Data privacy settlements in USA
The US Federal Trade Commission announced that it had finalized terms of settlement with Everalbum, Inc. The company was using its facial recognition technology illegally and stored personal photos of deactivated customers. The FTC reached a final settlement which requires, among other things, Everalbum to obtain express consent from customers before using its facial recognition technology on their photos.
The New York State Department of Financial Services also entered a USD 1.8 million settlement with First Unum Life Insurance Company of America and Paul Revere Life Insurance Company. The insurance companies had failed to secure sensitive personal data of customers due to cyber-attacks.
Hamburg’s watchdog bans data processing of WhatsApp users
Fine for failing to appoint EU representative.
A fine was issued by the Dutch Data Protection Authority (DPA) against an international website named Locatefamily.com. Several EU citizens had complained to the Dutch DPA that they wanted their personal details to be removed from the website but were unable to do so, as there was no GDPR representative appointed. Pursuing these complaints, the DPA issued a fine of EUR 525,000 against the website. GDPR mandates that companies, located outside of EU and offering goods and services in the EU, must appoint a GDPR representative.
Noyb files complaint against Google’s AAID
Privacy activist group noyb, filled a formal complaint before the Austrian Data Protection Authority against Google LLC. Noyb claimed that Google’s Android Advertising ID (AAID), which is used by Google and other third parties associated with Google to track and monitor users of android devices is illegal and violates the GDPR. The complaint also stated that Google neither provided an opt-in consent mechanism nor it demonstrated any sufficient legal basis for the use AAID.
Regulatory updates around the globe
- Two bills titled Children and Teens’ Online Privacy Protection Act and Clean Slate for Kids Online Act of 2021, seeking to amend the Children’s Online Privacy Protection Act tabled in US senate.
- Law ratifying the amending protocol to the Convention for the Protection of Individuals with regard to the Processing of Personal Data (Convention 108) passed in Italy.
- Ecuador notifies the Organic Law on the Protection of Personal Data.
- Dominos India’s data base suffers breach. 13 tera byte worth of personal data stolen.
- Guidelines for integration of Co-Win App with third party applications released by Government of India.
- Resolution urging European Commission to reconsider its draft UK adequacy decision passed in the European Parliament.
- EU Parliament and European Council arrives at an agreement for digital COVID19 certificate with data protection safeguards.
- European Data Protection Supervisor launches investigations against Amazon Web Services and Microsoft following the Schrems II judgment.
- Office of the Privacy Commissioner of Canada issues statement on vaccine passports.
- Turkish antitrust authority issues press release on its investigation of WhatsApp – Facebook data transfer.
- Guide on implementing GDPR in the social and medico-social sector, published by French data protection authority.
News around the globe
- US president’s account on a peer-to-peer payments app accessible, raises privacy concerns. – Report’s Buzzfeed
- “GDPR successfully withstood 2020 pandemic test” says president of CNIL, the French Data Protection Authority. Report by EURACTIV.
- Mobile app developer’s exposed personal data of 100 million users. – Research by Check Point
Read our digital newsletter here.