Issue 106

Enforcement updates

U.S. Office for Civil Rights announces enforcement actions against healthcare providers

The Office for Civil Rights under the U.S. Department of Health and Human Services has announced enforcement actions against healthcare providers and a doctor for violating the Health Insurance Portability and Accountability Act’s right of access standard. Twenty-five enforcement actions have been taken in total under the Department’s Right of Access Initiative which was created to enable individuals’ access to their health records at a reasonable cost and in a timely manner which acts as a powerful tool to exercise right to patients privacy.

Information Commissioner’s Office provisionally intends to fine Clearview AI

The Information Commissioner’s Office (ICO) issued a provisional notice to Clearview AI Inc. to cease processing personal data and announced its provisional intention to fine the company over GBP 17 million for allegedly breaching UK’s data protection regulations. ICO conducted a joint investigation with the Office of the Australian Information Commissioner on Clearview AI’s use of biometrics for facial recognition, images, and scraped data from the internet. Clearview AI was subsequently found in breach of Australian privacy laws. ICO has thus ordered Clearview AI to delete personal data collected by the company.

Surveillance company fined for collecting data without knowledge of device users

The Commissioner of Personal Data in Cyprus imposed an administrative fine of EUR 925,000 from WS WiSprear Systems Ltd., a company providing WiFi surveillance solutions for gathering data from mobile devices without user knowledge and thereby violating the principles of legality, objectivity, and transparency established in the General Data Protection Regulation. The company was collecting MAC addresses and IMSI data of devices, without the consent of the users of such devices. Such data can be used to identify the user, and thus has constituted a violation. 

Guidance updates

  • Anti-trust lawsuit reveals how Google’s AMP and Privacy Sandbox creates anti-competitive effects.
  • UK publishes policy paper on data access, usage, and rights in line with National Data Strategy titled ‘National Data Strategy Mission 1 Policy Framework: Unlocking the value of data across the economy’.
  • Australian Information Commissioner releases its first Consumer Data Right Assessment.
  • U.S. National Institute of Standards and Technology updates cybersecurity guidance on Internet of Things.

Regulatory updates around the globe 

  • Shanghai Municipal People’s Government adopts the Shanghai Data Regulations. Law to be effective from January 1, 2022.
  • Germany’s Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia comes into force from December 1, 2021.
  • U.S. House of Representatives passes Understanding Cybersecurity of Mobile Networks Act to report mobile services providers’ implementation of best practices for cybersecurity.

China updates

  • China Academy of Information and Communication Technology issues whitepaper on personal information protection and governance for mobile apps.
  • Cyberspace Administration of China released its Network Data Security Management Regulation. Open for public comments up to 13 December 2021.
  • Ministry of Industry and Information Technology issued a notice containing a plan to strengthen network and data security assurance systems.
  • New South Wales introduces bill restricting police access to COVID-19 related data to protect citizen privacy.

US updates

  • US and Israel create a bilateral task force to tackle cyber threats and encourage fintech innovation.
  • Congressmen call for consumer privacy legislation amid reports on lobbying by Amazon. Reports Reuters.
  • Federal Bank Regulators announce rule on notification of cyber incidents affecting the banking system and customers.

EU updates

  • European Commission signals intervention with big tech’s weak enforcement of data protection rules. Reports Tech Crunch.
  • European Commission official signals changes in privacy rules. Reports Politico.
  • Pfizer Inc. accuses employee of stealing confidential documents. Reports Bloomberg Law.
  • EU Council agrees to proposal for Digital Services Act.

India updates

  • The JPC’s Report on the Personal Data Protection bill has been tabled in the Parliament. Read the Report here. 
  • Mukesh Ambani, Reliance Chairman and MD speaks in support of the Indian data protection bill. Reports TheWeek.
  • Kris Gopalakrishnan explains how data protection laws will promote research. Reports Business Standard.

News around the globe

  • Shareholder files derivative suit against T-Mobile for data breach. Reports Law360.
  • OpenMedia calls for reform in Canadian privacy law.
  • Safety Detectives discovers data leak affecting European eCommerce customers.

Big tech updates

  • Apple sues NSO Group for surveilling its users using Pegasus Spyware.
  • Twitter extends private information policy to include images and videos posted without consent.
  • Google introduces privacy and security settings in beta version of Chrome 97.

Read our digital newsletter here.