Skip to main content
Please wait...

 

Hello Friends,

A move by the government of India to amend the Aadhaar Authentication for Good Governance (GG) Rules, 2020, raises Data Privacy issues.

Enjoy reading!

Privacy Enforcement

CNIL orders additional 5.2M Euro Fine against ClearView AI

France's data protection authority, the Commission Nationale de l'informatique et des libertés, announced Clearview AI is required to pay a 5.2 million euro penalty for delayed compliance with a prior order from the regulator. Clearview received a 20 million euro fine over EU GDPR violations from the CNIL in October 2022. The initial order stated Clearview had two months to comply and would pay 100,000 euros per day after the compliance deadline. The CNIL said the company did not send any proof of compliance.

Read More

Data Breach

2M Japaenes Toyota Customers’ Veichle Data Exposed in Public Cloud System

Toyota blames human error for leaving Japanese customers' data exposed for a decade. The company said identification numbers and location data of vehicles belonging to more than two million customers who signed up for Toyota's main cloud service platform since 2012 were left publicly available after the cloud system was set to public instead of private.

Read More

3M US Citizens’ Personal Data Stolen in Ransomware Attack on Insurer’s Software

More than 3 million members of a nationwide supplemental health insurer had personal information stolen in a ransomware attack on its transfer software, citing figures from the U.S. Department of Health and Human Services Office for Civil Rights breach portal. Florida-based NationBenefits previously confirmed more than 7,100 state residents had their information stolen in a mass ransomware attack, which targeted Forta's GoAnywhere file transfer software. A NationBenefits spokesperson declined to say what the general nature of the contents of members' stolen data was.

Read More

Privacy in Spotlight

Cyber Intelligence Company Purchases Physical Location Data to resell to Governments

Israeli firm Rayzone Group was found to purchase cellular users real-time location data and browsing habits through automated auctions for surveillance purposes. Rayzone  purchases this location and browsing data, "feeds" it to a surveillance system called Echo and sells it to governments to track individuals via their cellphones. Rayzone obtains data from advertising exchanges and companies that trade location and other mobile data. The company reportedly posed as prospective advertisers to acquire data through a system known as a demand-side platform.

Read More

WhatsApp User claims Company Activated his Microphone without Consent, Company blames Android OS Bug

A WhatsApp user posted on Twitter that the encrypted messaging app allegedly accessed his cellphone's microphone while he was sleeping. The publication reviewed posts on customer service boards and Reddit, in which users complained WhatsApp accessed their microphones, going back five years. In response, a spokesperson from WhatsApp’s parent company Meta claimed the user experienced a bug within the Android operating system. Google did not respond to a request for comment.

Read More

Regulations

Florida Lawmakers passes Privacy Bill

Florida lawmakers passed Senate Bill 262, legislation that would give consumers access to information collected about them by companies and the right to have some data deleted. If signed by Gov. Ron DeSantis, R-Fla., it would also require companies to allow consumers to opt out of targeted ads based on nonpseudonymous data but does not require opt-outs for targeted ads based on pseudonymous data. Consumer Reports said the bill applies to only the very largest tech companies and would leave Florida consumers' personal information unprotected in a wide variety of contexts.

Read More

Proposed Amendment to Aadhar Act Draws Criticism

Indian citizens are criticizing a move by the government to amend the Aadhaar Authentication for Good Governance Rules. The proposed change would allow more private entities to use Aadhaar authentication under the GG Rules. Some claim amending the GG Rules would violate a 2018 Supreme Court decision barring private entities from utilizing the Aadhaar authentication. However, the government said it has the authority to amend the Aadhaar Act and allow private companies access to its data for authentication if they met certain requirements for data privacy, security, and compliance.

Read More

Tasmania looks to update its Personal Information Protection Act

The Tasmania Law Reform Institute is seeking stakeholder input on potential reforms to the Personal Information Protection Act of 2004. The institute recently published an issue paper Review of Privacy Laws in Tasmania ahead of a public consultation. Submissions will be taken through 11 July.

Read More