Issue 130 - Privacy Desk

Enforcement updates

The Federal Trade Commission issued a fine of USD 150,000,000 on Twitter, Inc. for deceptively using users’ account security data for the purpose of targeted advertising. Twitter sought phone numbers and email addresses from its users to protect their account and allowed advertisers to use the data so collected to target specific users and thereby profit from it. Twitter’s actions violated a 2011 FTC order that prohibited Twitter from misrepresenting its privacy practices.

Belgian Data Protection Authority (DPA) imposed a fine of EUR 50,000 on Roularta Media Group for violating provisions of the GDPR following an investigation into the cookie management practices of the company’s website. The DPA concluded that the consent to processing of personal data using cookies on the company-operated sites were invalid. Roularta’s privacy policy also contained insufficient information on its use of cookies.

Italian DPA imposed a penalty of EUR 1,000 on Musicraiser S.r.l. for violating GDPR provisions on the right to object to the processing of personal data for direct marketing. The complainant stated that they continued to receive a newsletter after signing up on Musicraiser’s web platform despite requesting for cancellation. The DPA also warned the company regarding prompt exercise of data subjects’ rights.

Regulatory updates around the world

Thailand’s Personal Data Protection Act 2019 entered into effect on 1^st June 2022.
Senate Bill for the New York Privacy Act amended.
Maryland’s Act Concerning Data Privacy entered into effect of 1^st June 2022.

Guidance updates

Latvia’s Financial and Capital Market Commission developed recommendation for processing personal data in the field of preventing money laundering and terrorism.
Thailand’s Ministry of Digital Economy and Society issued guidelines under Personal Data Protection Act 2019.
Brazilian DPA released recommendations to the government on cookie collection practices as per General Personal Data Protection Law (LGDP).

US updates

Telemedicine abortion organizations are strengthening privacy fearing digital surveillance after Roe v. Wade. Reports Politico
Kentucky’s House Bill for the Genetic Information Privacy Act entered into effect on 1^st June 2022.

UK updates

Department for Digital, Culture, Media, and Sport began consultation on the Online Advertising Programme. Comments may be submitted before 8^th June 2022.
Central Digital & Data Office published its Data Sharing Governance Framework.

India updates

Ministry of Electronics and IT released proposed amendment to IT Rules, 2021. Comments may be submitted in the next 30 days.
Bangalore Metro Rail Corporation to reportedly replace smart cards and tokens with facial recognition technology in partnership with Google. Reports Hindustan Times
SpiceJet faced attempted ransomware attack leading to delayed flights.

News around the globe

Mastercard launched controversial Biometric Checkout Program that lets users pay by smiling.
Singapore’s Personal Data Protection Commission launched a data anonymization tool.
Chicago Public Schools reported personal data breach after five months of the incident.

Big tech updates

Microsoft faces class action suit under Biometric Information Privacy Act for collecting facial scans of Uber drivers without consent.
Google faces class action suit in UK for using medical records of 1.6 million individuals for its AI subsidiary, DeepMind. Reports ET CIO

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.