Italy's data protection authority, the Garante, fined perfume chain Douglas Italia 1.4 million euros for data protection violations. The Garante said the company maintained data of more than 3 million customers without requesting consent for processing.
Amazon Web Services Key Management Service launched a new tool, the External Key Store, enabling customers to protect data with encryption keys under their own control. Customers can “encrypt or decrypt data with cryptographic keys, independent authorization, and audit in an external key management system outside of AWS.” XKS is based on “a new, external root of trust.” Root keys are stored hardware security modules operated by the user.
Snapchat will implement a feature enabling California-based users to ask the application to "limit the use of sensitive personal information," TechCrunch reports. The toggle switch is designed to comply with the California Privacy Rights Act, which takes effect Jan. 1, 2023.
Accounts of more than 5 million Twitter users in Europe and the U.S. may have been compromised, InfoSecurity Magazine reports, citing research from cybersecurity expert Chad Loder. In a Twitter post, Loder said the “breach occurred no earlier than 2021.” His account was suspended after the post. The breach affected users who enabled the “Let others find you by your phone” feature in the discoverability settings. Loder said all accounts for France’s country code of +33 were exposed.
The U.K. Information Commissioner's Office and communications regulator Ofcom released a joint statement on shared regulatory goals around online safety and data protection. The regulators will work closely to ensure policies are consistent and establish clear expectations for organizations to meet both online safety and data protection requirements.
The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU$50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme.
Reuters reports Twitter is cooperating with an Irish Data Protection Commission probe into implications of recent privacy and security personnel changes.
Finland's Office of the Data Protection Ombudsman and TIEKE Finnish Information Society Development Centre recently announced GDPR4CHLDRN, a two-year project to facilitate protection of children's data. Information on personal data processing will be provided to organizations involving children's activities, minors and their parents and tools will be developed to support data protection legislation.
More than 90 advocacy groups penned a letter to U.S. Senate leadership opposing passage of the proposed Kids Online Safety Act, CNBC reports.
An evaluation by a working group of German data protection authorities states Microsoft's cloud-based 365 products cannot be used in compliance with the EU General Data Protection Regulation, TechCrunch reports. After investigating privacy concerns involving Microsoft 365 products for the past two years, the group noted the company has not corrected any of the raised compliance issues.