Hello Friends,
Three things have to be in place for the process to be implemented in full: the rules, the design architecture for implementing the DPDP Act, and the data protection board. We are working on all three activities in parallel said, Minister Ashwini Vaishnaw.
Enjoy reading!
Privacy Enforcement
US food delivery service breach affects 1.2M
U.S. food delivery service PurFoods disclosed a data breach that potentially affected personal, financial, and medical data belonging to more than 1.2 million customers.
Data Breach
18M records leaked from Brazilian escort service
A cybersecurity researcher discovered a data breach of a popular Brazilian escort service, Fatal Model. Eighteen million records were left exposed in two non-password-protected databases.
Privacy in Spotlight
Global warning issued on social media data scraping
Data protection authorities from around the world issued a joint statement addressing the privacy risks posed by data scraping social media and other public websites. The DPAs, including the Office of the Privacy Commissioner of Canada, declared personal information on the internet that is publicly available, publicly accessible, or of a public nature is still subject to global data protection and privacy laws. The joint statement also identified privacy risks including targeted cyberattacks, identity fraud, and profiling.
Facebook Messenger expands encryption trials
Meta announced millions of Facebook Messenger accounts will be able to trial end-to-end encryption standards for individual and group chats. Meta is working to finalize default encryption standards by year's end and maintains it is on track to do so. The company said default encryption will enhance the security we already provide and give people additional confidence that their personal messages will remain private.
Regulations
India's data protection law lauded by multiple DPAs around the world
The passage of India's Digital Personal Data Protection Act was met with praise from several countries. An official from Norway's data protection authority, Datatilsynet, said it could look to mirror some provisions of the DPDPA and praised its safeguarding of children from behavioral advertising. An official from South Africa's Information Regulator said the success of the bill would be tied to how the Data Protection Board functions.
India Developing Parental Consent Mechanism
Indian officials plan to build a parental consent system by using Digilocker, a government-supported data governance repository. The system would create a database of parent and child identities that platforms can refer to for age verification and consent purposes. India's Digital Personal Data Protection Act has children's privacy and age verification requirements for children under 18.
Rulemaking underway for India's DPDPA
India's Minister of Electronics and Information Technology Ashwini Vaishnaw said rulemaking under the Digital Personal Data Protection Act will be very simple, very straightforward, and very easy to implement. He added the rulemaking will be "consultative" and there will be no delay due to the 2024 general elections.