Hello Friends,
Nigeria’s Data Protection Bill, 2020 may be passed before December this year.
The National Commissioner of the Nigeria Data Protection Burea Olatunji said “Our aim is to ensure that the law goes to the National Assembly this third quarter to be passed before December”
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Privacy Enforcement
CARU finds video game publisher violated COPPA, self-regulatory Guidelines
The Children’s Advertising Review Unit of BBB National Programs has found Outright Games violated CARU’s self-regulatory guidelines and the Children’s Online Privacy Protection Act. On the Bratz Makeover app from Outright Games, CARU discovered that users could change their age indefinitely, circumventing any intended safeguards and allowing children younger than 13 to interact with social media, make in-app purchases, and consent to behavioral targeting. Outright Games agreed to corrective actions.
Iceland’s DPA Issues Fines to City of Reykjavík for processing of children’s data
Iceland’s data protection authority, Persónuvernd, issued a 5 million Icelandic Króna penalty to the city of Reykjavík for processing school children’s data. The sensitive personal data was entered on the Seesaw student system as teacher feedback and information on students’ personal private affairs.
Data Breach
Hotel Marriott, Maryland suffers another data breach
Hotel group Marriott International announced that it was hit by a social engineering attack that exposed 20 gigabytes of sensitive data of guests and employees including guests credit card information.
China records database leak reportedly affect 1B citizens
The database from the Shanghai police department, containing data on 1 billion Chinese citizens, is for sale for approximately $200,000 on an online cybercrime forum. The hacker claims the records contain individuals’ names, national ID numbers, phone numbers, birth information, and data on crimes and police-involved incidents. The hacker has posted a sample of 750,000 records to prove authenticity.
Privacy in Spotlight
Italy warns TikTok over Personalized Advertisements
The Garante, Italy’s data protection authority, sent a clear message to TikTok over its handling of personal data used for targeted advertising. The warning comes after the modification in TikTok’s privacy policy stating that the processing of personal data of people aged above 18 would be based on legitimate interest instead of informed consent. The Garante ordered to take immediate steps to come into compliance with EU e-Privacy Directive.
Google will begin automatically deleting sensitive location data
The move to delete sensitive location data has come in the wake of the US supreme court’s decision to end women’s constitutional right to abortion and subsequent fears that mobile location data could be used to police women who seek reproductive health services in states that have criminalized abortions. The sensitive location will include but not be limited to counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics etc.
Regulations
Nigeria’s Personal Data Protection Bill expected to be passed before December
The National Commissioner of the Nigeria Data Protection Bureau Vincent Olatunji to pass the Personal Data Protection Bill, 2020 by December this year. Stakeholder collaboration has been the “major roadblock” to passing the law. Now, the bureau is working with the World Bank, European Investment Bank, and French Development Agency to have principal legislation. The aim is to present the law before the National Assembly this third quarter to pass it before December.
CPPA starts the CPRA rulemaking process
The California Privacy Protection Agency officially announced the formal rulemaking process for the California Consumer Privacy Rights Act. The draft regulation update existing California Consumer Privacy Act regulations to harmonize them with CPRA, while modifying certain provisions and proposing new regulations. The public is asked to participate in the rulemaking process by submitting written comments by August 23.