Hello Friends,
After a long wait, India’s Digital Personal Data Protection Act is passed. The regulated Privacy era begins in India.
Enjoy reading!
Privacy Enforcement
FCC proposes $20M data security fine against affiliated telecoms
The U.S. Federal Communications Commission announced a proposed USD20 million fine against affiliated telecommunications providers Q Link Wireless and Hello Mobile Telecom over alleged unauthorized access and disclosure of customer data. The FCC Privacy and Data Protection Task Force investigation found alleged data security issues led to access to customer proprietary network information through unauthenticated customer identities.
Data Breach
Nearly 1.5M individuals swept up in Alberta dental benefits provider breach
Public dental benefits administrator Alberta Dental Service Corp. announced a data breach affecting approximately 1.47 million individuals. A ransomware attack of the government-backed ADSC involved access to the names, addresses, and personal banking information of at least 7,300 individuals. The system vulnerability spanned 7 May-9 July, according to ADSC, which said hackers accessed and copied certain data from our network before deploying the malware.
Northern Ireland police leaks 10,000 officers' names in FoI request response
The Police Service of Northern Ireland inadvertently leaked the names, locations, and ranks of 10,000 officers and civilian personnel in response to a Freedom of Information request. Assistant Chief Constable Chris Todd called the error unacceptable and said the release of the information could endanger officers. U.K. Information Commissioner John Edwards said his office is investigating but does not yet know the extent to which the personal information was accessed during the time it was exposed.
Privacy in Spotlight
Mobile app privacy falls behind in digital evolution
Brian Chen breaks down how privacy practices of decades-old mobile apps are falling behind in the modern digital landscape. Chen used the mobile payment app Venmo as an example, opening the 15-year-old app still functions in a way where publicly available transaction data "could be used to study your movements or inadvertently disclose relationships.
Regulations
President grants assent to Digital Personal Data Protection Bill, 2023
The President of India Droupadi Murmu on 11 August (Friday) granted assent to the Digital Personal Data Protection Bill, 2023 (DPDP Bill) after it was passed by both houses of the parliament.
Minister commits to breach enforcement under India's data protection Act
Companies that obtain user consent to process their personal data will be held liable for breaches under India's Digital Personal Data Protection Act, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar. Chandrasekhar said companies won’t be allowed to pass the buck on to third-party cloud service providers. Meanwhile, an op-ed in India Legal highlighted the pros and cons of the DPDPA, such as continuing the government's exemption clause.
EU-US DPF may be more resilient to a CJEU challenge
The EU-U.S. Data Privacy Framework makes significant changes to both the procedures that govern U.S. foreign intelligence surveillance and the oversight of their implementation, Brookings Institution Tisch Distinguished Visiting Fellow Cameron Kerry writes in Lawfare. Kerry said the framework is positioned to be upheld by the Court of Justice of the European Union due to negotiators' dedication to developing a sophisticated understanding of the comparisons between each other's laws and evolving norms among democratic states about safeguards for government access to information.