Issue 135

Enforcement updates

The Office of the Data Protection Ombudsman of Finland issued a fine of EUR 85,000 on Otavamedia Oy for violating several provisions of the GDPR by not responding to requests made by data subjects through email between 2018 and 2021 regarding Otavamedia’s processing of personal data.

Children’s Advertising Review Unit (CARU) found Outright Games, the owner of the Bratz Total Fashion Makeover app in violation of the COPPA and CARU’s Self-Regulatory Guidelines for Advertising and Children’s Online Privacy Protection. Outright Games’ privacy notices contained unclear language and failed to provide a neutral age-screening system.

The Dutch Data Protection Authority ordered the Customs Administration of Netherlands to remove the citizen service number from the European identification number of approximately 111,000 sole proprietorships as it encourages risks to privacy and identity fraud. The watchdog also held that there was no legal reason for including the citizen service number in the identification number.

Regulatory updates

  • California Privacy Protection Agency commenced the rulemaking process to adopt regulations for implementing the Consumer Privacy Rights Act of 2020.
  • European Parliament held the final vote on the Digital Services Act and Digital Markets Act.

Guidance updates

  • Welsh government published guidance on the use of automated biometric recognition systems by schools and colleges.
  • Data Protection Commission of Ireland released guidance on ‘Data Protection Considerations Relating to Multi-Unit Developments and Owners’ Management Companies’.

UK updates

  • Information Commissioner’s Office revised its approach to work closely with the public sector and encourage compliance with data protection laws.
  • UK’s parliamentarians call for a ban on CCTV surveillance cameras made in China. Reports Forbes
  • UK and the Republic of Korea entered into a new data adequacy agreement in principle.

India updates

  • Election Commission warned of severe disciplinary action against electoral registration officers if voters’ Aadhar data is leaked.
  • Central Information Commission directed the Delhi Police to respond to Right to Information queries on their use of face-detection technology. Reports Times of India

News around the globe

  • Marriott International faced a data breach that exposed staff and consumer information. Reports Time Now
  • Parcel delivery service Yodel faced a cyber incident that delayed its deliveries. Reports CPO Magazine

Big tech updates

  • Norwegian Data Protection Authority received a complaint from the Norwegian Consumer Council regarding Google’s breach of privacy laws.
  • Former employee claims that Facebook accessed deleted user data. Reports Bloomberg

Read our digital newsletter here.