Issue 107

Enforcement updates

Swedish court rejects Google’s appeal against fine of SEK 52 million

The Administrative Court of Stockholm rejected Google’s appeal against the decision of the Swedish Data Protection Authority which had sanctioned a fine of SEK 75 million for violating provisions relating to right to be forgotten under the GDPR. Google opined that the information provided by webmasters is necessary for fundamental rights of search engine providers and freedom of expression and information of internet users. The court found that Google has a practice of informing webmasters after removing any search results from its search engine, which was not permitted under the GDPR. A penalty of SEK 52 million was thus imposed by the Administrative Court

UK’s data watchdog sanctions a fine of GBP 500,000 to Cabinet Office for data breach

The Information Commissioner’s Office (ICO) has fined the Cabinet Office for disclosing postal addresses of the 2020 New Year Honours recipients online. The ICO found that the cabinet office had published a file online containing personal information of more than 1000 people including many prominent public figures. The information was available in the public domain for two hours due to which ICO received complaints from the affected parties. Upon becoming aware of the breach, the Cabinet Office removed the weblink. Since the Cabinet Office failed to put up appropriate technical and organizational measures in place to prevent the unauthorized disclosure of personal information, it is a breach of data protection law, the ICO has raised a fine.

US court permits Microsoft to seize websites used by Chinese hacker group to steal data

Microsoft’s Digital Crimes Unit reported that the U.S District Court for the Eastern District of Virginia has granted their request to seize websites which were purportedly being used by the Chinese hacker group called Nickel. Nickel was using these sites to execute attacks on organizations in the United States and 28 other countries to infiltrate malware, conduct surveillance and steal data. Microsoft believes this disruption will not prevent Nickel from continuing their hacking activities, but it will help in protecting existing and future victims while learning more about Nickel’s activities.

Guidance updates

Indonesian Fintech Association issues code of ethics on personal data protection in the Fintech sector. Reports The Jakarta Post.
Austrian Data Protection Authority approves code of conduct for application of the GDPR to the insurance sector.
Australian Information Commissioner releases its first Consumer Data Right Assessment.
UK’s Centre for Data Ethics and Innovation publishes ‘A roadmap for building an effective AI assurance ecosystem’ explaining privacy and security risks in AI.

Regulatory updates around the globe

Zimbabwe enacts a new Data Protection Act on 3^rd December 2021.
Ukraine’s President signs Electronic Registers Law which contains amendments to the Personal Data Protection Law regarding data localization requirements.
Japan’s Cabinet of IP Strategy Promotion Secretariat issues guidance on data handling rules for data trading and service platforms.

US updates

Department of Homeland Security’s Transport Security Administration announced two new Security Directives to improve cybersecurity in the transportation sector.
Federal Trade Commission begins rulemaking on privacy by filing an Advanced Notice of Proposed Rulemaking with the Office of Management and Budget.
Congress blocked the provisions regarding cyber incident reporting in the National Defense Authorization Act 2022.

EU updates

European Commission published results of open public consultation on the Data Act, an initiative of the European Data Strategy.
The Slovenian Presidency of the Council of the European Union published proposal to amend the AI act.
Senior European commission official advised changes in privacy rules to make EU institutions more powerful. Reports Politico.

India updates

Department of Pension & Pensioners’ Welfare to use facial recognition app to verify pensioners.
Ministry of Electronics and Information Technology states more cyberattacks were reported this year till October compared to the whole of 2020. Reports Medianama.
Upcoming Delhi municipal elections may feature a biometric voter verification system. Reports Hindustan Times.

News around the globe

DNA Diagnostics Center, Inc., a DNA Testing firm filed data breach notification for breach of sensitive information of 2.1 million people.
Privacy Commissioner of Canada proposes to the government to make privacy reform a priority.
A critical vulnerability in a widely used software tool emerged as a major threat to organizations around the world. Reports The Guardian.

Read our digital newsletter here