Issue 125 - Privacy Desk

Enforcement updates

The Dutch Data Protection Authority (the DPA) has imposed a fine on the Tax and Customs Administration for illegal processing of 270,000 people’s personal data in the Fraud Signalling Facility, without legal basis and storing of incorrect personal data. The Administration was thus fined EUR 3.7 million by the DPA.

The Gibraltar Regulatory Authority has issued a fine of GBP 10,000 to the Royal Gibraltar Police for breach of unlawful disclosure of personal data. The investigation also revealed lack of appropriate security measures and retention periods.

Piraeus Bank was fined for failing to correct the personal data of their customers among various other violations under GDPR such as confidentiality and obligation to notify the Authority and the data subject. The Bank was thus fined EUR 10,000 by the Authority. The Authority also issued a warning to the Bank in relation to the inadequate technical and organizational security measures.

Guidance updates

The Brazilian DPA announces inspection on the ordinance issued by the Federal Service for Data Processing to provide third parties with access to personal data.
The Dubai International Financial Centre released consultation paper on Ethical Data Management Index research and methodology, Standard Contractual Clauses, and the updated Data Export & Sharing Handbook.
The National Privacy Commission announced the launch of a new Data Breach Notification Management System.

Reports published

Hong Kong’s Privacy Commissioner for Personal Data has released a report on the comparison of privacy settings of social media.
The European Data Protection Supervisor released report on compliances with the data protection framework.
South Korea’s Personal Information Protection Commission published a Dispute Mediation Report on the types of cases resolved in 2021.

Regulatory updates

Russia’s bill for Amendments to the Code of the Russian Federation on Administrative Offences clarifying responsibility for offenses in the field of communications and information is in its first reading.
New Jersey’s Act for prohibiting use of tracking device in vehicle operated by employee, has entered into effect.
Japan’s Ministry of Economy, Trade, and Industry has released a data management framework for collaborative data utilisation and trust.

EU updates

New Data Governance Act has been approved by the Parliament to boost data sharing through trust.
European Data Protection Board expressed concerns over legislative development which may impact the Belgian DPA.
The Baden-Wurttemberg Data Protection Authority plans to review data deletion post the pandemic to prevent misuse or abuse of sensitive data.

US updates

The US Department of Commerce has announced the establishment of a Global Cross Border Privacy Rules Forum to promote interoperability and bridge different regulatory approaches to data protection and privacy.
The California Privacy Protection Agency has announced sessions for stakeholders to contribute to the upcoming rulemaking on California Privacy Rights Act of 2020.

India updates

Corporate Affairs Ministry decides that companies need not make available certain personal information of shareholders to those who inspect the register of members. Reports Business Line
Business Leaders believe the Indian IT services and technology industry can contribute upto USD 1 trillion by 2024-25, provided accelerators such as data and privacy laws are put in place. Reports Economic Times

News around the globe

Nigeria Data Protection Bureau urges the National Identity Management Commission to adequately safeguard Nigerian data. Reports Punch
The Saudi National Cyber Security Authority has signed a memorandum of understanding with the General Secretariat of the Cooperation Council for the Arab States of the Gulf to strengthen cooperation on cybersecurity.
Nigeria’s National Information Technology Development Agency has partnered with MasterCard to train on cyber security and data protection.

Big tech updates

Google has launched the Data Safety Section to provide users more information on how apps collect, share and secure users’ data.
Developers cite data privacy as the biggest challenge in a Metaverse. Reports Express Computers

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.