Hello Friends,
“Meity is mulling to improve upon the Bill to exempt early-stage startups from the provisions of the Digital Personal Data Protection Bill. This may be for a limited time period in cases where they may be doing some kind of data modeling etc to develop their solution” said Source.
And
The Commission begins the adoption of adequacy decision for secure data flows with the US.
Enjoy reading!
Privacy Enforcement
CNIL issues a Fine of 300,000 Euros to the Phone Company
French phone provider, FREE, was fined 300,000 euros by France's data protection authority, the Commission nationale de l'informatique et des libertés. The CNIL found FREE in violation of several EU General Data Protection Regulation provisions, including individuals’ right to access their data, right to erasure, failure to ensure the protection of data, and failure to document data breaches.
CJEU upholds 225M Euro WhatsApp Fine
The Court of Justice of the European Union denied a challenge by Meta's WhatsApp over its 225 million euro fine issued by Ireland's Data Protection Commission in September 2021. WhatsApp filed for an annulment of the European Data Protection Board decision that led to the DPC fine. The CJEU upheld the EDPB's role and authority to arrive at a collective decision under the EU General Data Protection Regulation's consistency mechanism while noting WhatsApp was not directly concerned by the board's decision.
Garante issues a Fine of 2M Euros to the Clubhouse Owner
Italy's data protection authority, the Garante, fined Alpha Exploration, owner of the social network Clubhouse, 2 million euros for violations of the EU General Data Protection Regulation. The Garante cited a lack of transparency around data use, users' ability to store and share audio without consent, sharing of account information without a legal basis, and indefinite storage times for recordings. The Garante said Alpha Exploration will implement measures to protect users and conduct an impact assessment on data processed through Clubhouse.
Data Breach
Cyberattack on Health Authority exposes Data of 58K
A cyberattack on health authority Eastern Health exposed the private data of more than 58,000 Newfoundland and Labrador residents and 280 current and former staff members. The Office of the Information and Privacy Commissioner for Newfoundland and Labrador said an investigation into the breach won’t be complete until March 2023. Eastern Health said the social insurance numbers of less than 20 patients and banking information of less than five patients were accessed.
Privacy Regulations
Snapchat enables Privacy features to comply with CPRA
Snapchat will implement a feature enabling California-based users to ask the application to limit the use of sensitive personal information. The toggle switch is designed to comply with the California Privacy Rights Act, which takes effect on Jan. 1, 2023. While the feature will appear in the privacy controls section of the Applications settings for all users, its function works only for users located in California.
India considers limited Startup Exemption in Draft Data Protection Bill
Indian Parliament is weighing a potential exemption for early-stage startup companies in the proposed Digital Personal Data Protection Bill. A source within the Ministry of Electronics and Information Technology said the reprieve may come with a limited time period to give startups time to develop their solution without compliance burdens. The draft bill remains under public consultation through December 17.
ICO creates Children’s Code Design Tests
The U.K. Information Commissioner's Office created design tests to help designers assess whether products or services likely to be accessed by children comply with the Children's Code. The ICO said the tests will support designers in creating online experiences that protect children's personal data, noting, "Each test provides a report detailing areas of good practice as well as steps you can take to improve your conformance."
EU-US Draft Adequacy Decision arrives
By announcing a draft decision on U.S. adequacy, the European Commission has opened the door for the adoption of a new EU-U.S. data transfer agreement the next year. The adequacy decision will foster secure trans-Atlantic data flows and resolve the issues identified in the Schrems II judgment.
UK releases Code of Practice to improve Application Privacy, Security
The U.K. released a voluntary code of practice to improve security and privacy requirements on applications and app stores. New measures include improved reporting of software vulnerabilities and enhanced transparency around privacy and security for app users. "Today we are taking steps to get app stores and developers to keep customers even safer in the online world," Minister of State at the Department for Digital, Culture, Media, and Sports Julia Lopez said. The government will work with app developers and operators over the coming nine months to ensure adoption.