Issue 93 - Privacy Desk

Enforcement updates

South Korean privacy watchdog initiates action against Tech Giants

South Korea’s privacy regulator Personal Information Protection Commission (PIPC) issued fines against major tech companies for failure to comply with its national privacy law. PIPC fined Facebook Inc. KRW 6 billion for breach of nearly 6 articles of the Personal Information Protection Act (PIPA), which included, collection of facial data without disclosure and consent, transfer of personal data outside South Korea illegally etc. Netflix Inc. was also fined KRW 223.2 million by the PIPC for illegal data collection and transfer under the PIPA. Google although did not receive any fine, was issued a letter of “recommendation for improvement” regarding its compliance with the PIPA.

Facebook’s ‘buy-or-bury’ tactics are a threat to privacy and competition: Records FTC

In an ongoing federal anti-trust against Facebook by the Federal Trade Commission (FTC), the authority filled an amended complaint alleging Facebook’s privacy invading and competition harming tactics. The authority noted that Facebook buried their competition in an illegal buy-or-bury scheme, to maintain its monopoly in the market, which allowed Facebook to sustain their surveillance heavy advertising and increase privacy burdens for the user. FTC has provided with further details on the violation of privacy of users, through such monopoly and destroying competition. As a result, Facebook may face prosecution before federal judge.

Investment firms fined for breach of data security practices.

Investment companies Cetera Advisor Networks LLC, Cambridge Investment Research Inc and KMS Financial Services were fined for deficient data security practices by the Security Exchange Commission, USA. These companies suffered a data security incident, owing to noncompliance with their written data protection policies and data security requirements as laid down in the safeguards rules, which led to unauthorized access of personal data by threat actors. The companies were also accused of misleading and inadequate breach notifications. As a result, Cetera was fined USD 300,000, Cambridge Investment was fined USD 250,000 and KMS was fined USD 200,000 penalty.

Heritage tracing and genetic testing company under scrutiny for GDPR violations.

The Norwegian Data Protection Authority has opened investigation into data collecting and handling practices of MyHeritage Ltd. The authority had received a complaint report from the Norwegian Consumer Council, which alleged that the company is engaged in collection and processing large amount of sensitive personal data and transgresses GDPR principles while processing the same. The Council’s report accused the company of lack of transparency, improper legal basis and denying users opportunity of true and informed consent and illegal privacy policy. The Authority had demanded information from the company.

Regulatory updates around the globe

New Data Privacy and Protection law for insurance sector published in Minnesota.
UK’s Information Commissioners Office Age-Appropriate Design Code enters into force.
Texas Data Breach Notification Law enters into force.

India updates

The Joint Parliamentary Committee on Personal Data Protection Bill conducted two sittings i.e on 15^thand 16^th September to discuss the amendments introduced by Chairperson.
Former Supreme Court justices raises concerns over 4 years delay in implementing Personal Data Protection Law. Source HT.
The Personal Data Protection Law to boost business from abroad for IT industry in India – Additional Secretary, MEITY. Source ET.
Government of India planning to introduce incentive schemes to promote Data Centers in India. Report’s ET.

EU updates

Joint Committee of European Supervisory Authorities published their second risk assessment report. Highlights cyber risks for financial sector.
The European Commission released its 2021 Strategic Foresight Report. Provides observation on digital hyperconnectivity and technological transformations.
European Parliament releases study on Biometric Recognition and Behavioral Detection.

Guidance updates

Data Sharing Code of Practice published by the Gibraltar Regulatory Authority.
Hong Kong Privacy Commissioner for Personal Data released its guide on Ethical Development and Use of Artificial Intelligence.
CNIL, the French Data Protection Authority released opinion on the use of biometric devices, in relation to hand-shaped palm scanning devices used in school.
Russia’s Federal Antimonopoly Service releases guidelines for digital markets and platforms.

News around the globe

Huawei accused of illegal access and transfer of personal data of Pakistan citizens to China. – Report’s Reuters.
Incorrect configuration of Microsoft API by government and private entities leads to large scale data breach.
Facebook introduces new Privacy Enhancing Technologies to improve privacy in targeted advertising.
Tinder to launch Government ID based verification of users.
China to ban its Tech companies which can pose data privacy and security risks from listing themselves overseas. Report’s Reuters.

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.