Issue 128

Enforcement updates

The Italian Data Protection Authority (Garante) imposed a fine of EUR 40,000 on ISWEB S.p.A, an accounting software company, following an investigation concerning processing personal data acquired through whistleblowing systems. The Garante found that ISWEB had engaged with a hosting service provider which acted both as a data controller in its capacity and a data processor on behalf of its clients. Accordingly, the Garante imposed the fine and ordered ISWEB to regulate its relationship with the hosting service provider. 

The Australian Communications and Media Authority (ACMA) issued three fines totalling AUD 204,240 on The Wine Group Pty Ltd. for making unsolicited telemarketing calls and commercial electronic messages to consumers who had not given their consent. The fines were imposed as the Wine Group were found to be in contravention of Spam Act 2003, the Do Not Call Register Act 2006 and the Telecommunications Act 1997.

The National Supervisory Authority for Personal Data Protection fined Loris Fuel Shop SRL, a gas station, for EUR 1,000 regarding security violations under GDPR. Following a compliant, an investigation was conducted which revealed that Loris Fuel Shop had not sufficiently adopted appropriate technical and organisational measures to ensure the confidentiality of personal data being processed. Additionally, it was also found that Loris Fuel Shop did not have a training program in place for its employees.

Guidance updates

  • Berlin data protection authority published guidance on data transfer to third countries addressing what applies after the Schrems II judgement.
  • Interactive Advertising Bureau of Brazil published a guide on Efficient Data Management.
  • US Department of Justice released guidance on algorithims, AI and disability discrimination in hiring.
  • Hong Kong’s Privacy Commissioner for Personal Data published guidance on recommended model contractual clauses for cross border data transfer. 

Regulatory updates

  • Kentucky Governer signed House Bill to enact data insurance security legislation.
  • Parliament of Ukraine released draft amendments to the Criminal Code to increase the effectiveness of combating cybercrime in martial law. 

US updates

  • House Bill for Promoting Digital Privacy Technologies Act was passed by the US House of Representatives. 
  • Southern Ohio Medical Center notified the US Department of Health and Human Services for Civil Rights of a data security incident affecting approx.15,000 individuals.

EU updates

  • European Commission announced the launch of European Health Data Space which is a single market for digital health services and products.
  • European Commission adopts new strategy to protect and empower children online. 
  • The Council of Eropean Union announced a provisional agreement with the European Parliament on the Digital Operational Resilience Act.

News around the globe

  • Phillipines National Privacy Comission conducts on-site compliane check to determine level of compliance with the law. 
  • Travelers stranded in various vacation destinations and on airports after a data breach involving Sunwing Airlines caused delays and cancellations. Reports The Ledger 

Read our digital newsletter here.