Issue 127

Enforcement updates

Hong Kong’s Privacy Commissioner for Personal Data arrested a person for a suspected doxxing offence under Section 64(3A) of the Personal Data (Amendment) Ordinance 2021. The arrested person is suspected of disclosing the personal data of three individuals on various social media platforms without their consent. Violation of Section 64(3A) of the Ordinance is punishable with a fine and imprisonment for two years. 

Angola’s National Data Protection Agency issued a fine of USD 525,000 on  Banco de Poupança e Crédito, a Government owned bank. The bank was fined for violating several provisions of Law No. 22/11 on the Protection of Personal Data regarding processing of employee personal data and implementing technical and organizations measures to protect employee data.

The Italian DPA issued a warning to  the Local Health Authority Centro Specialistico Ortopedico Traumatologico Gaetano Pini-CTO for violating Article 5(1)(a) and 9 of the GDPR on disclosure of personal data (including health data) without a legal basis. The DPA considered it sufficient to issue a warning as the data breach involved one data subject who did not suffer any harm and the breach was promptly notified.

Guidance updates

  • New York State Department of Financial Services issued guidance on use of blockchain analytics for virtual currency business entities.
  • UK Information Commissioner’s Office launched its updated AI and data protection risk toolkit.
  • The Australian Office of the Victorian Information Commissioner published an updated guidance on assessing compensation claims for loss in privacy complaints.

Regulatory updates

  • Russian Parliament adopted the bill on Amending Article 16 of the Law of the Russian Federation ‘On the Protection of Consumer Rights’.
  • President of Republic of Cameroon promulgated a law on Cameroon’s Accession to the Budapest Convention on Cybercrime.
  • Russian President signed a decree on ‘additional measures to ensure the information security of the Russian Federation’.

Reports published

  • Brazilian DPA published a technical study on processing of personal data for academic purposes.
  • House of Commons of Canada released a report on the collection and use of mobility data by the Government of Canada.

EU updates

  • Guernsey’s Office of DPA launched an investigation into the Medical Specialist Group LLP after a cyber incident.
  • German Data Protection Conference published a resolution calling for an employee data protection law.
  • Italian DPA has commenced drafting a code of conduct regulating telemarketing activities.

US updates

  • Maryland Governor signed a Senate Bill for an Act on insurance data security.
  • Fairfield County Implants and Periodontics notified the U.S. Department of Health of data security incident.
  • Connecticut Insurance Department issued a notice on the use of big data

India updates

  • Indian Computer Emergency Response Team issued directions on IT practices and reporting of cyber incidents.
  • Minister of State for Electronics and IT says new draft of the IT Act is likely to be released in May. Reports The Hindu
  • Ola faces criticism for publicly sharing data regarding speed and braking of a customer.

News around the globe

  • Australian Communications and Media Authority published a statement on the blocking of scam calls by telecommunications companies.
  • The National Privacy Commission of Philippines announced the beginning of on-site compliance checks with personal information controllers.
  • Israel’s Privacy Protection Authority published a new document on the obligation to notify the collection and use of personal information.

Big tech updates

  • German trade union launched a strike for protection of their personal data and higher wages. Reports Popular Resistance
  • Amazon’s Astro home robot raises privacy concerns. Reports CNET

Read our digital newsletter here.