Issue 131

Enforcement updates

Solara Medical Supplies proposed a USD 9 million settlement to resolve a class action lawsuit related to a 2019 data breach has received preliminary approval from the Court. Solara Medical Supplies, which provides products and services to help people manage their diabetes, was the victim of a phishing attack which contained the protected health information of patients and sensitive employee information. The settlement has received preliminary approval from the Court and a final hearing and the deadline for submitting a claim is August 8, 2022.

The Information Commissioner’s Office (ICO) sanctioned a fine of GBP 7,552,800 on Clearview AI for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition. The ICO has also issued an enforcement notice, ordering the company to stop collecting and using personal data of UK residents and to delete the data of UK residents from its systems.

Injured Workers Pharmacy (IWP), a drug delivery service had failed to protect the private information of its patients which led to a data breach and a class action lawsuit was filed against them accordingly. According to the complaint, the company failed to protect the personal information of more than 75,000 customers amid a data breach and then didn’t notify the patients until nine months later. The lawsuit was filed in Massachusetts federal court and the plaintiffs seek to represent a class of current and former IWP customers.

Regulatory updates around the world

  • Kentucky’s Genetic Information Privacy Act enters into effect.
  • Thailand Prime Minister announced compliance programmes for government entities in line with the enactment of Personal Data Protection Act 2019.
  • US Supreme Court dissented to a controversial law that allows Texas residents and the attorney general to sue social media companies over their content-moderation decisions.

Guidance updates

  • Bavarian Data Protection Authority published guide on risk analysis and data protection impact assessment.
  • Data State Inspectorate of Latvia published guide on data protection impact assessment.

EU updates

  • European Data Protection Board published its response to the joint payments industry regarding guidelines on the interplay of Second Payment Services Directive and GDPR.
  • European Parliament announced particulars of the meeting between Washington D.C and Members of Parliament which involved discussions around Trans-Atlantic data privacy framework, future privacy regulations and use of AI in law enforcement.

India updates

  • FICCI released self regulatory code of conduct for E-diagnostic platforms.
  • Data localization rules in the upcoming data protection law may only apply to neighboring countries. Reports financial express

News around the globe

  • Saudi National Cybersecurity Authority launched a national portal for cybersecurity services.
  • DuckDuckGo has been allowing Microsoft to track knowledge using the domains of Bing and LinkedIn. Reports The Economic Times
  • Office of the Privacy Commissioner of Canada reports that Tim Hortons app violated Canadian privacy laws by collecting vast amounts of sensitive location data.

Read our digital newsletter here.