Issue 88

Enforcement Updates

Amazon faces record EUR 746 million fine

The recent US SEC filing by Amazon revealed that the Luxembourg National Commission for Data Protection (CNPD) has issued a fine of EUR 746 million for violations under the GDPR.  The decision was kept confidential, and the details of the fine were only revealed in filing. Apart from the fine, CNPD also imposed ‘’corresponding practice revisions” against Amazon. The fine amount is the highest ever, sanctioned under GDPR.

Supermarket fined due to illegal use of facial recognition system.

The Spanish data protection authority (AEPD) has fined a supermarket chain, Mercadona, S.A. for using system of facial recognition in their shops illegally. The AEPD in its finding stated that the processing of biometric data at the establishments was done without any legal ground and was thus illegitimate under GDPR, it also noted that the company failed to conduct a Data Protection Impact Assessment before using the technology. As a result, the AEPD imposed a fine of EUR 2,520,000.

French newspaper fined for cookie non-compliance

CNIL, the French Data Protection Authority fined newspaper website, Lefigaro.fr maintained by the Company Societe Du Figaro, for non-compliance in relation to use of cookies. It was held that third-party cookies were placed on user’s computer without obtaining consent and in some cases irrespective of their refusal, for advertising purposes. Resultantly, the company was fined EUR 50,000 for its failure to obtain user consent and disregarding user request for refusal in relation to use of cookies.

Guidance Issued

  • ICO released Children’s Code standards for maintaining best interest of the children and avoiding mismanagement of children data by organizations and data minimization.
  • The White House, US published the ‘’National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems’’.
  • Data protection guidelines for Banking Businesses published in Thailand.

Regulatory updates around the globe

  • US based organization, Uniform Law Commission releases a model ‘Uniform Personal Data Protection Act’ which can be adopted across all US states.
  • Supreme People’s Court, China released new rules to regulate facial recognition technology.

News around the globe

  • Instagram announces privacy changes for young users on account of their safety.
  • Google reveals the design of their upcoming privacy section in Goggle Play store. Reports Tech Crunch
  • IBM reports that data breaches cost companies USD 4.24 million per incident on average; highest in 17 years.

EU updates

  • EDPB adopts a binding decision by Irish Supervisory Authority in case of WhatsApp Ireland Ltd.
  • The European Union Agency for Cybersecurity (ENISA) releases report on supply chain cybersecurity attacks.
  • EU Commission announces plan for developing EU wide secure communications infrastructure.

India updates

  • India experienced total of 6,07,220 cybersecurity incidents in the first half of 2021 – Indian Computer Emergency Response Team (CERT-In).
  • Lok Sabha MP urges the Union government for an independent judicial investigation on the Pegasus Attack.
  • Consultation paper on Unified Health Interface released by National Health Authority for public comments.

Our Article

WhatsApp privacy policy: The controversy so for alarming the need of data protection law in India. Read here.

Read our digital newsletter here.