Support Centre


Design, optimise and maintain today

Monitor regulatory developments, mitigate risk and achieve global compliance with the full OneTrust DataGuidance platform

Privacy Today

The Ohio Attorney General ('AG'), Dave Yost, announced, on 20 February 2020, that the AG's Facial Recognition Task Force ('the Task Force') published its report and recommendations on the use of facial recognition technology ('the Report').

The German Federal Court of Justice ('BGH') published, on 19 February 2020, its decision ('the Decision') of 30 January 2020 which refers questions relating to direct marketing and advertisments in email inboxes to the European Court of Justice ('CJEU') in accordance with the preliminary ruling procedure.

The French data protection authority ('CNIL') issued, on 21 February 2020, guidance ('the Guidance') on relying on the performance of a contract between the data controller and the persons concerned as a legal basis for processing under the General Data Protection Regulation (Regulation (EU) 2016/979) ('GDPR').

The European Data Protection Supervisor ('EDPS'), Wojciech Wiewiórowski, published, on 21 February 2020, a blogpost ('the Blogpost') explaining the EU's approach to artificial intelligence ('AI') and facial recognition.

The Office for Personal Data Protection ('UOOU') issued, on 21 March 2019, a decision ('the Decision') imposing a fine of CZK 250,000 (approx. €10,000) on an unnamed company for breach of Articles 5(1)(c) and 5(1)(e) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

The New Mexico Attorney General ('AG'), Hector Balderas, announced, on 20 February 2020, that the state had filed a lawsuit against Google LLC over the alleged collection of personal data from children under 13 without parental consent, in violation of the Children's Online Privacy Protection Act of 1998 and New Mexico's Unfair Practices Act.

OneTrust DataGuidance confirmed, on 21 February 2020, with Lukundo Kapinga, Associate at Musa Dudhia & Company, that the Data Protection Bill 2018 ('the Bill') is currently with the Ministry of Justice. In particular, Kapinga outlined that, "We advise that the Bill has not yet been presented before Parliament.

The German Federal Ministry for Economic Affairs and Energy ('BMWi') announced, on 21 February 2020, the publication of a feasibility study ('the Study') for blockchain-based acquisition and control of energy systems using smart meter gateway ('SMGW'), which details, among other things, how to protect personal data in the process.

The Federal Energy Regulatory Commission ('FERC') announced, on 20 February 2020, in a notice of inquiry ('NOI') that it is seeking comments on the potential benefits and risks associated with the use of virtualisation and cloud-computing services in the operation of the country's bulk electric system.

The Swedish data protection authority ('Datainspektionen') published, on 21 February 2020, its 2019 annual report ('the Report').

The Ministry of Digital Development, Communications and Mass Media of the Russian Federation ('Minkomsvyaz') announced, on 17 February 2020, that Deputy Minister of Minkomsvyaz, Mikhail Mamonov, had met with Ambassador Extraordinary and Plenipotentiary of Venezuela to the Russian Federation, Carlos Rafael Faria Tortosa, to discuss cooperation in

The Icelandic data protection authority ('Persónuvernd') published, on 20 February 2020, the official English translation of Act 90/2018 on Privacy and Processing of Personal Data ('the Act').

The Administrative Conference of the United States ('ACUS') released, on 18 February 2020, jointly with the Stanford Law School and the New York University School of Law, a report on Government by Algorithm: Artificial Intelligence in Federal Administrative Agencies ('the Report').

Jefferson Dental Clinics ('JDC') notified, on 7 February 2020, the U.S. Department of Health & Human Services' Office for Civil Rights ('OCR'), of a data breach affecting 45,748 of its patients, which the OCR is now investigating.

Overlake Medical Center & Clinics announced, on 7 February 2020, that it had suffered a phishing incident, on the 9 December 2019, regarding its email accounts, potentially exposing patient personal information.

Health Share of Oregon notified, on 5 February 2020, the U.S. Department of Health & Human Services' Office for Civil Rights ('OCR'), of a data breach affecting 654,362 of Health Share's members, which the OCR is now investigating.

The Italian data protection authority ('Garante') announced, on 18 February 2020, that it had published in its monthly newsletter ('the Newsletter') a decision ('the Decision') fining the Azienda Ospedaliero Universitaria Integrata di Verona €30,000 for violating Article 5(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679

The National Institute for Transparency, Access to Information and Personal Data Protection ('INAI') released, on 17 February 2020, a statement detailing that the Federal Commission for Protection against Health Risks ('COFEPRIS') is under an obligation to provide information on its compliance with the Health Verification Act 19-MF-3309-01748-MO

The Dutch data protection authority ('AP') announced, on 14 February 2020, that it had suspended its fine on Onderlinge Waarborgmaatschappij Centrale Zorgverzekeraars groep ('CZ'), a health insurer, pending corrective action, following an investigation which ruled that CZ's approach to authorisation applications violated the Act Implementing the

The Ministry of Health and Welfare ('MOHW') issued, on 11 February 2020, Draft Implementation Measures of the Hospital Personal Data Archives Security Maintenance Plan ('the Draft Measures'), and is requesting comments on the same.

The American Bankers Association ('ABA') announced, on 20 February 2020, together with 11 of the nation's largest banks, the Clearing House Payments Company L.L.C., and FMR LLC, the parent company of Fidelity Investments, the launch of a new data-sharing network intended to give consumers greater control over how their financial data is shared w

The Financial Conduct Authority ('FCA') published, on 18 February 2020, its annual Sector Views report ('the Report') in which it identifies open banking and open finance, Big Data, artificial intelligence ('AI') and data use, FinTech, and new technologies, as topics having the greatest impact on the financial sectors it regulates.

The State Bank of Pakistan ('SBP') issued, on 18 February 2020, details of its significant enforcement decisions for January 2020 ('the Decision'). In particular, the SBP fined Habib Bank Ltd PKR 12.8 million (approx. €77,000) for procedural violations in the areas of customer due diligence and Know Your Customer ('CDD/KYC').

The European Securities and Market Authority ('ESMA') published, on 19 February 2020, its report ('the Report') on Trends, Risks, and Vulnerabilities of 2020 focusing on, among other things, risks related to BigTech.

The Council of the European Union ('the Council') announced, on 18 February 2020, that it had adopted amendments in the context of facilitating the detection of tax fraud in cross border e-commerce transactions.

The Government of Spain announced, on 18 February 2020, that the Council of Ministers had approved the draft law on a FinTech sandbox ('the Draft Law').

The Polish data protection authority ('UODO') issued, on 19 February 2020, a statement ('the Statement') condemning the illegal practice of bank employees of selling customer personal data.

The Autoriti Monetari Brunei Darussalam ('AMBD') announced, on 18 February 2020, a call for applications to participate in the AMBD's regulatory sandbox for FinTech products and services.