Issue 109

Enforcement updates

French data protection watchdog fines Slimpay due to a data breach

The French Data Protection Authority (CNIL) imposed a fine of EUR 130,000 on Slimpay, a payment institution, for failing to implement appropriate security measures to protect its personal data which resulted in a data breach. CNIL found that Slimpay was conducting an internal research due to which they stored personal data on a server with inadequate security measures and this data was freely available on the internet. The incident affected around 12 million people and the fine was imposed accordingly.

Russian court imposed a fine on Google for repeatedly neglecting to delete illegal content

The Tagansky District Court of Moscow fined Google EUR 73 million over its failure to delete content banned by local Russian law. The court opined that Google repeatedly neglected to delete content that is deemed to be illegal as per Russian laws, which are aiming to exert tighter control over the internet. The court also imposed a fine of EUR 23 million on Facebook for the same reasons.

FTC announced a USD 2 million settlement with OpenX over alleged COPPA violations

Federal Trade Commission (FTC) announced a settlement amount of USD 2 million for alleged violations of Children Online Privacy Protection Act by an ad exchange company, OpenX Technologies. The complaint was filed by Department of justice on behalf of FTC alleging that OpenX knowingly collected information of children without parental consent. Additionally, FTC also alleged that OpenX violated FTC act by collecting geolocation data from its users who had opted out of it. In addition to the fine, OpenX is also ordered to delete ad request data for targeted ads and implement a comprehensive privacy policy.  

Guidance updates 

  • Data Protection Commission of Ireland published regulatory strategy for the next five years.
  • UK’s ICO published a response to the government’s consultation paper titled “Data: a new direction”.
  • Netherland’s Ombudsman released a report on how Dutch Data Protection Authority handles privacy complaints. 

Regulatory updates around the globe 

Ukraine government adopts regulations on organizational and technical model of cybersecurity. 
Lithuania adopts Standard Contractual Clauses for data processing agreements as per GDPR.
Georgia’s Parliament adopts bill to restructure its State Inspector Service to establish a Data Protection Agency.

US updates 

  • California Privacy Protection Agency published public comments they received for their preliminary rulemaking activities for California privacy Rights Act.
  • Federal Bank regulators finalized the regulation for cybersecurity incident notification requirement for banking organizations and their service providers.
  • US Seventh Circuit Court seeks clarification from Illinois Supreme Court on filing cases for violation of privacy rights under Biometric Information Privacy Act of 2008.

EU updates 

  • European commission announces alliance to strengthen the position of EU industries in cloud and edge technologies and meet needs of EU businesses dealing with sensitive categories data. 
  • European Parliament adopts amendments of the Digital Markets Act to ensure transparency in important digital services.
  • European Parliament Research Service published a study on privacy rights and ethics in biometrics through AI, along with recommendations for draft Artificial Intelligence Regulations.

 India updates

  • Karnataka will release a consent management platform for sharing personal data with public and private companies. Reports The Hindu. 
  • The Joint Parliament Committee re-introduced the penalty provisions as stated in the earlier drafts. Reports The Times of India.
  • NASSCOM suggests scope of non-personal data needs further analysis under the Data Protection Act of 2021. Reports News 18.

News around the globe

  • US Patent Office issues patent to OneTrust for privacy management systems and methods.
  • Germany’s Federal Minister of Justice suggests abolishing data retention for surveillance purposes in an interview.
  • Russian hackers threaten to leak UK police data on the dark web for refusal to pay ransom. Reports CPO.

Read the digital newsletter here.