Skip to main content
Please wait...

 

Hello Friends,

Industry Stakeholders make pitches for India’s proposed Digital Personal Data Protection Bill.

Enjoy reading!

 

Privacy Enforcement

TikTok to pay 5 Million Euros over Cookie Consent

France's data protection authority, the Commission Nationale de l'informatique et des libertés (CNIL), issued a 5 million euro fine to TikTok over alleged cookie consent violations. The platform's consent mechanism did not give users sufficient options to opt out of cookie settings or information regarding the purpose of the cookies. The CNIL explained how the mechanism's setup actually discouraged users from refusing cookies and encouraged them to prefer the ease of the 'accept all' button.

Read More

A Company to pay 122,000 Euros for Allegedly Processing Health-Related Data

Finland's data protection authority, the Office of the Data Protection Ombudsman, issued a 122,000 euro fine to an unidentified company regarding the alleged nonconsensual processing of health data. The regulator took complaints about the processing of body mass index and maximum oxygen uptake capacity without specific disclosure to data subjects, finding the consent for processing was not individualized and informed. The company was also ordered to make corrections to its consent model.

Read More

 

Data Breach

Password Manager Hack exposes Sensitive Data

A December data breach of password manager LastPass potentially compromised millions of users' data. LastPass said unauthorized parties accessed its cloud database and obtained customers' data. While LastPass CEO Karim Toubba said sensitive data was encrypted and secured, security firm Barracuda's Vice President, Zero Trust Security Sinan Eren said all passwords managed by LastPass should be considered compromised.

Read More

235M Twitter Accounts exposed

Hackers disclosed records and email addresses from 235 million Twitter accounts on a public forum. The information was reportedly collected using a flaw in Twitter’s system that allowed outsiders to gain access to an unlimited list of email addresses and phone numbers. The exposure comes as the U.S. Federal Trade Commission and Irish Data Protection Commission monitor recent privacy issues with the social media platform.

Read More

Biometric Database sold on eBay for $68

A U.S. military-owned biometric database containing personal and biometric data on 2,632 individuals was sold privately on eBay. A German security researcher purchased the biometric capture device for $68 and found it retained names, nationalities, photographs, fingerprints, and iris scans of individuals tied to wartime efforts in Afghanistan and Iraq. The information belonged to known terrorists, wanted individuals, U.S. government contractors, and U.S. checkpoint visitors from as late as 2012.

Read More

 

Privacy in Spotlight

Instagram, Facebook to restrict Advertisers’ Access to Teen User Data

Meta said it’s Facebook and Instagram platforms will tighten restrictions on data available to advertisers to target teens. Starting in February, advertisers will no longer be able to access a user's gender or posts they have engaged with for targeted advertising. Instead, only a user's age and location will be available. Meta also said teenagers will be offered new options in Facebook and Instagram settings to "see less" of certain types of ads.

Read More

 

Regulations

Industry Stakeholders favor a Phased Implementation of the Data Law

Industry stakeholders took a firm stance on holding India's government to phased implementation of the proposed Digital Personal Data Protection Bill. In comments to Indian Parliament's public consultation on the bill, industry players opined the 24-month grace period found in India's past privacy proposals should be carried over to the latest bill. Additionally, BSA, The Software Alliance called for implementing regulations to be finalized 12 months following potential passage while Nasscom said the bill should recognize a range of data transfer mechanisms.

Read More

China’s Deepfake Regulation takes effect January 10

The Cyberspace Administration of China will begin enforcing its regulation over "deep synthesis" technologies on January 10. It's the first known legislation to comprehensively regulate artificial intelligence-powered image, audio, and text-generation software that produces deepfakes. The regulation requires conspicuous labels for synthetically generated or edited images, videos, or text that may be perceived as real or genuine. China is learning with the world as to the potential impacts of these things, but it’s moving forward with mandatory rules and enforcement more quickly, Stanford University DigiChina Project Editor-in-Chief Graham Webster said.

Read More

US President calls on Congress to pass Federal Privacy Legislation

The U.S. President Joe Biden reiterated calls for U.S. Congress to pass comprehensive federal privacy legislation. Among Biden's three broad principles for reform against Big Tech, he said serious federal protections for Americans’ privacy topped the list. That means clear limits on how companies can collect, use and share highly personal data, Biden said, adding it's not enough for companies to simply disclose data collection practices. Biden also urged limits on targeted advertising and stringent rules to safeguard children's privacy.

Read More