September 6, 2024
Issue 34 — GDPR Violation. See which US brand got fined $324M
In today's email…
- The Health and Human Services Privacy Litigation
- Uber gets fined
- How to navigate the EU AI Act
- Privacy Ops book review
- Upcoming privacy events
Let's dive in!
Latest in Trust
The Health and Human Services dropping its web tracking restrictions appeal leaves healthcare companies in legal limbo regarding online patient data collection. Read more.
How are you navigating the EU AI Act? Here's how we're looking at it:
AI Screening Questions: Quickly determine if teams are using AI and automatically start the appropriate review process and assessments.
Risk Classification: Classify the AI's risk level based on EU AI Act categories.
Tailored Assessments: Apply specific assessments like AI Conformity or Reduced Risk Assessment depending on the risk level.
TerraTrue has built this workflow for all customers to access. To learn more about it go here.
Regulations / Fines
Key takeaways from the Dutch Data Protection Authority’s Fine on Uber
GDPR Violation: Uber was fined for transferring European drivers' personal data to the US without adequate protection, violating the EU's General Data Protection Regulation (GDPR).
Data Transfer Restrictions: The EU's top court ruling in 2020 invalidated the Privacy Shield agreement, limiting data transfers to the US.
Insufficient Protection: Uber failed to ensure an equivalent level of protection for European data transferred to the US, even after the Privacy Shield was invalidated.
Retroactive Fine: The fine was levied retroactively, despite the legal uncertainty following the Privacy Shield ruling.
Industry Impact: The fine raises concerns about the retroactive application of data protection laws and their potential impact on businesses operating in the EU. Read more about it here.
Trust Ops Corner
Book Review by Rhys
"Data Privacy: A Runbook for Engineers" is a practical guide that bridges theory and practice for technical professionals handling personal data. It offers actionable strategies to integrate privacy into the core of engineering processes, rather than treating it as an afterthought. This resource equips teams with the knowledge to proactively embed privacy measures throughout the development lifecycle, making it an invaluable tool for anyone building data-centric systems in today's privacy-conscious landscape.
Do you have a favorite privacy book or want to share your own review? Hit reply - we’d love to feature your picks.
Upcoming Events
- DataPrivacy Conference Forum Global | September 17, 2024 | Washington, DC
- IAPP PSR Conference | September 23-24 | Los Angeles, CA
- IAPP ANZ Summit 2024 | November 26-29 | Melbourne, Australia
- ICO DPPC | Oct 8, 2024 | Online
- IAB State Privacy Law Summit | Nov 19, 2024 | New York City, NY
See if you need to run an assessment for the AI EU Act for your company