Issue 113

Enforcement updates

The Italian Data Protection Authority (Garante) issued a fine of EUR 26,513,977 on Enel Energia S.p.a for multiple violations of the provisions of GDPR. The Garante reported that Enel lacked in providing adequate measures for facilitating data subject’s requests. Additionally, there were multiple issues deriving from the processing of personal data for the purpose of energy supply services including processing activities carried out through Enel’s website and app.

The Portuguese Data Protection Authority (CNPD) issued a fine on Municipality of Lisbon for EUR 1.25 million for violating multiple provisions of GDPR. The fine was imposed as the Municipality was collecting the personal data of protestors, including sensitive personal data, and sharing such data internally and externally with third parties. CNPD found the Municipality had processed the data without any legal basis, without informing the data subject and without carrying out a Data Protection Impact Assessment. 

The District of Columbia has sued Google on allegations for using deceptive methods to track location data of its Android consumers. The complaint alleges that Google’s settings were unclear whether user’s were sharing their location and that the users were pressured into sharing more information with Google due to repeated nudging and unclear descriptions. The law suit accuses Google of violating DC’s Consumer Protection Procedures Act. Attorney Generals from Washington, Texas and Indiana also filed similar suits in their own jurisdictions.

Guidance updates 

  • Norwegian Data Protection Authority published a notice on the consultation on the Norwegian Police Security Service and processing of openly available personal information.
  • Interactive Advertising Bureau of Canada announced intent to release Global Privacy Project framework for public comments in the first quarter of 2022. 
  • German Data Protection Conference published a summary on the key findings of an expert opinion on the United States surveillance laws. 

Regulatory updates

  • New York’s Senate bill for New York Privacy Act was reintroduced in the New York State Senate after failing to progress in 2021. 
  • Kenya’s Data Protection Authority announced that three data protection regulations are published and awaiting National Assembly’s approval. 
  • An act relating to consumer data privacy was tabled in the Florida House of Representatives.

US updates

  • U.S President signed a national security memorandum to improve the cybersecurity of national security, U.S Department of Defense and intelligence community systems. 
  • House Resolution Bill for Banning Surveillance Advertising Act of 2022 was introduced in the House of Representatives. 
  • Senate Bill for a Consumer Data Privacy Act was introduced in the Kentucky State Senate.

EU updates

  • European Data Protection Board adopts guidelines on Right of Access.
  • European Commission and the Network of National Consumer Protection Authorities announced that they had sent a letter to Whatsapp to clarify the implemented consumer protection and privacy measures.
  • The European Union Agency for Cybersecurity issues an analysis of the interoperability of cybersecurity risk management framework and methodologies to improve decision making.

News around the globe

  • Guernsey’s Data Protection Authority announced that they removed Google Analytics capabilities from its website following the Austrian Data Protection Authority’s decision. 
  • Japanese music corporation, Ishibashi Musical Instrument Store Co. issued a notice disclosing a data breach which may have potentially affected the personal information of close to 99 thousand customers.
  • Bank of Thailand announced their intent to implement guidelines for regulation of digital assets as legal tender.

 India updates

  • Labs, clinics and hospitals are sharing customer’s medical data without their consent with third parties. Reports Livemint
  • US delegate expressed his opinion on the limiting factors in cross border data flow under the proposed data protection bill during the annual meeting of the India-US Working Group on ICT. Reports The Indian Express

Big tech updates

  • Apple and Google highlight their opposition against an antitrust legislation for curbing the power of big tech companies by stating that such law would threaten privacy and security of users. Reports Techxplore
  • Google releases new differential privacy tools to allow practitioners to visualize and better tune the parameters used to produce differentially private information Reports Venturebeat
  • Google announces its intent to implement a new framework for EU-US data transfer.

Read our digital newsletter here.

© 2019 Reina Consulting LLP – All rights reserved