Skip to main content
Please wait...

Hello Friends,

The digital personal data of a Data Principal within the territory of India may only be processed for a lawful purpose i.e. which is not expressly forbidden by law. In addition, the personal data may be processed only if the Data Principal had consented for this or for certain legitimate uses that have been listed in the Indian Digital Personal Data Protection Act (DPDPA).

By proactively addressing DPDPA compliance, we not only mitigate legal risks but also reinforce trust and credibility with our customers.

"Given the urgency of this matter, we propose starting the compliance process by taking up privacy assessments today to know the organisational gaps and expedite your efforts in aligning with DPDPA requirements. Taking immediate action will help you to be on the path towards compliance.”

Enjoy reading!

 

Privacy Enforcement

UK ICO issues provisional decision on OneAdvanced over data security failures.

The Information Commissioner’s Office (ICO) provisionally issued a fine of £6.09 million on Advanced Computer Software Group Ltd. (OneAdvanced) for failing to keep its healthcare systems secure. The ICO stated that following a ransomware incident in August 2022, the personal information, including phone numbers and medical records, belonging to 82,946 people was exfiltrated. However, this is a provisional decision and the ICO is yet to consider any representation made by OneAdvanced.   

Read More

Angola APD fined COSAL the equivalent of $75,000 following a cyberattack.

The National Data Protection Agency (APD) fined COSAL (Comércio e Serviços de Angola, Lda,) the equivalent of $75,000. Following a cyberattack in September 2023 which resulted in the encryption, unavailability, unauthorized access, and disclosure of the data. The APD found COSAL failing to comply with the duty to implement appropriate technical and organizational measures to protect the personal data of its customers and employees.

Read More

Pennsylvania AG secured $195,000 settlement with Titan Gas, LLC.

The Office of the Attorney General announced a settlement with Titan Gas, LLC regarding alleged violations of a previous settlement. In 2019, the AG alleged that 2.7 million telemarketing calls had been made to Pennsylvanians and that these contacts involved the use of deceptive and unlawful lead-generation practices. According to the new settlement, Titan Gas will pay $160,000 in civil penalties and $35,000 in costs, as well as provide a written report outlining compliance with the original settlement and consumer protection laws.

Read More

Data Breach

A new data breach has exposed the data of nearly 3 billion people in the US.

The personal data of nearly 3 billion people, including full names, past and present addresses spanning 30 years, social security numbers and more were stolen from National Public Data by a cybercriminal group known as USDoD. The hackers attempted to sell the data on the dark web for $3.5 million. The plaintiff to the class action lawsuit against National Public Data has requested the court to order National Public Data to securely dispose of all personal information it acquired through scraping from non-public sources.

Read More

Australia’s Evolution Mining suffers from a cyber-attack.

The Australian Evolution Mining announced a ransomware attack. The company states that it now believes the attack to be contained. It is working with external cyber forensic experts to investigate the incident. The company reported the attack to the Australian Cyber Security Centre. Australian firms have been suffering from some major breaches since 2022 following which, the country has boosted its cyber defences by increasing law enforcement funding and introducing mandatory reporting of such attacks.

Read More

Privacy in Spotlight

NOYB files complaint against HmbBfDI over its decision on ‘pay or ok’ model.

None of Your Business (NOYB) filed a complaint against the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) with the Hamburg Administrative Court following the HmbBfDI's decision in relation to the 'pay or ok' consent banner on DER SPIEGEL's website. NOYB alleged that the HmbBfDI provided legal advice to DER SPIEGEL during the proceedings and according to GDPR, authorities are supposed to sensitize companies, not advise them. NOYB has request the Hamburg Administrative Court to overturn HmbBfDI’s decision.

Read More

NOYB files complaints against X with nine DPAs.

According to NOYB, since July 2024, X has introduced a new default setting on its platform to irreversibly ingest all user data for undefined machine learning of AI model technology. The complaint against X alleges violations under the General Data Protection Regulation for lack of a valid legal basis for collecting and using personal data and lack of transparency. This lead NOYB to file nine complaints against X with DPAs of Austria, Belgium, France, Greece, Ireland, Italy, Netherlands, Spain and Poland.

Read More

Regulations

Russia: law on processing anonymized data signed by President.

The National Centre for Artificial Intelligence Development of the Russian Federation announced that the bill on transfer of anonymized personal data to the Ministry of Digital Development was signed by the President. The law allows the transfer of personal data to the Ministry in anonymized form for subsequent processing without the consent of the subject, provided that further processing would not allow the identification of a data subject.

Read More

United Nations (UN) agrees on draft convention against cybercrime.

The UN announced its agreement on the draft UN convention against cybercrime. The draft Convention attempts to promote measures to prevent and combat cyber-crime efficiently and effectively. Notably, the draft Convention provides general principles for international cooperation in the investigation and prosecution of, and judicial proceedings in relation to, criminal offenses established by the draft Convention. State parties to the draft Convention are not required to transfer personal data if the data cannot be provided in compliance with their applicable personal data laws. State parties are encouraged to establish bilateral or multilateral arrangements to facilitate the transfer of personal data.  

Read More