Issue 85

Enforcement Updates

First Data Privacy fine to Charity

Mermaids, a charity in UK has been fined by the Information Commissioner’s Office (ICO) for inadequate network policies and procedures on data protection under GDPR. Such insecure network led to the leaking of personal emails from the past three years, and sensitive personal information of about 550 people were available online. As, a result, ICO has fined the charity with EUR 25000 for failing to secure its user’s personal data. 

British Airways settles data breach class action

British Airways which was issued the largest data breach GDPR fine by the Information Commissioner’s Office, has settled the lawsuit with its claimants. The airlines revealed a data breach in 2018 affecting over 420,000 customers and staff and was facing a class-action lawsuit by those affected. The website traffic of the airlines was diverted to a fraudulent website that captured the visitor’s names, debit and credit card information, address, and emails. The class action was settled by the court-appointed lead solicitors on confidential terms.

Facebook faces data privacy lawsuit in Amsterdam 

Data Privacy Foundation and Dutch consumer advocacy organization Consumentenbond, have moved to Court of Amsterdam against Facebook for the violation of GDPR regulation. The lawsuit has been filed on behalf of the Dutch consumers and claims that Facebook collects information without providing valid legal basis for use of such collected data, using personal data and cookies for behavioral advertising. While Facebook denied all allegations and moved to dismiss the suit. The Court of Amsterdam vide a judgment allowed the lawsuit to move ahead.  

India Updates

  • PIL filled in Bombay High Court against Truecaller for breach of privacy. Reports LiveLaw 
  • WhatsApp to stay implementation of its new privacy policy until the PDPB, 2019 comes into force. Reports India Today
  • Air India faces claims for data breach pertaining to June 2021. Reports Hindustan Times

EU Updates

  • Guidelines on Codes of Conduct as a tool for transfers, Virtual Voice Assistants & the concepts of Controller & Processor adopted by EDPB.
  • European Parliament Think Tank releases study examining the exchange of personal data between the EU and the USA following the Schrems II judgment. 

Regulatory updates around the globe

  • Personal data privacy law passed in Colorado.
  • New Zealand Government decides to implement new legislative framework for consumer data rights.
  • State of Connecticut passes new Cybersecurity Standards Act for businesses.

News around the globe 

  • Sweden’s Financial Supervisory Authority announces investigation against Klarna Bank AB for their data security measures. 
  • Amazon faces class-action lawsuit from health care workers over Alexa recording conversations with patients.
  • UK based online education provider, New Skills Academy, reports of massive data breach.  Reports Real Wire.

Read our digital newsletter here.