Issue 117 - Privacy Desk

Enforcement updates

The Hellenic Data Protection Authority (HDPA) fined Cosmote Mobile Telecommunications S.A. EUR 6,000,000 following an incident of personal data breach. The HDPA found Cosmote in violation of the principle of legality and transparency enshrined in the GDPR owing to incomplete information provided to its subscribers. Further, Cosmote improperly conducted the data protection impact assessment.

The Spanish Data Protection Authority held Vodafone España, S.A.U. in violation of the provisions of GDPR for failing to implement appropriate security measures to prevent fraudulent replication and use of SIM cards. Hence, the Spanish DPA fined Vodafone EUR 3,940,000.

CNIL, the French Data Protection Authority, ordered an unnamed website operator to comply with Chapter V of the GDPR upon finding that transfers made by the website operator from France to the US using Google Analytics were non-compliant with the GDPR. This order was passed in light of the Schrems II judgment.

Guidance updates

Japanese Ministry of Economy, Trade, and Industry released “Guidelines for the Practice of Artificial Intelligence Principles”.
CNIL launches public consultation on the GDPR awareness guide for trade unions. Comments can be submitted until 18^th March 2022.
Ministry of Internal Affairs and Communications of Japan published guide on cloud services using Artificial Intelligence.

Regulatory updates

Ukrainian Parliament passed bill on cloud services.
Algorithmic Accountability Act of 2022 introduced in the U.S. House of Representatives.
Chile passed bill on regulating “Processing and Protection of Personal Data and Creating the Personal Data Protection Authority”.

Statements issued

UK’s Information Commissioner’s Office issued a statement in response to the International Data Transfer Agreement and Addendum.
Danish DPA issued a statement on Belgian DPA’s decision against Interactive Advertising Bureau Europe for violation of GDPR.

UK updates

Department for Digital, Culture, Media & Sport (DCMS) announced the launch of International Data Transfer Expert Council.
DCMS launches consultation for amendment to Network and Information Systems Regulations 2018. Responses can be submitted until 20th March 2022.
Competition and Markets Authority accepted Google’s Privacy Sandbox Proposals to remove of third-party cookies from Chrome.

US updates

Bill for California Age-Appropriate Design Code Act introduced to the California General Assembly.
National Institute of Standards and Technology released report on “Ransomware Risk Management: A Cybersecurity Framework Profile”.
Attorney General of Texas filed lawsuit against Meta Platforms, Inc. for unlawful collection of biometric data.

China updates

Cyberspace Administration of China launched Internet Information Algorithm Filing Service.
Cyber Security Administration sought public opinions on “Measures for the Administration of Data Security in the Field of Industry and Information Technology (Trial)”.

EU updates

Permanent Representative of Armenia sought ratification of protocol amending the Convention on protection of individuals with regard to their personal data.
European Commission announced election of the chair of Governing Board of European Cybersecurity Competence Centre and Network.
CNIL published strategic plan for 2022-2024 on data protection and privacy.

India updates

IT Minister settles speculation on replacement of Data Protection Bill with new legislation. Reports Economic Times
Ministry of Information and Broadcasting prohibits sharing of secret documents by its officials over the internet. Reports The Hindu
Ministry of Electronics and Information Technology invites comments on draft Data Accessibility and Use Policy. Comments can be submitted until 18^th March 2022.

News around the globe

The Parliament of Georgia created a new Personal Data Protection Services agency.
Russia’s Federal Antimonopoly Service approved principles of fair behaviour in digital markets.
German payment service “Giropay” reportedly keeping data on past online purchases. Reports NOYB

Big tech updates

Meta released a statement addressing the need for international data transfer rules to protect transatlantic data flows.
Apple released advancements to ‘Air Tags’ including new privacy warnings during setup to increase safeguards against unwanted tracking.
Dutch Government released its Data Protection Impact Assessment assessing the data protection risks of the use of Microsoft Teams.

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.