Hello Friends,
Minister of State for IT and Electronics Rajeev Chandrashekhar said that the data protection bill has undergone a lot of consultation and is designed as a truly world-class piece of legislation. Enjoy reading!
Privacy Enforcement
Berlin DPA fines Bank over Automated Decision Making
The Berlin Commissioner for Data Protection and Freedom of Information fined an unnamed bank 300,000 euros for violating transparency obligations under the EU General Data Protection Regulation in an automated decision rejecting a credit card application. When companies make automated decisions, they are obliged to justify them in a valid and comprehensible manner, Commissioner Meike Kamp said. Those affected must be able to understand the automated decision.
Meta fined record of 1.2B Euros under GDPR by Ireland’s DPC
Meta Platforms Ireland was fined a record 1.2 billion euros under the EU General Data Protection Regulation by Ireland’s Data Protection Commission for alleged unlawful data transfers from the EU to the U.S. Meta said it would appeal the ruling.
Privacy in Spotlight
Deepfake Fraud hightens China’s AI Concerns
A case of fraud via an artificial intelligence-powered "deepfake" in China sparked alarm over growing AI harms, Reuters reports. China has seen an uptick in AI fraud utilizing voice and facial data to recreate people's likeness. The latest case involved face-duplication technology that helped an assailant facilitate a money transfer by impersonating an individual during a video call.
Kuwait announces Plans to scan Fingerprints of Everyone entering the Country
The Kuwaiti government announced it will collect fingerprint scans of everyone entering the country, both citizens and noncitizens. The effort entails installing 49 devices that scan individuals’ faces, eyes, and fingerprints at all ports of entry, which are transferred to the Criminal Evidence Department. Director of the General Department of Criminal Evidence, Major General Eid Al-Owaihan said the country aims to collect all citizens' biometric scans within a year, and citizens will be required to make an appointment with the Ministry of Interior to have their biometrics scanned.
Regulations
Minister Discusses Impacts, Penalty Scheme for India’s Proposed DPDPB
The Economic Times reports India's Minister of State for Electronics and Information Technology Rajeev Chandrasekhar indicated the proposed Digital Personal Data Protection Bill will bring deep behavioural changes to platforms operating in India. Chandrasekhar said businesses already aligned with proposed provisions have nothing to fear with the bill. He also discussed the proposed penalty scheme doesn't aim to compete with the EU General Data Protection Regulation and is sufficient to incentivise every data fiduciary or any platform to comply with the law. Parliament will table the bill in July.
Texas Legislature finalizes Comprehensive Privacy Bill
The Texas Legislature signed off on final text for a proposed comprehensive privacy bill, HB 4, following a resolution struck between chambers in a conference committee. The bill carries unique applicability standards and requires covered entities to honor universal opt-out signals, perform data protection assessments and establish data processing agreements. The law's effective date is 1 July 2024. Following approval by the Texas House and Senate, Gov. Greg Abbott, R-Texas, has 10 days upon transmission to act on the bill, with a definitive veto the only way it will not become a law.
ICO issues Guidance on Subject Access Request
The U.K. Information Commissioner's Office published guidance on responding to subject access requests. The ICO said businesses and employers risk fines or reprimands for compliance failures, but ICO Policy Group Manager Elanor McCombe said many employers misunderstand the requests or underestimate their importance. It's important not to get caught out, she said, adding the guidance is intended to help employers respond to SARs in a proper and timely manner and to ensure that employees are able to access their personal data when desired.
China’s Data Privacy Law Impinging on Research
Data use and transfer restrictions within China's Personal Information Protection Law are negatively impacting international collaboration among researchers. The signal has been very clear that China does not want its scientists to collaborate as freely as they used to with foreigners, said University of Kent sociologist Joy Zhang.