Issue 136 - Privacy Desk

Enforcement updates

Apple Inc. were sanctioned a fine of RUB 2 million following a decision issued by the Magistrate’s Court of the Tagansky District of Moscow. The Federal Service for the Supervision of Communications, Information Technology and Mass Media found that Apple had refused to comply with a demand that foreign companies must provide documents confirming that the storage and processing of personal data of Russian users be carried out in the territory of the Russian Federation.

The National Supervisory Authority for Personal Data Processing (ANSPDCP) Romania, issued a fine of RON 14,8230 on S.C. Delivery Solutions S.A. for violating multiple GDPR provisions. ANSPDCP determined that the personal data belonging to 26,566 individuals was available for sale on a hackers’ forum and could be accessed by a link and also observed that S.C. Delivery Solutions acted as a processor for two different organizations and failed to implement adequate technical and organizational measures to protect the personal data, which led to the disclosure and/or unauthorised access of the data.

The Office of the Data Protection Authority (ODPA) issued a reprimand to the Constables of St Peter Port after receiving a complaint. According to the complaint, personal data including sensitive personal data relating to the complainant was disclosed in an email to other members of the Douzaine (body of 12 officials representing a Guernsey parish) and to two parties outside the Douzaine. ODPA conducted an investigation and noted that the Constables had disclosed the complainant’s sensitive personal data without an appropriate legal basis, and without previously informing the complainant that the email would be shared with third parties. Additionally, the OPDA found a lack of relevant policies and procedures to govern how personal data, especially higher risk special category data, should be handled and shared.

Guidance updates

Japan’s Financial Service Agency has released its Code of Conduct for ESG Evaluations and Data Providers for public comments.
Serbia’s Commissioner for Information of Public Importance and Personal Data Protection has issued statement announcing that 7 companies have designated a representative for Republic of Serbia.
The Cyberspace Administration of China has issued the Measures for Security Assessment for Data Exports.

Regulatory updates

A new bill has been introduced in the U.K. Parliament titled ‘Data Protection and Digital Information Bill’.
The House of Representatives of the Republic of Indonesia has announced that discussions regarding the draft of the Personal Data Protection Act is about to conclude.
The Shenzhen Municipal People’s Congress has released the Shenzhen Special Economic Zone Social Credit Regulations for public comments which provides handling natural person’s credit information.

US updates

White House published an Executive Order on Protecting Access to Reproductive Healthcare Services, addressing potential threat by sale and transfer of sensitive-health related data.
Federal Trade Commission has published blog tackling illegal use and sharing of highly sensitive data.
The Chairwoman of the Committee on Oversight and Reform has sent letters to data brokers and personal health application companies requesting information regarding the collection and sale of personal reproductive health data.

India updates

Cybersecurity and policy experts have demanded clarity on non-personal data before making laws on it. Reports The Economic Times
Ministry of Electronics and Technology is considering a new regulation to replace the IT act, 2000. Reports The Indian Express
WeWork India has resolved a bug on their app which had exposed visitors’ personal information. Reports The Economic Times

News around the globe

The Prefeitura Municipal de Itapermirim in Brazil has alerted people of cyberattack.
The Department of Indre-et-Loire in France has fallen victim to a cyberattack.
Comic reading platform Mangatoon has suffered a data breach exposing information of 23 million user accounts.

Big Tech updates

Amazon’s Ring doorbell unit has given footage to law enforcement without the user’s consent 11 times in 2022. Reports The Economic Times
TikTok suspends making changes to its privacy policy for targeted advertising due to potential breach of EU Data rules. Reports The Economic Times

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.