A decade after regulators first put children’s online privacy under the microscope, a new global sweep suggests the landscape has shifted, but not necessarily in ways that reduce risk.
At a Brussels conference this week hosted by the European Data Protection Board, senior officials from across the EU made a clear case that the next phase of enforcement will hinge less on new rules and more on how well authorities work together to apply the ones already in place.
In a joint opinion, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) gave their support to the European Commission’s proposed Cybersecurity Act 2 (CSA2) and targeted amendments to the NIS2 Directive. The package, introduced in January, is designed to strengthen cybersecurity across the EU while easing the compliance burden on organizations.
The Office of the Australian Information Commissioner (OAIC) recently published new guidance aimed at helping organizations navigate the privacy implications of age assurance technologies. The timing is not accidental. In the three months since Australia’s Social Media Minimum Age scheme came into force, the regulator says it has seen a noticeable increase in age checks being used not just on social platforms, but across a wider range of online services.
Mirosław Wróblewski, President of Poland’s Personal Data Protection Office (UODO), imposed an administrative fine of $1.5 million (PLN 5,898,064) on Restaurant Partner Polska, the company responsible for operating the Glovo platform in Poland. The decision follows an inspection examining how personal data from users of the “Glovo – food delivery and other” app was processed.
Italy’s data protection authority has fined Intesa Sanpaolo €17.6 million after concluding that the bank unlawfully processed the personal data of roughly 2.4 million customers while preparing a large-scale transfer of accounts to its digital subsidiary Isybank.
South Korea is set to strengthen its privacy enforcement regime after lawmakers approved amendments to the country’s Personal Information Protection Act (PIPA) that introduce tougher penalties for repeat data breaches, expand the responsibilities of corporate leadership, and require certain organizations to adopt formal security and privacy certification frameworks.