Issue 83

Enforcement Updates

Icelandic watchdog fines for employee surveillance

The Icelandic Data Protection Authority (Personuvernd) fined a company with ISK 5 million for violation under the GDPR. The Authority had received complaint from one of the company employee that the company constantly used video cameras for surveillance of employee area and had no information or signage regarding such surveillance. The Authority concluding its investigation, ruled that the surveillance of employee resulted in unlawful collection and processing of employee personal data, was not transparent as employee were not given due notice in this regard and surveillance measure was not limited to security purpose.

TikTok faces EUR 1.5 billion claim

A Dutch consumer privacy group, Take Back Your Privacy Foundation has launched campaign against TikTok alleging that the app is involved in unlawful collection of large amounts of personal data of children. The claim further states that it trades user’s data by selling it without giving notice and obtaining parental consent. The group has demanded that the company must delete collected data and claims compensation amounting to EUR 1.5 billion from TikTok.

Energy co. fined for illegal data transfer

Garante, the Italian data protection authority announced its decision to fine energy sector company, Iren Mercato SpA for processing personal data of individuals for telemarketing purposes without obtaining necessary consent. It was also revealed that company had obtained personal data from third party sources, who acted as independent data controllers and had obtained user consent for telemarketing for themselves and other companies. However, the Garante noted that such consent was not valid as it would not extend for subsequent transfers to different data controllers. As a result, company was fined EUR 3 million for violations under the GDPR.

Guidance Issued

  • Federal Data Protection and Information Commissioner, Switzerland issues guidance note on data transfers to foreign countries.
  • German Data Protection Authority issue statement on new standard contractual clauses and supplementary measures recommended by EDPB.
  • Guidance note on exemptions from the conditions for lawful processing of personal information released by South African Data Protection Regulator.

Regulatory updates around the globe

  • UK’s Task Force on Innovation, Growth and Regulatory Reform published its report. Recommends overhaul of UK Data Protection Law with AI.
  • Renewed Federal Data Protection Act re-introduced in US Senate. Envisages an independent federal Data Protection Agency.
  • National Medical Security Administration, China launches public consultation on the Medical Security Law.

EU updates

  • Final recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data published by EDPB.
  • EDPB and EDPS issues a joint opinion on European Commission’s proposal to regulate AI.
  • European Commission initiates the process for adoption of the Republic of Korea adequacy decision.

India updates

  • Worker union protest against use of government app fearing privacy violation. – Report’s TOI
  • India’s Permanent Mission to UN issues clarification over UN HRC’s concerns over new IT rules, 2021. Highlights Right to Privacy of Indians.

News around the globe 

  • ICO, UK’s Data watchdog granted powers to conduct direct financial investigations under the amended Proceeds of Crime Act.
  • Irish Data Protection Commission will examine the legality of estate brokers collecting financial personal data. – Report’s Irish Times.
  • United Tech and Allied Workers trade union begins campaigns to protect workers privacy. – Report’s Computer Weekly.

Read our digital newsletter here.