New EU-US data transfer framework should not change your privacy strategy; Connecticut senate passing new data privacy legislation; French Regulator CNIL gets added power to investigate SMBs
The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️
EU-US data transfer framework should not change your privacy strategy
There has been a lot of positivity after announcing a new EU-US data transfer framework after Privacy Shield was invalidated. Companies relying on such legislation could be in trouble both short and long term. Firstly, there are no details about the framework, and actual legislation could be years away. In the meantime, no framework is active. In the long term, going back to the old ways of conducting business completely ignores the ever-increasing demand from consumers to control their personal data. We think companies have a window now to realize privacy and compliance should be seen as core infrastructure and will determine their ability to compete in the years to come.
Connecticut senate passing new data privacy legislation
While it still has to be passed by the state house of representatives and signed by the governor, this is a significant first step for the people of Connecticut. Based on similar laws in Virginia and California, it requests businesses to participate if they possess data about more than 100,000 state residents (or did the previous year) or monetize data that represents more than 25% of the income.
It is also a great example of how data compliance will continue to become more complex for companies with a multi-national reach.
French Regulator CNIL gets added power to investigate smaller businesses.
A new law allows CNIL to decide on a fast-track process for low complexity compliance and privacy complaints. This effectively allows CNIL to target smaller companies for GDPR breaches. The new fast track process limits the possible fine to €20,000 per fine and a per-day delay of €100. While these fines might not present headlines in national news outlets, they are significant and will force smaller businesses to re-think their compliance and privacy views.