Issue 113 - Privacy Desk

Enforcement updates

The Italian Data Protection Authority (Garante) issued a fine of EUR 26,513,977 on Enel Energia S.p.a for multiple violations of the provisions of GDPR. The Garante reported that Enel lacked in providing adequate measures for facilitating data subject’s requests. Additionally, there were multiple issues deriving from the processing of personal data for the purpose of energy supply services including processing activities carried out through Enel’s website and app.

The Portuguese Data Protection Authority (CNPD) issued a fine on Municipality of Lisbon for EUR 1.25 million for violating multiple provisions of GDPR. The fine was imposed as the Municipality was collecting the personal data of protestors, including sensitive personal data, and sharing such data internally and externally with third parties. CNPD found the Municipality had processed the data without any legal basis, without informing the data subject and without carrying out a Data Protection Impact Assessment.

The District of Columbia has sued Google on allegations for using deceptive methods to track location data of its Android consumers. The complaint alleges that Google’s settings were unclear whether user’s were sharing their location and that the users were pressured into sharing more information with Google due to repeated nudging and unclear descriptions. The law suit accuses Google of violating DC’s Consumer Protection Procedures Act. Attorney Generals from Washington, Texas and Indiana also filed similar suits in their own jurisdictions.

Guidance updates

Norwegian Data Protection Authority published a notice on the consultation on the Norwegian Police Security Service and processing of openly available personal information.
Interactive Advertising Bureau of Canada announced intent to release Global Privacy Project framework for public comments in the first quarter of 2022.
German Data Protection Conference published a summary on the key findings of an expert opinion on the United States surveillance laws.

Regulatory updates

New York’s Senate bill for New York Privacy Act was reintroduced in the New York State Senate after failing to progress in 2021.
Kenya’s Data Protection Authority announced that three data protection regulations are published and awaiting National Assembly’s approval.
An act relating to consumer data privacy was tabled in the Florida House of Representatives.

US updates

U.S President signed a national security memorandum to improve the cybersecurity of national security, U.S Department of Defense and intelligence community systems.
House Resolution Bill for Banning Surveillance Advertising Act of 2022 was introduced in the House of Representatives.
Senate Bill for a Consumer Data Privacy Act was introduced in the Kentucky State Senate.

EU updates

European Data Protection Board adopts guidelines on Right of Access.
European Commission and the Network of National Consumer Protection Authorities announced that they had sent a letter to Whatsapp to clarify the implemented consumer protection and privacy measures.
The European Union Agency for Cybersecurity issues an analysis of the interoperability of cybersecurity risk management framework and methodologies to improve decision making.

News around the globe

Guernsey’s Data Protection Authority announced that they removed Google Analytics capabilities from its website following the Austrian Data Protection Authority’s decision.
Japanese music corporation, Ishibashi Musical Instrument Store Co. issued a notice disclosing a data breach which may have potentially affected the personal information of close to 99 thousand customers.
Bank of Thailand announced their intent to implement guidelines for regulation of digital assets as legal tender.

India updates

Labs, clinics and hospitals are sharing customer’s medical data without their consent with third parties. Reports Livemint
US delegate expressed his opinion on the limiting factors in cross border data flow under the proposed data protection bill during the annual meeting of the India-US Working Group on ICT. Reports The Indian Express

Big tech updates

Apple and Google highlight their opposition against an antitrust legislation for curbing the power of big tech companies by stating that such law would threaten privacy and security of users. Reports Techxplore
Google releases new differential privacy tools to allow practitioners to visualize and better tune the parameters used to produce differentially private information Reports Venturebeat
Google announces its intent to implement a new framework for EU-US data transfer.

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.