The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party.
The fact of the case relating to the Rousseau platform:
Several websites affiliated to the Italian political party Movimento 5 Stelle are run, through a data processor, through the platform named Rousseau. The platform had suffered a data breach during summer 2017 that led the Italian data protection authority, the Garante, to the implementation of many security measures, in addition to the obligation to update the privacy information notice to give additional transparency to the data processing activities performed.
The stalled this April in the state’s House of Representatives, and will likely not reappear again for discussion until the 2020 legislative session.
The bill overwhelmingly passed the Senate, but failed to come to a floor vote in the House of Representatives before the April 17th deadline for state lawmakers to consider non-budget related matters. This delay appears to stem from a lack of consensus on key issues, such as the regulation of facial recognition technologies and potential enforcement mechanisms.
If the House had passed the bill, Washington would have become the second state in the United States to enact significant privacy legislation. Mirroring the GDPR in several respects, the bill provided access, correction, and deletion rights to consumers, and imposed disclosure and risk assessment obligations on covered businesses.
Although state lawmakers failed to pass the Washington Privacy Act, they reached a consensus on a that expands Washington’s breach notification law. The Senate and the House of Representatives passed the bill in their respective chambers in the