France's data protection authority, the Commission nationale de l'informatique et des libertés, fined Microsoft 60 million euros for alleged third-party cookie violations. The CNIL carried out investigations over nonconsensual cookie placement and tracking through Microsoft's Bing search engine. The regulator noted it is "materially" and "territorially" competent under the ePrivacy Directive.
The General Inspection Coordination of Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published a form for security incident reporting by personal data controllers. The new document, required as of Jan. 1, includes expanded structured responses and guidelines on the incident reporting process.
Zurich Insurance Group's Chief Executive Officer Mario Greco cautioned large-scale cyberattacks are a growing concern among industry executives and will "become uninsurable," the Financial Times reports.
The director of Belarus' National Center for Personal Data Protection signed an order implementing rules for the cross-border transfer of personal data. The order includes member states of the Eurasian Economic Union and defines allowable cases of cross-border data transfers, including transfers by state bodies and other organizations.
In a letter to parliament, the Netherlands' Minister for Digitalisation Alexandra van Huffelen said the Dutch data protection authority, Autoriteit Persoonsgegevens, will strengthen supervision of algorithms that process personal data. Beginning this month, the AP will monitor algorithms for transparency, discrimination and arbitrariness. It will also identify and analyze risks of algorithms, and facilitate and enhance collaboration with other organizations.
Ireland's Data Protection Commission announced an own-volition inquiry into the potential compromise of more than 5 million Twitter accounts reported in November 2022.
Concerns are being raised over a proposal to require notification of third-party access to personal data within New Zealand's Privacy Act, RNZ reports. The country's ministry for children, Oranga Tamariki, warns the changes could put children, who have "an expectation of confidentiality," in danger.
Headlines regarding the U.S. Federal Trade Commission’s record enforcement action against Epic Games over alleged Children's Online Privacy Protection Act violations are likely to focus on the high price tag. IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, found more beyond the financial penalty though, particularly with the FTC's views on teen privacy.
U.S. users of the the single sign-in website for accessing a variety of federal services, Login.gov, do not have their credentials verified by the government, Politico reports. Instead, user validation for federal agencies’ services, such as the Small Business Administration and the Social Security Administration, is conducted by “a group of private-sector data brokers.” The federal government relies on data brokers’ services.
The California Attorney General's Office made waves with the California Consumer Privacy Act settlement in August. More specifically, questions were raised about the attorney general's emphasis on the broad interpretation of the CCPA’s “sale of data” and adoption of the Global Privacy Control.