Issue 120

Enforcement updates

The Italian Data Protection Authority (Garante) imposed a fine of USD 20 million on US-based firm Clearview AI for its facial recognition software. Following an investigation triggered by reports and complaints, Garante noted that Clearview AI had breached privacy laws and also tracking Italian citizens and people located in Italy. In addition to the fine, the Garante ordered Clearview AI to delete data relating to people who are in Italy and prohibited further collection and processing through its facial recognition system.

The Information Commissioner’s Office (ICO) fined London based law firm Tuckers Solicitors EUR 98,000 for failing to put in place appropriate security measures to process sensitive personal information. Following a ransomware attack on Tuckers Solicitors in 2020, Tuckers submitted a data breach notification informing the ICO that the incident involved more than 97,000 documents which were encrypted, out of which 60 were court bundles which contained sensitive personal data that were published on an underground market site. In light of the above, ICO conducted an investigation and found multiple inadequacies in implementing appropriate organizational and technical security measures and imposed the fine accordingly.

The Irish Council for Civil Liberties (ICCL) announced that it is taking legal action against the Data Protection Commission (DPC) for allegedly failing to properly investigate Google LLC. ICCL explained the DPC’s alleged inaction where it did not investigate and act on several complaints which they received regarding a breach incident at Google.

Guidance updates

  • The Federal Commissioner for Data Protection and Freedom of Information published FAQs on data protection breach of telematics infrastructure.
  • Spanish Data Protection Watchdog published guidance on smart contracts in blockchain and personal data.
  • Irish Data Protection Commissioner published a report on handling cross-border complaints under GDPR.

Regulatory updates

  • Australian Parliament announced second reading of Transport Security Amendment (Critical Infrastructure) Bill 2022.
  • Saudi’s Data and AI Authority issued draft executive regulations for the Data Protection Law for public comments.

US updates

  • Utah’s senate passed the bill for Utah Consumer Privacy Act.
  • U.S. Senate passed the Strengthening American Cybersecurity Act.
  • Florida House of Representatives passed a bill regarding consumer data privacy.

EU updates

  • Interactive Advertising Bureau Europe (IAB Europe) published its comments on Digital Services Act.
  • European Data Protection Board published guidelines on Article 60 of GDPR, dark patterns in social media platforms, toolbox on essential data protection safeguards for cross-border enforcement cooperation.
  • IAB Europe published an updated guide to the Post Third Party Cookie Era.

News around the globe

  • Oregon’s Attorney General alerts consumers to take appropriate steps to protect their personal information who were affected by the T-mobile data breach incident.
  • Anonymous hackers claim responsibility for hacking more than 300 Russian government, state media and bank websites. Reports HStoday
  • American weight management companies agree to pay a settlement of USD 1.5 million to resolve allegations surrounds illegal processing of children’s sensitive data. Reports infosecurity-magazine

 Big tech updates

  • Facebook faces allegations of breach of privacy rights by indefinitely storing users’ personal messages. Reports Irish Times
  • Competition authorities of European Commission and UK launched parallel investigations on an advertising agreement between Meta and Google. Reports The Hill

Read our digital newsletter here.