Issue 102

Enforcement Updates

Company faces class action lawsuit for violation of Illinois privacy law

Ancestry.com, upon its acquisition by Blackstone, has disclosed genetic and personal information of the residents of Illinois, without their consent. The privacy laws of Illinois, prohibit any disclosure of its residents’ genetic information such as genetic tests, family members’ genetic tests, the manifestation of a disease or disorder in their family members to anyone other than the individual or those specifically authorized in writing. Since Ancestry.com failed to obtain such consent, the residents of Illinois have filed a class action law suit against the company.

Municipality fined for data security and internal control failures following a ransomware attack

The Norwegian Data Protection Authority (Datatilsynet) has raised a fine on the Ostre Toten municipality for deficiencies in personal data security and associated internal control after being hit by a ransomware attack in January 2021. The attack received control of the database municipality containing personal information about the municipality’s residents and employees, which they subsequently published on the dark web. The authority thus assessed the attack and highlighted the lack of technical and organisational measures to secure data processing and imposed a fine of NOK 4 million.

Company fined for discarding personal documents in the public trash bins

The Kansas Attorney General’s Office has fined a company, SearchTec for dumping documents in a public trash bin without removing any personal information from such documents or shredding such documents. The company manages business documents and performs searches for law firms, service companies and lenders.  The documents contained personal details such as social security numbers, driver’s license numbers, financial account numbers, or credit or debit card numbers. The company was thus fined USD 500,000 for such disposal of documents.

Guidance Updates

  • ‘Good Machine Learning Practice for Medical Device Development: Guiding Principles’ released by FDA, MHRA, and Health Canada to provide users with clear and essential information.
  • U.S. Department of Labor Occupational Safety and Health Administration issues emergency temporary standards to protect workers from COVID-19.
  • The Cyberspace Administration of China releases ‘Draft Measures on Security Assessment of Cross-border Data Transfer’. Open for public comment.
  • Singapore’s government releases two new programs as a part of their National AI Strategy to improve the lives of our citizens, and help businesses seize new opportunities.

Regulatory Updates around the globe 

  • China’s Personal Information Protection Law comes into force from November 1.
  • ‘Protecting Sensitive Personal Data Act, 2021’ bill introduced by US Senator, to supervise transactions involving Americans’ sensitive personal data.
  • Smaller Financial Institutions face cyber-attacks and data breaches. Urge Congress to implement law. Reports Roll Call.

US Updates

  • USA’s Federal Trade Commission (FTC) updates rules to better protect citizens from data breaches and cyberattacks.
  • FTC issues new enforcement policy against employing illegal patterns to trap customers into subscription services. Urges companies to provide upfront information and obtain customer consent.

EU Updates

  • European Parliament released draft law to strengthen cybersecurity obligations in terms of risk management, reporting obligations and information sharing.
  • The Council of Europe implements recommendations on profiling to better protect personal data and private life of individuals.

India Updates

  • Hyderabad City Police goes through WhatsApp chats as a measure to prevent usage of drugs in the city. Raises privacy concerns. Reports Medianama.
  • Government agencies urge JPC to exempt them from the Data protection Bill. Reports The Hindu.
  • Central Depository Services Limited, India’s largest securities depository faces security vulnerability. Exposes sensitive data of 4.39 crore people. Reports CyberX9.
  • Government starts a project ‘Indian Citizens Assistance for Mobile Privacy & Security’ to identify privacy issues and prevent cyber frauds from mobile applications. Reports Economic Times.

China Updates

  • Chinese government orders 38 applications to stop collecting excessive data.
  • Yahoo pulls its operations in China due to increasing legal and business challenges due to the introduction of the Chinese privacy law. 
  • The People’s Bank of China urges fairer use and stronger regime of personal data protection. Reports Ecns.cn.

News around the Globe

  • The Danish Business Authority is increasing supervision of communications over apps and services, to ensure better protection of data.
  • Mozilla has begun experimenting in implementing Global Privacy Control to protect the rights of website users under California privacy laws.

Big Tech Updates

  • The Australian Competition & Consumer Commission urges choices in search engines rather than retaining Google as a default search engine.
  • Google will remove pictures of children and teens from search results upon raising request. Implements control policy to protect their digital footprints.
  • Alternative billing system to be added to Google Play-store in South Korea.

Read our digital newsletter here.