Issue 119

Enforcement updates

The Bremen data protection authority (LfDI) has sanctioned a fine of EUR 1.9 million on BREBAU GmbH, a housing association in Bremen for processing the data of tenants without a legal basis. The authority held that processing data was not necessary for the conclusion of rental agreements. Further, they avoided transparency requests from data subjects about the processing of their data and have thus violated the provisions of GDPR.

Poland’s data protection authority has issued a fine of PLN 4.9 million and PLN 250 thousand on energy company Fortum Marketing and Sales Polska S.A. and their processors respectively, on account of a data breach. The breach was a result of failing to implement appropriate technical and organisational measures to ensure personal data security and failing to verify the processor as required under GDPR.

The Federal Trade Commission (FTC) has issued a fine of USD 1.5 million against WW International, Inc., formerly known as Weight Watchers, and a subsidiary called Kurbo, Inc., for using a weight loss app for collecting the personal data of young children without parental permission. FTC issued a fine on the company along with an order which requires them to delete the data and destroy any algorithms derived from it.

Data Protection and Privacy Podcast- New

  • The ABC of Data Privacy. Listen here
  • Privacy Policy v/s Privacy Notice: Everything You Must Know. Listen here

Guidance updates

  • The National Security Agency published ‘the Network Infrastructure Security Guidance’ focusing on the design and configurations that protect against common vulnerabilities and weaknesses on existing networks.
  • The European Data Protection Board published their final version of Guidelines on Codes of Conduct as tools for transfers.
  • The Baden-Württemberg data protection authority published new set of frequently asked questions on cookies and tracking by website operators and manufacturers of smartphone apps.

UK updates

  • UK’s government launched a public consultation on draft regulations outlining measures to be taken by telecoms providers to comply with their legal duties, and a draft code of practice on how providers can comply with the regulations.
  • The Department for Digital, Culture, Media & Sport has launched a consultation to review the regulatory framework of paid-for online advertising. Consultation open till 1 June 2022.

Regulatory updates

  • The Office of the Australian Information Commissioner published their submission to the Australian Government’s Exposure Draft concerning the Social Media (Anti-Trolling) Bill 2021.
  • The Swedish Government proposed a new law to replace the current Electronic Communications Act, by incorporating the amendments and additions brought about by the Directive.
  • The Deputy Prime Minister of Vietnam has approved the development of Decree on the Protection of Personal Data.

 China updates

  • The Cyberspace Administration of China launched the Internet Information Algorithm Filing Service fulling the requirement of the Internet Information Service Algorithm Recommendation Management Regulations.
  • The Ministry of Industry and Information Technology released the Guidelines for the Construction of the Internet of Vehicles Network Security and Data Security Standard System.

 US updates

  • The 2022 State of the Union address noted the importance of strengthened privacy protections and the protection needed in collecting personal data of children.
  • US Department of Homeland Security and the Israel National Cyber Directorate display a joint commitment to increase cybersecurity and resilience capacity to combat shared cyber threats.

EU updates

  • Switzerland’s Federal Office of Justice pushes entry of the Revised Federal Act on Data Protection 1992 to 1 September 2023.
  • The Committee on Civil Liberties, Justice and Home Affairs to organise a public hearing on the ‘General Data Protection Regulation implementation, enforcement and lessons learned’, on 17 March 2022.
  • Spain data watchdog has approved a code of conduct to regulate how the promoters of clinical studies with medicines and the CROs that decide to adhere to it must apply the data protection regulations.

India updates

  • The Information Technology Industry Council wrote a letter to the Government of India in relation to concerns over the Personal Data Protection Bill, 2019.
  • Minister of State for IT shows support in the developing data protection regime in India. Reports Business Standard

News around the globe

  • Liechtenstein data watchdog has issued a public statement against Google Analytics, orders websites to use alternatives.
  • NOYB, a non-profit organisation, has sent 270 draft complaints to website operators whose banners don’t comply with the GPDR. The websites have a 60 days grace period, till formal complaints are filed.
  • Singapore’s Ministry of Communications and Information has increased the maximum financial penalties under the Personal Data Protection Act 2012, to be effective from 1 October 2022.

 Big tech updates

  • HBO accused of sharing personal data of subscribers with Facebook in a class action lawsuit.
  • Samsung’s internal company data including source code for the operation of Galaxy smartphones exposed in data breach. Reports Bloomberg
  • NVIDIA hit with cyber-attack, leaking employee passwords and proprietary information online.

Read our digital newsletter here.

© 2019 Reina Consulting LLP – All rights reserved