penalties for privacy violations. This legislation, intended to replace The Freedom of Information and Protection of Privacy Act, would require public institutions to adopt stricter measures to manage personal information. It also mandates that individuals be notified where their data is used in automated systems for generating content, decisions, or predictions.

Bill 33 prohibits the unauthorized collection, use, or sharing of personal information and the re-identification of individuals from anonymized data. It also bans false declarations and noncompliance with the Information and Privacy Commissioner's Office.

New York Hits Geico and Travelers

New York Attorney General Letitia James fined Geico and Travelers Indemnity Company a total of USD 11.3 million for data breaches during the COVID-19 pandemic. Geico's online quoting tool was targeted by credential stuffing attacks which exposed the driver's license numbers of approx. 116,000 individuals, while lack of multifactor authentication at Travelers compromised the personal data of 4,000 individuals. Both companies have pledged to strengthen their systems to prevent future breaches.

WhatsApp Takes Privacy Battle to ECJ

WhatsApp has taken its dispute with the EDPB to the European Court of Justice (the EU's highest court). The case arises from the EDPB's 2021 binding decision to increase a fine imposed by the Irish Data Protection Commission regarding data usage complaints to EUR 225 million.

WhatsApp argues the General Court in Luxembourg incorrectly ruled that the EDPB's decision did not directly affect the company. A final ruling from the court is expected next year.

New EDPS Selection Process Delayed

Selection of the new European Data Protection Supervisor (“EDPS”) may be postponed until January 2025. The European Commission approved the shortlist of candidates on November 13 but there may not be adequate time for the Parliament to conduct hearings this year (the selection process involves a European Parliament vote and requires approval by representatives of the 27 EU member states). The EDPS oversees the privacy compliance of EU institutions but lacks the enforcement power of national data protection authorities which can impose fines on big tech companies for GDPR violations. The current EDPS will end his term on December 5.

Facebook Facing Another US Lawsuit

The US Supreme Court has reviewed Facebook's appeal against a lower court's 2018 decision which allowed the continuation of a classaction lawsuit led by Amalgamated Bank. The lawsuit arises from shareholder allegations that Facebook misled them on misuse of user data – specifically that the company withheld information regarding a 2015 data breach involving Cambridge Analytica which affected over 30 million users. The Supreme Court's decision is expected by the end of June 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More