Hello Friends,
In the two-year transition period, the Govt. is providing a chance for data managers to prepare the regulated things, one of which is readying data protection officers, said Indonesian Communication and Informatics Ministry
Enjoy reading!
Privacy Enforcement
Meta faces $20M Fine for Misleading Data Use in Australia
Australia's Federal Court ordered Meta's Facebook Israel and the now discontinued Onavo to pay a combined AUD20 million for failing to adequately disclose data collection practices. The Australian Competition and Consumer Commission, which brought the case forward, said Meta used anonymized and aggregated data, including users' internet and app activity, for market research activities. ACCC Chair Gina Cass-Gottlieb said consumers should be able to make an informed choice about what happens to their data based on clear information that is not misleading.
Amazon agrees to $25M Settlement over Children’s Privacy Violations
The U.S. Department of Justice and the Federal Trade Commission announced Amazon agreed to a permanent injunction and USD25 million civil penalty to settle alleged children's privacy violations related to its Alexa voice assistant. A complaint filed in the U.S. District Court for the Western District of Washington alleges Amazon retained children's voice recordings indefinitely and engaged in unfair privacy practices egarding geolocation information and voice recordings. Among the requirements of the order, Amazon must identify and delete inactive child profiles.
Data Breach
34M Indonesians’ Passport Information stolen
A hacker reportedly stole the passport data of 34 million Indonesian citizens. The hacker is now allegedly offering 4GB of the stolen passport data on a hacking forum for USD10,000, according to a screenshot obtained by the founder of Ethical Hacker Indonesia. The data breach is under investigation by Indonesian authorities.
E-mail exposes Vulnerable Children’s Data
Names and contact emails of youth attending a New Zealand child development center were exposed in an email to other parents and guardians. Te Whatu Ora Hospital and Specialist Services interim lead Hamish Brown said the organization, which mistakenly sent the email intended for internal staff only, is working with the Office of the Privacy Commissioner to review and improve our external email-sending processes and will conduct staff privacy training to enhance awareness and ensure compliance.
Privacy in Spotlight
Brazil's ANPD opens Formal Inquiry into Threads
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, opened an investigation into Meta's new social network, Threads. Previously, the General Coordination of Technology and Research along with the General Inspection Coordination conducted a preliminary study into Threads as an initial step for ANPD monitoring activities.
Norway's DPA advises on website Analytics, Tracking
Norway's data protection authority, Datatilsynet, issued informal guidance notes on the use of website analytics and tracking tools under the EU General Data Protection Regulation. Datatilsynet outlined nine areas of consideration for companies exploring tools, including data minimization, avoiding cookie banners, and potential cross-border data transfers.
Regulations
EDPB explains Rights, Obligations under EU-US Data Privacy Framework
The European Data Protection Board adopted an information note on data transfers under the EU-U.S. Data Privacy Framework. EDPB Chair Anu Talus said the note explains individuals' rights and organizations' obligations. The EDPB will continue to pay special attention to the correct implementation of this new instrument and we look forward to contributing to the first review of the DPF next year, she said. The EDPB also adopted a statement on the first review of the EU's adequacy decision with Japan.
Indonesia issues New Regulations in preparation for PDPL Implementation
Indonesia's Ministry of Communication and Information Technology issued derivative regulations to support the implementation of the Personal Data Protection Law while offering compliance guidance to electronic system providers. Additionally, a presidential regulation is being prepared to set up an independent institution to respond to reports of data leaks.
South Korea's PIPC opens public consultation on draft data transfer regulations
South Korea's Personal Information Protection Commission launched a public consultation on draft Regulations on the Operation of Overseas Transfer of Personal Information. Opinions on the draft regulations will be accepted until 14 Aug.