Issue 125

Enforcement updates

The Dutch Data Protection Authority (the DPA) has imposed a fine on the Tax and Customs Administration for illegal processing of 270,000 people’s personal data in the Fraud Signalling Facility, without legal basis and storing of incorrect personal data. The Administration was thus fined EUR 3.7 million by the DPA.

The Gibraltar Regulatory Authority has issued a fine of GBP 10,000 to the Royal Gibraltar Police for breach of unlawful disclosure of personal data. The investigation also revealed lack of appropriate security measures and retention periods.

Piraeus Bank was fined for failing to correct the personal data of their customers among various other violations under GDPR such as confidentiality and obligation to notify the Authority and the data subject. The Bank was thus fined EUR 10,000 by the Authority. The Authority also issued a warning to the Bank in relation to the inadequate technical and organizational security measures.

Guidance updates

  • The Brazilian DPA announces inspection on the ordinance issued by the Federal Service for Data Processing to provide third parties with access to personal data.
  • The Dubai International Financial Centre released consultation paper on Ethical Data Management Index research and methodology, Standard Contractual Clauses, and the updated Data Export & Sharing Handbook.
  • The National Privacy Commission announced the launch of a new Data Breach Notification Management System.

Reports published

  • Hong Kong’s Privacy Commissioner for Personal Data has released a report on the comparison of privacy settings of social media.
  • The European Data Protection Supervisor released report on compliances with the data protection framework.
  • South Korea’s Personal Information Protection Commission published a Dispute Mediation Report on the types of cases resolved in 2021.

Regulatory updates

  • Russia’s bill for Amendments to the Code of the Russian Federation on Administrative Offences clarifying responsibility for offenses in the field of communications and information is in its first reading.
  • New Jersey’s Act for prohibiting use of tracking device in vehicle operated by employee, has entered into effect.
  • Japan’s Ministry of Economy, Trade, and Industry has released a data management framework for collaborative data utilisation and trust.

EU updates

  • New Data Governance Act has been approved by the Parliament to boost data sharing through trust.
  • European Data Protection Board expressed concerns over legislative development which may impact the Belgian DPA.
  • The Baden-Wurttemberg Data Protection Authority plans to review data deletion post the pandemic to prevent misuse or abuse of sensitive data.

US updates

  • The US Department of Commerce has announced the establishment of a Global Cross Border Privacy Rules Forum to promote interoperability and bridge different regulatory approaches to data protection and privacy.
  • The California Privacy Protection Agency has announced sessions for stakeholders to contribute to the upcoming rulemaking on California Privacy Rights Act of 2020.

India updates

  • Corporate Affairs Ministry decides that companies need not make available certain personal information of shareholders to those who inspect the register of members. Reports Business Line
  • Business Leaders believe the Indian IT services and technology industry can contribute upto USD 1 trillion by 2024-25, provided accelerators such as data and privacy laws are put in place. Reports Economic Times

News around the globe

  • Nigeria Data Protection Bureau urges the National Identity Management Commission to adequately safeguard Nigerian data. Reports Punch
  • The Saudi National Cyber Security Authority has signed a memorandum of understanding with the General Secretariat of the Cooperation Council for the Arab States of the Gulf to strengthen cooperation on cybersecurity.
  • Nigeria’s National Information Technology Development Agency has partnered with MasterCard to train on cyber security and data protection.

Big tech updates

  • Google has launched the Data Safety Section to provide users more information on how apps collect, share and secure users’ data.
  • Developers cite data privacy as the biggest challenge in a Metaverse. Reports Express Computers

Read our digital newsletter here.