Sign up for the DPO Europe Newsletter

We will share useful materials with you and talk about the latest news from the world of privacy.

News Digest — about data breach, Google Analytics and American Data Privacy and Protection Act.

Despite the summertime, a lot of events, laws and other activities in privacy sphere are still in progress. We prepared trendy mix of news — of course, accompanied by our experts commentaries. Enjoy!

Data breach impacts 1.5M customers of U.S. bank

Flagstar Bank, a U.S.-based financial organization, said that the personal data of up to 1.5 million customers was exposed in early December 2021 due to “unauthorized access” to its network. After an investigation, the bank discovered that the threat actors accessed sensitive customer details, such as full names and social security numbers.

When a data breach occurs at a major company, the standard procedure is to offer free credit monitoring services to the affected customers. Flagstar Bank has chosen to take this route and anyone alerted to the possible leak of their personal information is offered two years of free credit and identity monitoring.

Google Analytics enforcement fallout: ‘Cry and pray’

Three DPAs (France, Austria, Italy) have determined Google Analytics unlawfully transfers data to the United States, leaving companies with no alternatives on how to ensure they are compliant when they use Google Analytics. In an accompanying Q&A, the CNIL said there is no way to configure Google Analytics so that personal data is not transferred outside of the European Union.

The CNIL published a list of alternative “audience measurement tools” that could be used instead of Google Analytics, but also suggested a new solution called “proxyfication”, which implies using a third party to pseudonymize data before it’s sent outside the EU.

House subcommittee advances American Data Privacy and Protection Act

The American Data Privacy and Protection Act is gaining traction, as the most recent draft includes new additions such as increased requirements for algorithmic assessments, and new exceptions for the processing of sensitive personal data.

Upcoming discussions are likely to focus on refining the provisions surrounding private right to action, which has received strong opposition for industry players and from the US Chamber of Commerce. Customer loyalty programs and data minimization and loyalty duties towards children are also key discussion points. These fast-paced developments are mostly caused by the relative bipartisan support that this Act has received so far.

Contact Sales

Learn what Data Privacy Office Europe can do for you.

Fill out the form and we will contact you as soon as possible!