Issue 81 - Privacy Desk

Enforcement updates

American Express fined for illegal marketing

The Information Commissioner’s Office (ICO), UK announced its decision to fine American Express Services Europe Limited with GBP 90,000 for illegal marketing. ICO noted that American Express was involved in sending four million marketing emails, disguised as servicing emails to its customers even after they had opted out from receiving them, violating the Privacy and Electronic Communications Regulation 2003.

NOYB issues 500+ cookie complaints

None of Your Business (NOYB), the data privacy activist organization announced that it has sent 560 draft complaints to companies situated in 33 different jurisdictions in the EU for illegal cookie banner. NOYB complaint highlights that 90% of cookie banners did not offer option to withdraw consent, and 81% of the cookie banners, did not have a reject option at the first layer. It further mentions of use of pre-ticked consent fields and use of dark patterns on cookie banners. The companies have one-month grace period to act upon the complaint, after which NOYB would lodge formal complaint with supervisory authorities.

NOYB has developed a system that automatically discovers different types of violations and aims up to 10000 further complaints 2021.

Wawa faces claims by employees for data breach

Wawa, a convenience store and gas station company in US, is facing claims by its employees in relation to a data breach. Class action petition was filed against Wawa Inc. by its current and former employees alleging that Wawa Inc. did not incorporate sufficient technological safeguards and failed to secure personal data of its employees which led to hackers targeting personal data including financial data, of employees, and gain unauthorized access. Wawa Inc. has argued that its employee should not be allowed to file claims separately, as they are duplicative of claims by customers. The matter is now listed for further hearing. Source: WestLaw

Regulatory updates around the globe

German parliament passes the IT Security Act.
President of the Brazilian Republic approved Law to make the crimes of computer crimes via the Internet more serious.
The State Duma, Federal Assembly of Russia announces bill to prohibit compulsory collection of consumer data.
Assembly Bill for enacting the New York Privacy Act recommitted to Consumer Affairs and Protection Committee.
Law relating to the management of the exit from the health crisis published in France, privacy fines enforced.

India updates

WhatsApp assures that it will not limit features for users who are yet to accept its privacy policy. Will continue this approach till PDP Bill comes into effect – Report’s BGR
COVID-19 data records published by Bengaluru’s Civic Body’s Contractor – Report’s ET
Union Minister for Electronics and IT clarifies that the Joint Parliamentary Committee on Personal Data Protection Bill is yet to finalize the report. – Report’s HT

Guidance issued

ICO UK publishes draft guidance on Anonymisation, Pseudonymisation and privacy enhancing technologies.
Guidance for the Personal Data Processing Agents and Supervisors released by the Brazilian Data Protection Authority.
MOU to combat unwanted robocalls, unsolicited texts and unlawful communications entered into between Australia (ACMA) and USA (FCC).

News around the globe

Privacy International files legal complaint against Clearview’s AI facial recognition tool across EU.
The Italian Data Protection Authority orders suspension of data processing by Mitiga app over privacy concern.
Subway, Japan notifies breach of data pertaining to 300,000 customers.
TikTok will now collect biometric data such as faceprints and voiceprints of users in US. – Report by TechCrunch

Read our digital newsletter here.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 10 days 17 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

Enforcement updates

Regulatory updates around the globe

India updates

Guidance issued

News around the globe

Cookie Consent