Issue 87

Enforcement Updates

Dutch Data Protection Authority fines TikTok

TikTok has been fined by the Dutch Data Protection Authority, for infringing the privacy of children. The Authority noted that the privacy statements (notice) offered by TikTok are in English and not in Dutch language. This makes it difficult for young children to be fully aware of privacy implications of using the TikTok app. Since children contribute as the major audience of TikTok the authority took the matter seriously and has held TikTok to be in violation of GDPR principle which requires data controllers to ensure complete transparency with regards to their collection, storage, and data processing practices. As a result, the authority issued a fine of EUR 750,000.

Insurance company fined EUR 1.75 million

The AG2R La Mondiale group, a mutual insurance group company has been fined by CNIL, the French Data Protection Authority with EUR 1,750,000 due to infringing two obligations under the GDPR i.e. breach of the obligation to limit the data retention period and a breach of the obligation to inform individuals.

Consent or Contract? Austrian Supreme Court asks CJEU

The Austrian Supreme Court, pursuant to requests raised by Privacy Activist, Max Scherms, raised some fundamental questions, regarding Facebook’s compliance with GDPR, to the Court of Justice of the European Union (CJEU). The move is a recent development in the ongoing privacy battle between Max Scherms and Facebook. Primarily, these questions address the unlawful processing of user data by Facebook by interchanging and playing with grounds of processing under GDPR, conveniently shifting the basis of processing of user data from consent to contractual necessity. The issues are now referred to the CJEU for a preliminary ruling.

California’s AG releases a list of CCPA offenders

The Attorney General of California has released a list of California Consumer Privacy Act offenders since the act came into effect on 1 July 2020. The list provides details on the offender company and their violations. The list has been provided as illustrative examples of situations in which the Office of the Attorney General has sent a notice of the alleged noncompliance and have highlighted the steps taken by the company.

Our Articles

  • How could a Data Breach Impact you? Read Here
  • Data Transfer Between US and EU- Analysis of the Schrems II Judgement and the Way Forward Read Here

Guidance Issued

  • The Government of UK released privacy guidance on personal data shared with the Public Health England by local weight management services.
  • California AG releases privacy interactive tool to help consumers send notices to businesses in violation of the CCPA provisions.
  • CNIL releases guidance for insurance businesses to understand relevant data protection compliances.

Regulatory updates around the globe

  • Abu Dhabi Global Market notifies the Data Protection Regulations Rules 2021.
  • The Draft Cyber Incident Notification Bill introduced in US Senate.
  • California Senate Committee on Health passes a new bill expanding definition of personal data in the health care system.

India Updates

  • Joint Parliamentary Committee on Personal Data Protection Bill receives extension to present the final report in first week of winter session 2021.
  • Data Security Council of India issues a paper on Cloud Strategy.
  • Visa complies with the RBI Data localization norms. Reports the Hindu Business Line.

Reports Published

  • Report titled “Poverty Panopticon” published by Big Brother Watch. Recommends privacy measures for Britain’s digital welfare state.
  • US Department of Homeland Security releases a report highlighting travelers’ personal information at risk.
  • The European Union Agency for Cybersecurity released a report on the cybersecurity incidents in the telecom and trust services

Read our digital newsletter here.