Issue 89

Enforcement Updates

Zoom privacy lawsuit reaches USD 85 million settlement.

Zoom, the popular video conferencing company, faced a class action lawsuit filed in March 2020. The lawsuit claimed that Zoom’s video conferencing services was not truly end to end encrypted and accused the company of sharing personal data of users with companies like Facebook and Google illegally. The lawsuit also accused Zoom of allowing the platform to be accessed by unauthorized attendees who would deliberately spam zoom meeting and create ruckus. Zoom although denied these allegations, agreed to settle the lawsuit with the class action plaintiffs. As a result, Zoom has now agreed for a total settlement for a sum of USD 85 million, while also incorporating additional steps to strengthen privacy.

Russia begins enforcement of its data localization directive.  

Roskomnadzor, Russia’s media and communications watchdog, had mandated tech giants such as Goggle, Facebook, and Twitter to comply with data localization obligation by July 1, 2021. Further, a magistrate court of Tagansky district of Moscow, has now fined Google LLC, RUB 3 million on account of administrative wrongdoing, for failing to store personal data of Russian users on Russian servers. A decision on similar proceedings against Twitter and Facebook is soon expected.

CNIL launches enforcement campaign for cookie non-compliance.

The French data privacy watchdog, CNIL, sent forty notices to companies which were in non-compliance of the CNIL’s guidelines and recommendations for using cookies on their website. The notice was served to these companies because they did not allow users to refuse cookies as easily as they can accept it. These companies have been given until September 6 to comply with the notices, after which they may be fined up to 2% of their turnover. This comes after the CNIL launched a campaign to strengthen cookie compliance as a global strategy.

Illegal Robocalls leads to fine for Companies in US and UK

Yes Consumer Solutions Limited, a company which sells nuisance call prevention systems was fined for making over 200,000 nuisance calls to individuals who were registered with the UK’s Telephone Preference Service (TPS). In UK Contacting people who have been registered with the TPS for longer than 28 days is against the Privacy and Electronic Communications Regulations. In this regard, ICO had received complaints against the company, post investigation it held the company liable under Privacy and Electronic Communications Regulations, as it failed to check the callers TPS registration and made deliberate nuisance calls. As a result, the company was fined EUR 170,000.

A New-Jersey based company, Environmental Products International, Inc., was also fined by the US Federal Trade Commission for making 45 million cold calls to people registered with the Do Not Call registry. As a result of the charges, the company agreed to pay settlement amount of USD 1.6 million and put ban on cold calling. 

Guidance Issued

  • Japan publishes draft “Guidelines for Information Security Measures in Cloud Service Provision” and “Guidelines on the Act on the Protection of Personal Information.”
  • Colombian Data Protection Authority released guidelines on implementation of the responsibility principle in the international transfers of personal data.
  • ICO UK, releases a new guidance resource on direct marketing rules for public sector organizations.

Regulatory updates around the globe

  • US Senate Committee on Homeland Security and Governmental affairs released a report titled, “Federal Cybersecurity: America’s Data Still at Risk.”
  • Germany’s highest civil court releases a decision specifying wider scope of Right to access by data subjects under GDPR.
  • Office of the Australian Information Commissioner, orders Uber to strictly comply with the Australian Privacy Principles and appoint an independent expert to review and report its data privacy program.

News around the globe

  • UC San Diego Health experiences data breach involving unauthorized access in employee email accounts. Reports Business Wire.
  • Upon linking your biometric palm prints to the checkout free stores, Amazon offers about USD 10 in promotional credit. Reports Tech Crunch
  • Pipeline Owners and Operators that transport hazardous liquids and natural gas were issued a security directive for better cybersecurity by the US Department of Homeland Security. 

EU updates

  • Italian data protection authority, Garante requests the government to evaluate data retention reforms.
  • The EU Parliament releases paper on Artificial Intelligence in smart cities and urban mobility.

India updates

  • The Ministry of Electronics and Information Technology (MeitY) reveals allocation of Rs. 416 crores to Country’s cybersecurity measures.
  • The Indian Computer Emergency Response Team advises Apple users to Install Remote Exploit Patch after the Pegasus attack.

Read our digital newsletter here.