Issue 98

Enforcement Updates

German Company fined for lack of transparency under GDPR

The Hamburg Commissioner for Data Protection and Freedom of Information, fined Germany based company Vattenfall Europe Sales GmbH for failing to comply with GDPR principles. The authority noted that the company was not transparent regarding its practice of comparing personal data contained in contract inquires with issuance of special payments. This practice of comparing personal data received in contract inquires violated GDPR principles of lawfulness, fairness, and transparency. As a result, the authority levied a fine of EUR 901,388.84 against the company.

Finland’s police department reprimanded for illegal use of facial recognition software

The Deputy Data Protection Ombudsman of Finland issued statutory reprimand notice against the National Police Board for conducting trial of a facial recognition software and illegal processing of sensitive personal data. The ombudsman noted that the police unit, used a facial recognition software, which led to unlawful collection of sensitive personal data, which was processed in violation of the GDPR. The ombudsman also noted that obligations of the police department as a data controller were not fulfilled, and the staff was not trained in data protection and privacy.

Google and DeepMind Technologies accused of illegally acquiring sensitive medical data

A UK based law firm has filed  representative action against Google and DeepMind Technologies. The lawsuit states that  out of an arrangement entered in 2015, between Google, DeepMind and the Royal Free London NHS Foundation Trust, the former were provided with approximately 1.6 million individuals’ confidential medical records without the knowledge or consent of these individuals thus violating the data privacy laws and regulations.

Interior Ministry fined for data privacy violation in Georgia 

The Georgian State inspector’s office issued a decision to fine, country’s interior ministry as it violated data privacy regulations. The state inspector’s office stated that interior ministry published and broadcasted video footages of a deceased reporter in violation of the principles of data privacy and infringed the data privacy law. As a result, the interior ministry was fined GEL 2000.

Guidance Updates

  • The Uruguayan data protection authority notifies changes to its cross-border data transfer regime.
  • The UK Government publishes its national AI strategy.
  • The Norwegian data protection authority chooses not use Facebook. Highlights privacy risks associated with use of Facebook page.
  • The Australian data privacy watchdog releases recommendations on “Open by Design” principles. To promote openness and prompt access to personal data.
  • The Turkish data protection authority publishes guidelines on processing of biometric data.    

Regulatory Updates

  • Australian Anti-trust authority publishes report on Google’s dominant Ad-tech practices. Highlights Google’s dominance over personal data collection.
  • Czech government amends its ‘Electronic Communications Act’. Introduces consent and cookie mandates.
  • South Korea’s Personal Information Protection Committee proposes amendments to the country’s data privacy law.

 EU Updates

  • EU Council members agree on negotiating mandate on Data Governance Act proposal. The act would focus on public sector data.
  • EU Parliament passes resolution seeking blanket ban on biometric based mass surveillance practices.

News around the Globe

  • Facebook updates cookie controls for EU citizens.
  • Facebook accused of overpaying the US Federal Trade Commission to shield its executives from the  Cambridge Analytica probe. – Reports Politico  
  • Twitch Interactive Inc. confirms massive data breach incident.
  • The Brazilian and Spanish Data Protection Authorities enters into MOU to promote mutual cooperation.

 US Updates

  • The U.S. Department of Health and Human Services publishes guidance note on application of HIPAA rules in relation to covid-19 vaccination status.
  • Ashkan Soltani appointed as the first Executive Director of the California Privacy Protection Agency.
  • The US National Institute of Standards and Technology published its draft Cyber security and Privacy Program Annual Report.

 India Updates

  • First week of Winter session may see introduction of The Personal Data Protection Bill, 2019 –Reports India Today.
  • IRDAI asks insurance company to share client personal data with Insurance Information Bureau of India, industry fears privacy concerns.
  • CERT-IN, issues advisory regarding malware attack targeting banking customers.
  • Amar Patnaik, member of the joint parliamentary committee on Personal Data Protection Bill, bats for state level data protection authorities. – Reports Hindustan Times  

Read our digital newsletter here.