Skip to main content
Please wait...

Hello Friends,

Under the DPDP Act, 2023, the Data Protection Board will function as a “digital office” to address personal data breaches in a “digital by design” manner. Union IT Minister Ashwini Vaishnaw announced that the Ministry of Electronics and Information Technology (MeitY) will soon release the rules for consultation. The entire implementation process, including an appellate tribunal for unresolved complaints, will be digital. The digital platform for the Board is being developed by the National Information Centre and/or Digital India Corporation.

By proactively addressing DPDPA compliance, we not only mitigate legal risks but also reinforce trust and credibility with our customers.

"Given the urgency of this matter, we propose starting the compliance process by taking up privacy assessments today to know the organisational gaps and expedite your efforts in aligning with DPDPA requirements. Taking immediate action will help you to be on the path towards compliance.”

Enjoy reading!

 

Privacy Enforcement

National Institute of Social Security fined for unlawfully publishing personal data.

The Italian data protection authority, Garante, fined the National Institute of Social Security (INPS) €20,000 following a complaint by a candidate who applied for a position at the INPS. The INPS published documents including a list of candidates, persons admitted and not admitted to written and oral tests, and the scores of each candidate on its website. The Garante found it to be violating Articles 5 and 6 of the GDPR, disseminating the personal data of over 5000 candidates.

Read More

Belgian DPA issues fines for noncompliance with rights to object and erasure.

The Belgian DPA fined an unnamed company €172,431 for its violation of consumer rights to object to processing and to request erasure of personal data under the GDPR. In addition to the fine, the DPA ordered the company to satisfy the complainant’s opposition and erasure requests within 30 days of notification of the decision and to align its processing operations with GDPR requirements.

Read More

Allianz fined €200,000 for data security failures by Spain AEPD.

The Spanish data protection authority (AEPD) imposed a fine of €200,000 on the insurance company, Allianz for violations of the General Data Protection Regulation (GDPR), following a complaint. The AEPD found that an employee at Allianz had extracted the complainant’s personal data and passed it on to the complainant’s former partner. This was a failure in ensuring the integrity and confidentiality of the data it processed. It also failed to implement appropriate technical organizational data security measures.

Read More

 

Data Breach

Croatia: AZOP reports leak of personal data of over 1 million vehicle owners.

The Croatian Personal Data Protection Agency (AZOP) announced a data leak affecting one million natural persons who are vehicle owners. Currently, supervisory action is being taken against all involved entities to uncover the details of the case and identify the controller of the compromised database.

Read More

Philippines NPC released a press statement on alleged data breach involving Toyota, Robinsons and S&R.

A group of local cybersecurity enthusiasts alleged that there have been series of data breaches from Toyota Makati, Robinsons Malls and S&R, based on deep web listing offering these stolen data for sale. The stolen data allegedly included full names, addresses, bank documents, email addresses and photographs of thousands of individuals. The NPC released a statement that the reports are currently under evaluation.

Read More

ICO and OPC investigate 23andMe data breach that hit 7 million users.

The UK’s Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) has announced a joint investigation of the genetic testing company 23andMe over a security breach affecting 7 million people last October. They will examine the scope of the information that was exposed and potential harm to affected people. It will investigate whether 23andMe had adequate safeguards to protect the highly sensitive information within its control.

Read More

 

Privacy in Spotlight

NIST reports first results from age estimation and verification (AEV)software.

The National Institute of Standards and Technology (NIST) evaluated the performance of a software that estimates a person’s age based on the physical characteristics evident in a photo of their face. These software algorithms offer a potential way to control access to age-restricted activities without compromising privacy. NIST confirmed that the testing program is ongoing and new algorithm submissions are still possible.

Read More

NOYB filed 11 complaints to immediately stop Meta’s abuse of personal data for AI.

None of Your Business (NOYB) filed 11 complaints with 11 different DPAs against Meta’s intention to use images, posts, online tracking data and additional third-party information to train its AI models, following Meta’s latest privacy policy change. The introduction of Meta’s AI models is said to be in violation of GDPR. NOYB stated its intention to file complaints with remaining EU Member States and request an urgency procedure under Article 66 of the GDPR.

Read More

LinkedIn disables tools for targeted ads based on sensitive personal data.

LinkedIn has discontinued a tool that allowed it to use sensitive personal data for targeted advertising in order to comply with EU online content rules. This was due to a complaint filed by civil society organizations to the European Commission. The Commission had sent a request for information to LinkedIn in March after the groups said the tool may allow advertisers to target users based on racial or ethnic origin, political opinions and other personal data due to their membership of LinkedIn groups.

Read More

 

Regulations

Pennsylvania Bill amending the Breach of Personal Information Notification Act before the House.

The Bill amends the Breach of Personal Information Notification Act, 2005. It provides for definitions, notification of the breach of the security of the system and for notification of consumer reporting agencies. It also provides for credit reporting and monitoring.

Read More

New York: Bill creating chief privacy officer passes Senate

The Bill amends the state technology law to establish the position of chief artificial intelligence officer and their functions, powers and duties. The chief AI officer will be appointed by the Governor to be the head of the office of AI. The bill was thereafter referred to the Governmental Operations Assembly Committee on June 4, 2024.

Read More