Get Started

September 6, 2024

Issue 34 — GDPR Violation. See which US brand got fined $324M

In today's email…

  • The Health and Human Services Privacy Litigation
  • Uber gets fined
  • How to navigate the EU AI Act
  • Privacy Ops book review
  • Upcoming privacy events

Let's dive in! 

Latest in Trust


The Health and Human Services dropping its web tracking restrictions appeal leaves healthcare companies in legal limbo regarding online patient data collection. Read more.


How are you navigating the EU AI Act? Here's how we're looking at it:


AI Screening Questions: Quickly determine if teams are using AI and automatically start the appropriate review process and assessments.


Risk Classification: Classify the AI's risk level based on EU AI Act categories.


Tailored Assessments: Apply specific assessments like AI Conformity or Reduced Risk Assessment depending on the risk level.


TerraTrue has built this workflow for all customers to access. To learn more about it go here.  

Regulations / Fines
Key takeaways from the Dutch Data Protection Authority’s Fine on Uber


GDPR Violation: Uber was fined for transferring European drivers' personal data to the US without adequate protection, violating the EU's General Data Protection Regulation (GDPR).


Data Transfer Restrictions: The EU's top court ruling in 2020 invalidated the Privacy Shield agreement, limiting data transfers to the US.


Insufficient Protection: Uber failed to ensure an equivalent level of protection for European data transferred to the US, even after the Privacy Shield was invalidated.


Retroactive Fine: The fine was levied retroactively, despite the legal uncertainty following the Privacy Shield ruling.


Industry Impact: The fine raises concerns about the retroactive application of data protection laws and their potential impact on businesses operating in the EU. Read more about it here.  

Trust Ops Corner
Book Review by Rhys
"Data Privacy: A Runbook for Engineers" is a practical guide that bridges theory and practice for technical professionals handling personal data. It offers actionable strategies to integrate privacy into the core of engineering processes, rather than treating it as an afterthought. This resource equips teams with the knowledge to proactively embed privacy measures throughout the development lifecycle, making it an invaluable tool for anyone building data-centric systems in today's privacy-conscious landscape.
Do you have a favorite privacy book or want to share your own review? Hit reply - we’d love to feature your picks.  

Upcoming Events

Data protection meme

See if you need to run an assessment for the AI EU Act for your company

Loading GTM...