Issue 92 - Privacy Desk

Enforcement updates

Companies fined in US and UK for illegal calling

The Information Commissioner’s Office (ICO), UK initiated its enforcement action against Parkin Beacher Ltd for making calls to pensioners regarding their pension plans and marketing private pension advisors without obtaining their informed consent. The ICO found the company in violation of the Privacy and Electronic Communications Regulations for making 96,817 illegal calls and fined the company with GBP 50,000.
Similar action was undertaken by the US Federal Communications Commission (FCC) against J.M. Burkman & Associates LLC and their representatives, for making illegal robocalls without prior express consent which was in violation of the Telephone Consumer Protection Act. The LLC was fined with USD 5,134,500 which is highest ever for making robocalls.

Danish watchdog to inspect companies for data protection

The Danish Data Protection Agency has launched inspection to assess and ensure that companies and municipalities in its jurisdiction remain compliant with the data protection. In this regard the agency has issued standardized questionnaire via an online tool which will form the basis for assessment of the level of data protection and privacy achieved by the companies. The Agency will also conduct a comparative evaluation across similar industries via the questionnaire tool.

Angry Birds makers sued for violating children’s privacy

The Attorney General of New Mexico, Hector Balderas filled a lawsuit against Rovio Entertainment, the developer of ‘Angry Birds’ game, for violating the provisions of the Children’s Online Privacy Protection Act (COPPA). The AG claimed that the makers of the game aggressively target children’s, and exfiltrate their personal data by using software embedded codes, and further sells it to a network of third-party marketing companies for commercial exploitation. The Lawsuit claims that such practice is done without full and complete disclosure of data collection, and without obtaining valid and verifiable consent from children’s parents. The lawsuit seeks damages from Rovio Entertainment and permanent injunction against the app.

Clearview AI loses first round in Illinois privacy lawsuit

Clearview Al Inc. which is facing claims over unauthorized collection and use of the Illinois residents’ faceprints under the Illinois Biometric Information Privacy Act, lost its move to dismiss the lawsuit arguing lack of jurisdiction and merits. The Judge, however rejected the claims of Clearview AI and asserted that the court had jurisdiction to try the case and stated that the company’s face scanning practices are a matter of grave public privacy concern. The claim was brought by the American Civil Liberties Union (ACLU) and other advocacy rights groups. It is alleged that the companies had failed to acquire consumers’ consent before plucking their photographs off the internet, cataloguing their facial geometry, attaching a unique biometric identifier, and making the information available to public and private purchasers in an online database.

Guidance updates

Russia’s Federal Antimonopoly Service issues draft principles to provide basic governance in digital markets, to promote transparency, openness and protection of participants.
California Attorney General Rob Bonta issues guidance to healthcare sector for complying with Health Data Privacy Laws.
Bank of Russia announces a new standard for enhancing security of data during financial transactions.
UK releases a ‘mission statement’ highlighting their intent to make their adequacy decision for international data transfers and shares priority jurisdictions to implement the UK adequacy.
The Data State Inspectorate of Latvia releases guidance for educational institutions for handling the personal data of students.

GCC updates

The Qatar Financial Centre Authority seeks public comments on the proposed amendments to the QFC Data Protection Regulations and Rules 2005 (‘the Regulations and Rules’).
Dubai International Financial Centre engages in an adequacy assessment with UK.

China updates

China’s state administration for market regulation, releases draft Regulations on Prohibition of Unfair Competition Acts on the Internet.
China begins trial implementation of “Regulations on the Management of Automobile Data Security”.

EU updates

Internal document of the European Data Protection Authority on the territorial application of Directive on Privacy and Electronic Communications (ePrivacy Directive) made public.
The European Commission launches public consultation on the draft regulation on internet-connected radio equipment and wearable radio equipment.
The Interactive Advertising Bureau launched a new Transparency & Consent Framework Vendor Compliance Programme to focus on assessing compliance of consent and retention of data.

India updates

Meghalaya government to use facial technology to verify pensioners. Internet Freedom Foundation raises privacy concerns.
RBI’s new app for online payments has been put on hold due to data safety concerns. Reports Mint.
Delhi High Court has provided an extension to WhatsApp and Facebook to comply with the notice served by Competition Commission of India for their revised privacy policy. Reports India Legal.
Right to be forgotten and Right to be left alone, recognized as essential Rights to privacy in a case before Delhi High Court. Reports ANI.

News around the globe

T-Mobile shares details about the investigation on their cyberattack.
The Dutch Data Protection Authority has granted permission to the financial institutions to register data of fraudsters and to share them with each other in an incident warning system
Singapore’s Monetary Authority and US Treasury have signed Memorandum of Understanding for cyber security co-operation.
AT&T denies reports of data breach affecting 70 million customers. Reports TechStory
Google Career Certificate programme, to train 100,000 Americans in fields like IT support and data analytics to upskill the in demand need of data privacy and cyber security. Reports Economic Times.

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.