Discovery sanctions for GDPR redactions

An order by Judge Payne out of the Eastern District of Texas does not agree that redactions allegedly required by GDPR were proper:

To further demonstrate the alleged bad faith application of the GDPR, Arigna showed where Continental blacked out the faces of its Executive Board in a picture even though that picture was available on Continental’s public website without the redactions. Based on these redactions and failure to timely produce the ESI, Argina seeks an adverse inference instruction; an order precluding Continental from using any document that it did not timely produce, and Arigna’s costs and fees.

In response, Continental argued (but did not show) that it received an opinion letter from a law firm based in Europe stating the redactions were required by the GDPR, and that it had worked diligently to produce the ESI while also complying with the GDPR.

July 29, 2022 Memorandum Order, Case No. 22-cv-00126 (EDTX)

States aren’t any better at privacy

A press release by the California Department of Justice acknowledges that it leaked personal data on individuals applying for a concealed and carry weapons permit between 2011 and 2021.

The leaked data included “names, date of birth, gender, race, driver’s license number, addresses, and criminal history.”

The California Attorney General page on the California Consumer Privacy Act:

https://oag.ca.gov/privacy/ccpa

At least GDPR applies to public entities in Europe.

Frustration with GDPR bottleneck in Ireland

VINCENT MANANCOURT writing for Politico:

So far, officials at the EU level have put up a dogged defense of what has become one of their best-known rulebooks, including by publicly pushing back against calls to punish Ireland for what activists say is a failure to bring Big Tech’s data-hungry practices to heel.

Now, one of the European Union’s key voices on data protection regulation is breaking the Brussels taboo of questioning the bloc’s flagship law’s performance so far.

“I think there are parts of the GDPR that definitely have to be adjusted to the future reality,” European Data Protection Supervisor Wojciech Wiewiórowski told POLITICO in an interview earlier this month.

What’s wrong with the GDPR?

The main complaint appears to be that the Irish Data Protection Commission (which handles most big-tech privacy complaints) is overworked and slow.

Otherwise there appears to be a sense that things haven’t quite worked out as hoped, whatever that means.