Loading

Category: Data Protection

Unlawful use of data results in significant fine for canvassing company

Unlawful use of data results in significant fine for canvassing company A company was fined by CNIL for unlawfully using data obtained from a data broker for commercial prospecting purposes.    On April 4, 2024, the French data protection authority, CNIL, imposed a significant fine of 525,000 euros on the company HUBSIDE.STORE. The fine was

CPPA Enforcement Division issues its first advisory

An Enforcement Advisory has been issued by the CPPA Enforcement Division to help businesses ensure compliance with the CCPA.   On April 2, 2024, the Enforcement Division of the California Privacy Protection Agency (CPPA) released its inaugural Enforcement Advisory, marking a significant step in its efforts to ensure compliance with the California Consumer Privacy Act

Possible fines under US data protection laws

With various state-level data protection laws coming into force across the US, what possible fines could a business face for violating any of those laws?    In the United States, while there isn’t a comprehensive federal data protection law, more and more state laws governing the protection of personal data are coming into force, imposing

EU Supervisory Authorities have a right to order the erasure of unlawfully processed data without a request from the data subject

The CJEU has ruled that EU Supervisory Authorities have a right to order the erasure of unlawfully processed data even without a prior request from the data subject.   The recent ruling by the Court of Justice of the European Union (CJEU) has significant implications for the processing of personal data by organisations within the

Texas Data Privacy and Security Act: An overview

Texas Data Privacy and Security Act brings Texas among the ranks of several states to enact comprehensive data privacy laws.   Texas Data Privacy and Security Act (TDPSA) was passed on June 16th, 2023 and will take effect on July 1, 2024, bringing Texas among the ranks of several states to enact comprehensive data privacy

New Jersey Consumer Data Privacy Act: A comprehensive overview

The New Jersey Consumer Data Privacy Act (NJCDPA), was passed in January 2024, and details distinct requirements for organizations which process the data of New Jersey residents.    The state of New Jersey has implemented a robust framework of data protection laws to safeguard the personal information of its residents. Among the key laws is

Oregon Consumer Data Privacy Act: What organizations should be aware of

The Oregon Consumer Data Privacy Act (OCDPA), scheduled to come into force from June 2024, implements specific requirements for organizations which process the data of Oregon residents.    The Oregon Consumer Data Privacy Act (OCDPA) is a state data privacy law that aims to protect the personal information of Oregon residents. The OCDPA establishes a

Montana Consumer Data Privacy Act: Joining the growing list of state privacy laws

Montana Consumer Data Privacy Act is an important piece of legislation which aims to protect the data of Montana consumers.    The Montana Consumer Data Privacy Act (MCDPA) is a landmark piece of legislation that aims to protect the personal information of consumers in Montana. Like other state level privacy laws, the MCDPA aims to

”Pay or ok” — Does this new paid subscription model invalidate consent?

There has been much debate about the validity of consent under the GDPR as it relates to the “Pay or ok” paid subscription model on social media and other platforms and websites.   Since November 7, European users of Facebook and Instagram have had the option to pay a subscription in exchange for an ad-free

Iowa Consumer Data Privacy Act: What organizations should be aware of

The Iowa Consumer Data Privacy Act (ICDPA), scheduled to come into force from January 2025, introduces specific requirements for organizations which process the data of Iowa residents.    Iowa has its own data privacy laws that organizations need to be aware of. The Iowa Consumer Data Privacy Act (ICDPA) was enacted in 2020 and it