Discord, Inc., a voice over IP and instant messaging company, was fined €800,000 by France’s data authority CNIL for failing to define and honor a data retention period in accordance with GDPR. The amount of the fine took into consideration the number people impacted, which was close to 3 million, and also the fact that the company worked throughout the investigation to reach compliance.
A ruling by Italy’s Data Protection Agency (DPA) that prohibits use of facial recognition technology (FRT) is receiving mixed reviews from privacy advocates, including concern it may set a broader EU precedent. This is due to a caveat in the ruling that FRT can still be used for crime fighting and judicial investigations. The rule is a stop gap measure pending new privacy legislation from Italy’s DPA and at a time when the EU is evolving its comprehensive AI Act, which is intended to be the first comprehensive legal framework... Read More >
India, which this summer shelved plans to pass a Personal Data Protection Bill, has introduced a new draft proposal for a privacy bill that eases the burden on overseas data transfers, but advocates high penalty amounts of up to ₹500 crore ($61 million) for non-compliance and ₹250 crore for breaches. Decisions yet to be made are about which countries would be white listed for data transfers and to what degree state agencies could be exempted from provisions in the bill.
Procrastinators of the world can throw a party whenever they get around to it: Google has once more pushed back complete third-party cookie deprecation. The new target is “early next year.” Reasons for the delay include concerns expressed by U.K. data regulator Information Commissioner’s Office, an ongoing inquiry by the U.K. Competition and Markets Authority, and widespread discontent in the advertising ecosystem.