Skip to main content
Please wait...

Hello Friends,

The landmark DPDPA of India, gives various rights to data principals. One such right is the right to access information. If a company is processing personal data, one has the right to ask a summary of what personal data they possess, a list of any other companies that they’ve shared your personal data with, any other information about your personal data and how it is being used.

By proactively addressing DPDPA compliance, we not only mitigate legal risks but also reinforce trust and credibility with our customers.

"Given the urgency of this matter, we propose starting the compliance process by taking up privacy assessments today to know the organisational gaps and expedite your efforts in aligning with DPDPA requirements. Taking immediate action will help you to be on the path towards compliance.”

Enjoy reading!

 

Privacy Enforcement

South Korea’s PIPC fined six businesses for alleged PIPA violations

The Personal Information Protection Committee (PIPC) sanctioned 6 businesses that violated personal information protections laws. It was decided to impose a total fine of KRW 196.99 million and a fine of KRW 47.1 million on each business. These businesses violated safety measures and obligations such as notification of personal information leaks under the Personal Information Protection Act (PIPA).

Read More

Italy Garante fines Innova Camera for GDPR violations after a cyberattack

The Italian Data Protection Authority, Garante, imposed a fine of €25,000 on Innova Camera following a cyberattack. The personal data affected included names, tax codes, email addresses, telephone and mobile numbers and access and identification data (usernames and passwords). This data was found in a database consisting a backup copy of the appointment management system which was not deleted after the necessary period for verification. The passwords of users stored in a file were found to not be cryptographically robust.

Read More

Data Breach

A cyberattack on the UK Ministry of Defense’s breached personal information

The attack targeted a payroll system used by the UK Ministry of Defence and breached “personal HMRC-style information” relating to current and former members of the Defense. This includes names, bank details and in some cases, personal addresses. The Ministry of Defense has taken immediate action and the system has been taken offline while investigations are under way. They will also be providing support, awareness and advice to those affected.

Read More

Privacy in Spotlight

German DSK issued guidance on AI to comply with the GDPR

The DSK warned that use of generative Artificial Intelligence (AI) can lead to a series of problems under EU privacy law. Entities using AI to establish intended use and a legal basis for processing training data while enabling data deletion and correction rights. A disclaimer warning users of potential factually unreliable results is insufficient when the inaccurate data pertains to an individual.

Read More

EU Trade Unions ask Authorities to investigate Amazon’s data surveillance practices

Trade Union leaders from 11 European countries have asked the Data Protection Authorities to investigate Amazon’s employee monitory practices. The request comes after the French CNIL imposed a penalty on Amazon, following an investigation for creating an “excessively intrusive system” for monitory employee activity and performance, and for inadequate video surveillance protocols. Amazon has filed an appeal before the Council of State against the CNIL’s decision.  

Read More

Regulations

Colorado passes landmark Artificial Intelligence Bill on May 8, 2024

Colorado becomes the first state within the United States to pass a legislation regulating the use of Artificial Intelligence (AI). The proposed Bill has similarities to the EU AI Act. It creates requirements for when to disclose the use of AI and also establishes rules around high-risk systems. It requires developers and deployers of AI to take reasonable care to prevent algorithmic discrimination in high-risk systems.

Read More

NZ Parliament Justice Committee is calling for comments on the Privacy Amendment Bill till June 14, 2024

The Privacy Amendment Bill amends the Privacy Act, 2020. This bill proposes to improve transparency for individuals about the collection of their personal information. The bill would create a new notification obligation on an agency when it collects personal information indirectly. It would also make some technical amendments to remedy minor issues that have arisen since the principal Act came into force. The bill would create a consumer notice requirement for agencies collecting personal information indirectly and make technical adjustments to the current law.

Read More

Colorado amends the Privacy Act to add data protection for minor’s online activity

The Speaker of the Colorado House of Representatives and the President of Colorado State Senate signed a Bill on Privacy Protections for Children’s Online Data on May 14, 2024. The Bill amends the Colorado Privacy Act by adding data protection for a minor’s (defined as under the age of 18) online activity. Data controllers would now be required to use reasonable care to avoid heightened risk of harm to minors caused by the product, service or feature.

Read More