Issue 84

Enforcement Updates

Food Delivery App fined for discriminatory algorithm

The Italian Data Protection Authority (Garante) fined Foodinho, an online food delivery platform, controlled by GlovoApp23 with EUR 2.6 million. The Authority noted that the company had failed to inform and explain their workers on the operations of the algorithm which is used for their evaluation. Further, there were violations in Data Protection Impact Assessments, technical and organizational security measures, record-keeping, Data Protection by Design and appointment of Data Protection Officer.

IT Company fined for inadequate data security measures

KVKK, the Turkish Data Protection Authority released its decision to fine an IT company for an investigation conducted in March 2020, after the company reported a data breach affecting nearly 65,000 individuals.  The decision of the authority highlighted that the company failed to implement adequate security measures such as two-factor authentication and access control and as result a fine of TRY 450,000 was imposed.

Government organizations asked to shut their Facebook pages

The Federal Commissioner for Data Protection and Freedom of Information (BfDI) wrote a letter to the government organizations of Germany, asking them to deactivate their organization’s Facebook pages, due to Facebook’s non-compliance with the European and German data protection laws. These organizations have been given till the end of the year, to shut their pages down after which the BfDI would initiate its enforcement powers under the GDPR. These pages, as stated by the commissioner, had no mechanism for transferring the personal data of the followers to the US. Such transfer of data, without sufficient measures, is a violation of EU data privacy laws.

India Updates

  • Breach at Tamil Nadu’s Public Distribution System, personal data of 5.2 million users compromised. – Reports The Week.
  • Reserve Bank of India published its Financial Stability Report.  Raises concerns about the potential risks to data privacy by big tech companies in the financial sector.
  • Ministry of Health and Family Welfare published consultation paper on the Healthcare Professionals Registry.

EU Updates

  • The European Commission adopted two supplementary methods for the transfer of personal data to organizations in the UK.
  • EDPB releases a pamphlet describing a one-stop-shop mechanism for assisting individuals in ensuring the protection of their privacy rights, from their home base.
  • Report highlighting economic damage up to EUR 2 trillion by 2030, in restricting cross-border data flows in Europe published by Digital Europe.

Regulatory Updates around the Globe

  • China’s new data security law passed, to come into effect on 1 September 2021.
  • Draft Cyber Security Law tabled in Mongolian Parliament.

News around the globe

  • Personal Data of employees and customer of Carnival Cruise Line leaked. Reports CBS News
  • Didi App banned in China for violations regarding collection and usage of personal data. Source: Business Standard.
  • NTT Logisco, Japan reported a data breach affecting up to 8 million customers.

Read our digital newsletter here.