Issue 124 - Privacy Desk

Enforcement updates

CNIL, the French Data Protection Authority, sanctioned a fine of EUR 1,500,000 on Dedalus Biologie for a massive data leak involving the dissemination of the names, social security numbers, and medical information of 500,000 people. Dedalus is a company that markets software solutions for medical analysis laboratories.

The U.S. Ninth Circuit of Appeals affirmed its earlier preliminary injunction where it held that LinkedIn could not prevent HiQ, a data analytics company, from collecting and using information shared by LinkedIn users on their public profiles. HiQ uses automated bots to scrape information from LinkedIn profiles and sell it to business clients. HiQ argued that letting established entities that accumulate large user data sets determine who may scrape data from public sites would give such entities excessive control over how that data may be used.

The Dutch DPA issued a fine of EUR 565,000 to the Dutch Ministry of Foreign Affairs for serious infringement of GDPR in the process of issuing visas. The digital system used by the Ministry was held inadequately secure and prone to the risk of unauthorized access. Further, the Ministry failed to provide visa applicants with sufficient information on sharing of personal data with third parties.

Guidance updates

UK Data Protection Authority (ICO) issued guidance for organizations’ use of personal information amid relaxations of COVID-19 measures.
Japan’s Ministry of Economy, Trade, and Industry released guides for the practice of the Digital Governance Code and introduction to artificial for small and medium-sized enterprises.
Australian Department of Treasury completed its consultation on “Consumer Data Right Sectoral Assessment for the Open Finance sector – Non-Bank Lending.”

Regulatory updates

Amendments to Japan’s Act on the Protection of Personal Information came into effect on 1 April 2022.
Australian Parliament confirmed that the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 commenced on 1 April 2022.
Italy’s Regulation on the Establishment and Functioning of the Public Register of Subscribers who Oppose the Use of their Personal Data and their Telephone Number for Sales or Commercial Promotions has entered into force on 13 April 2022.

UK updates

ICO launched a consultation to review the data obtained through its breach reporting form on its website. Responses may be submitted by 30 April 2022.
High court of UK ruled that sharing bulk personal data by UK’s intelligence agencies with foreign intelligence agencies is legal.

EU updates

German Data Protection Commissioner criticized the country’s delayed implementation of the EU data protection directive. Reports Euractive
Ukrainian Parliamentary Commissioner for Human Rights warns against malware that may harm Ukrainian information infrastructure and collect personal data.
Hamburg’s Commissioner for Data Protection and Freedom of Information welcomed Google’s “reject all” option on cookie banners. Reports Competition Policy International

US updates

Changes in the Supreme Court are likely to impact surveillance. Reports Brennan Center for Justice
Warrant for Metadata Act was proposed in the House of Representatives.
Secretary of the Department of Commerce issued a statement on the establishment of the Global Cross Border Privacy Rules Forum.

China updates

Chinese National Science and Technology Ethics Committee to release a list of high-risk scientific and technological activities in science and technology ethics.
Beijing Municipal Communications Administration issued a circular on removal of 16 apps that infringe the rights of users.

India updates

Chief Justice of India said future litigation likely to be on issues regarding data protection, AI, and cryptocurrencies. Reports Hindustan Times
Comptroller and Auditor General addressed privacy concerns in a report on the Functioning of Unique Identification Authority of India.

News around the globe

American rehabilitation facilities provider notified data privacy incident. Reports PR Newswire
Medical billing company, Advanced Medical Practice Management announced data breach.
Bank of Ireland may face civil cases after investigation finds alteration of credit history of customers. Reports Irish Examiner

Big tech updates

Study finds Apple’s App Tracking Transparency measure made tracking by apps more difficult.
Clearview AI plans to use facial recognition technology to validate bank transactions. Reports The Associated Press

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.