Issue 112

Enforcement updates

The Federal Trade Commission (FTC) fined ITMedia Solutions LLC for USD 1,500,000 in civil penalties for enticing consumers into sharing their sensitive information, including banking details and social security numbers. The company, thereafter, sold the collected information to marketing organizations, thereby misusing the data and violating data privacy laws.

The Data Protection Commission of Ireland announced its decision to fine the Teaching Council for EUR 60,000 following a data breach faced by the Teaching Council. The DPC found that the Teaching Council violated the provisions of the GDPR on appropriate security of personal data and notification of personal data breach.

The Austrian Data Protection Authority (DSB) held that the use of Google Analytics by an EU-based website operator to transfer personal data to the U.S. violates the GDPR. The DSB held that an adequate level of protection could not be ensured during the transfer of data and the transfer violated the general principles of transfer provided under Article 44 of the GDPR.

Guidance updates

Latvian Data State Inspectorate publishes steps for service providers to tackle deficiencies in the provision of consent for receiving marketing communication.
Italy publishes decree on “Organization and Functioning Regulations of the National Cybersecurity Agency” in the Official Gazette.
Israel’s Privacy Protection Authority publishes draft statement interpreting the regulations on transfer of information.

Regulatory updates

Jordan’s Council of Ministers approves draft law on personal data protection.
House Bill for the Oklahoma Computer Data Privacy Act, 2022 reintroduced in the State House of Representatives.
Senate Bill for the Washington Privacy Act reintroduced in the House of Representatives.
California’s Genetic Information Privacy Act enters into force from 1^st January 2022.

US updates

Petition by citizen groups for limiting data collection by Facebook garners support from Senator. Reports Nextgov.
Congresswomen write to organizations in the Children’s Online Privacy Protection Act Safe Harbor programs.
National Cybersecurity Center of Excellence prepares draft on “Methodology for Characterizing Network Behavior of Internet of Things Devices” for public comments.

China updates

Cyberspace Administration of China issues draft regulations on “Management of Mobile Internet Application Information Services”.
China’s Banking and Insurance Regulatory Commission issues measures for supervising risks in IT outsourcing.
China Academy for Information and Communication Technology launches the data security capability maturity certification work.

News around the globe

Apple AirTags suspected of being used to track people. Reports New York Times.
Online appointment booking software FlexBook discloses privacy incident compromising names, email addresses, and phone numbers of customers.
E-commerce site PulseTV discloses data security breach impacting financial information of about 201,000 persons.

India updates

Reliance Jio issues warning to customers on cyber fraud involving e-KYC. Reports Economic Times.

Read or digital newsletter here.