Sign up for the DPO Europe Newsletter
We will share useful materials with you and talk about the latest news from the world of privacy.
News Digest — about data breach, Google Analytics and American Data Privacy and Protection Act.
Despite the summertime, a lot of events, laws and other activities in privacy sphere are still in progress. We prepared trendy mix of news — of course, accompanied by our experts commentaries. Enjoy!
Data breach impacts 1.5M customers of U.S. bank
Flagstar Bank, a U.S.-based financial organization, said that the personal data of up to 1.5 million customers was exposed in early December 2021 due to “unauthorized access” to its network. After an investigation, the bank discovered that the threat actors accessed sensitive customer details, such as full names and social security numbers.
When a data breach occurs at a major company, the standard procedure is to offer free credit monitoring services to the affected customers. Flagstar Bank has chosen to take this route and anyone alerted to the possible leak of their personal information is offered two years of free credit and identity monitoring.
Google Analytics enforcement fallout: ‘Cry and pray’
Three DPAs (France, Austria, Italy) have determined Google Analytics unlawfully transfers data to the United States, leaving companies with no alternatives on how to ensure they are compliant when they use Google Analytics. In an accompanying Q&A, the CNIL said there is no way to configure Google Analytics so that personal data is not transferred outside of the European Union.
The CNIL published a list of alternative “audience measurement tools” that could be used instead of Google Analytics, but also suggested a new solution called “proxyfication”, which implies using a third party to pseudonymize data before it’s sent outside the EU.
House subcommittee advances American Data Privacy and Protection Act
The American Data Privacy and Protection Act is gaining traction, as the most recent draft includes new additions such as increased requirements for algorithmic assessments, and new exceptions for the processing of sensitive personal data.
Upcoming discussions are likely to focus on refining the provisions surrounding private right to action, which has received strong opposition for industry players and from the US Chamber of Commerce. Customer loyalty programs and data minimization and loyalty duties towards children are also key discussion points. These fast-paced developments are mostly caused by the relative bipartisan support that this Act has received so far.
Fill out the form and we will contact you as soon as possible!
Our team’s expertise and their qualifications enable us to tackle any challenge related to the implementation of personal data protection and other privacy-related issues.