Dutch Privacy authority fined Uber E600.000 for the cyber breach from 2016 where thousands of Dutch customers were stealed personal data and where hackers’ silence was bought off.
Some comforting views from the after-Brexit personal data panorama.
Similarities (and differences) across the EU GDPR and the CCPA around Geographical scope, entities subject to these laws, personal data definition, notice requirements, access+portability rights, deletion and opt-out rights, processors-service provider(s) relationship, consent and enforcement.
Among the novelties:
- scope is extended to intelligence agencies too (as the UK did too);
- children’s consent age is lowered to 13 years old (lowest threashold admissible in the GDPR);
- Genetic, Biometric and Health-Related Data require additional layers of protection (mention of specific personnell authorised + their role);
- processing of criminal records has a wider purpose to include managing of disputes, with the data owner’s consent and for public interest/scientific/historic/legal/statistical purposes,;
Strict enforcement of Privacy law in Dutch hospitals and health insurers with regard to the appointment of a DPO.
Japan about to be assessed as an adequate country!
firstly, come curiosities:
- the scope of such law is quite wide (cybersecurity + cyber sovereignty + national security and public interests + legitimate rights and interests of natural/legal persons + healthy development of economic and social informatization);
- secondly, some of its provisions can conflict with Criminal Law (中华人民共和国刑法)and the 2015 Advertising Law (中华人民共和国广告法.
Compliance is hard to check: on one side, one can’t rely on state media and on the other hand, private blogs may not be totally reliable either. Furthermore, state media and authorities may sometime publish reports on social media rather than their own website.
All in all, although hard to track ,enforcement is definitely being carried out in mainland China.
GDPR toolkit for small and medium enterprises.
A friendly reminder from the Netherlands on that your e-mail and messenger conversations may not be as private as you thought.
On 1 Jan 2020 this new law will enter into force in California to emulate the EU GDPR.