Issue 115

Enforcement updates

UK’s Information Commissioner’s Office (ICO) has issued an enforcement notice for the Ministry’ contravening Article 15 of the EU and UK GDPR on rights of data subjects. The Ministry failed to process a large number of subject access requests. The ICO advised the Ministry to develop a plan to remedy the issue of the access requests and comply with the law, failing which the Ministry would be fined up to GBP 17,5000.

The District Court of California allowed several consumers to legally proceed against Facebook for maintaining monopoly by deceiving its consumers on the extent of Fakebook’s data collection and sale. Consumers further alleged that Facebook misled its users on its data monetization practices by claiming to protect user privacy but tracking its users and selling their information to third parties without permission.

In an opinion for the European Court of Justice, the Advocate General opined on the Passenger Name Record Directive of 2016, which requires the collection of passenger data to prevent serious crimes. The Advocate General answered a question raised during an action of a non-profit association seeking an annulment on processing of passenger data. The Advocate General concluded that sufficient safeguards were in place for processing data as per the PNR Directive. Further, authorities were permitted to retain PNR data for a period of five years.

Guidance updates 

  • Hong Kong Privacy Commissioner publishes guidance note on protection personal data during work from home.
  • German Data Protection Conference publishes findings on the state of US surveillance law.
  • French DPA issues guidance on the re-use of data entrusted by a data controller. 
  • Payment Card Industry Security Standards Council revises standards on payment card production.

Regulatory updates

  • Brazil enacts amendment for protection of personal data as a fundamental right.
  • Bangladesh Telecommunication Regulatory Commission issues draft regulation social media and OTT platforms.
  • New bill on consumer privacy introduced in Wisconsin State Assembly.

US updates

  • Senator introduces bill on terms and service agreements to ensure transparency in processing personal data. 
  • National Institute of Standards and Technology releases draft report on ‘Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight’.
  • Federal Trade Commission publishes resources for compliance with Health Breach Notification Rule.

EU updates

  • European Data Protection Supervisor (EDPS) orders Europol to delete data of persons that have no established link to criminal activity. 
  • EDPS decides against European Parliament for inaccurate cookie banner and data protection notice on website.
  • Permanent Representative of Armenia ratifies ‘Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data’. 
  • European Parliament votes to ban targeted advertisements based on sensitive data. Reports Politico

 UK updates

  • Cabinet publishes ‘Government Cyber Security Strategy: 2022-2030’.
  • ICO publishes response to the International Data Transfer Agreement laid by Department of Culture, Media, and Sports.
  • ICO begins consultation on draft guidance on anonymization, pseudonymization, and privacy enhancing technologies. Consultations close on 16th September 2022.

 China updates

  • Ministry of Industry and Information Technology calls for public comments on ‘Measures for the Administration of Data Security in the Field of Industry and Information Technology’. Comments can be submitted until 21st February 2022.
  • Phase one of US-China trade deal fails to achieve objectives. Reports PIIE

 Reports issued

  • Office of the Australian Information Commissioner (OAIC) issues report on sensitive consumer information handled by telecom providers.
  • Australia releases report on data rights of consumers.

 Statements issued

  • Monaco issues statement on upcoming data protection bill.
  • OAIC issues statement on proposal to review Privacy Act, 1988.

News around the globe

  • Red Cross faces sophisticated cyber security attack compromising personal data of highly vulnerable individuals.
  • Florida hospital faces data breach affecting over 1,000,000 individuals.
  • FBI increases spending on facial recognition technology. Reports Cyberscoop

 Big tech updates

  • DPAs of Norway, Denmark, and Guernsey acknowledge Austrian decision on Google Analytics. Reports Global Data Review
  • European Consumer Organization criticizes WhatsApp over updated privacy policy. Reports Nasdaq

Read our digital newsletter here.

© 2019 Reina Consulting LLP – All rights reserved