Issue 92

Enforcement updates

Companies fined in US and UK for illegal calling

The Information Commissioner’s Office (ICO), UK initiated its enforcement action against Parkin Beacher Ltd for making calls to pensioners regarding their pension plans and marketing private pension advisors without obtaining their informed consent. The ICO found the company in violation of the Privacy and Electronic Communications Regulations for making 96,817 illegal calls and fined the company with GBP 50,000.
Similar action was undertaken by the US Federal Communications Commission (FCC) against J.M. Burkman & Associates LLC and their representatives, for making illegal robocalls without prior express consent which was in violation of the Telephone Consumer Protection Act. The LLC was fined with USD 5,134,500 which is highest ever for making robocalls.

Danish watchdog to inspect companies for data protection

The Danish Data Protection Agency has launched inspection to assess and ensure that companies and municipalities in its jurisdiction remain compliant with the data protection. In this regard the agency has issued standardized questionnaire via an online tool which will form the basis for assessment of the level of data protection and privacy achieved by the companies. The Agency will also conduct a comparative evaluation across similar industries via the questionnaire tool.

Angry Birds makers sued for violating children’s privacy

The Attorney General of New Mexico, Hector Balderas filled a lawsuit against Rovio Entertainment, the developer of ‘Angry Birds’ game, for violating the provisions of the Children’s Online Privacy Protection Act (COPPA). The AG claimed that the makers of the game aggressively target children’s, and exfiltrate their personal data by using software embedded codes, and further sells it to a network of third-party marketing companies for commercial exploitation. The Lawsuit claims that such practice is done without full and complete disclosure of data collection, and without obtaining valid and verifiable consent from children’s parents. The lawsuit seeks damages from Rovio Entertainment and permanent injunction against the app.

Clearview AI loses first round in Illinois privacy lawsuit

Clearview Al Inc. which is facing claims over unauthorized collection and use of the Illinois residents’ faceprints under the Illinois Biometric Information Privacy Act, lost its move to dismiss the lawsuit arguing lack of jurisdiction and merits. The Judge, however rejected the claims of Clearview AI and asserted that the court had jurisdiction to try the case and stated that the company’s face scanning practices are a matter of grave public privacy concern. The claim was brought by the American Civil Liberties Union (ACLU) and other advocacy rights groups. It is alleged that the companies had failed to acquire consumers’ consent before plucking their photographs off the internet, cataloguing their facial geometry, attaching a unique biometric identifier, and making the information available to public and private purchasers in an online database.

Guidance updates

Russia’s Federal Antimonopoly Service issues draft principles to provide basic governance in digital markets, to promote transparency, openness and protection of participants.
California Attorney General Rob Bonta issues guidance to healthcare sector for complying with Health Data Privacy Laws.
Bank of Russia announces a new standard for enhancing security of data during financial transactions.
UK releases a ‘mission statement’ highlighting their intent to make their adequacy decision for international data transfers and shares priority jurisdictions to implement the UK adequacy.
The Data State Inspectorate of Latvia releases guidance for educational institutions for handling the personal data of students.

GCC updates

The Qatar Financial Centre Authority seeks public comments on the proposed amendments to the QFC Data Protection Regulations and Rules 2005 (‘the Regulations and Rules’).
Dubai International Financial Centre engages in an adequacy assessment with UK.

China updates

China’s state administration for market regulation, releases draft Regulations on Prohibition of Unfair Competition Acts on the Internet.
China begins trial implementation of “Regulations on the Management of Automobile Data Security”.

EU updates

Internal document of the European Data Protection Authority on the territorial application of Directive on Privacy and Electronic Communications (ePrivacy Directive) made public.
The European Commission launches public consultation on the draft regulation on internet-connected radio equipment and wearable radio equipment.
The Interactive Advertising Bureau launched a new Transparency & Consent Framework Vendor Compliance Programme to focus on assessing compliance of consent and retention of data.

India updates

Meghalaya government to use facial technology to verify pensioners. Internet Freedom Foundation raises privacy concerns.
RBI’s new app for online payments has been put on hold due to data safety concerns. Reports Mint.
Delhi High Court has provided an extension to WhatsApp and Facebook to comply with the notice served by Competition Commission of India for their revised privacy policy. Reports India Legal.
Right to be forgotten and Right to be left alone, recognized as essential Rights to privacy in a case before Delhi High Court. Reports ANI.

News around the globe

T-Mobile shares details about the investigation on their cyberattack.
The Dutch Data Protection Authority has granted permission to the financial institutions to register data of fraudsters and to share them with each other in an incident warning system
Singapore’s Monetary Authority and US Treasury have signed Memorandum of Understanding for cyber security co-operation.
AT&T denies reports of data breach affecting 70 million customers. Reports TechStory
Google Career Certificate programme, to train 100,000 Americans in fields like IT support and data analytics to upskill the in demand need of data privacy and cyber security. Reports Economic Times.

Read our digital newsletter here.