Hello Friends,
Any decision to lower the age of consent to 16 a year after the DPDP Bill is enacted will be the government’s way of reassuring companies in the ed-tech and other children-content-related space, said IT Ministry.
Enjoy reading!
Data Breach
Medical Group faces Lawsuits following Breach affecting 3.3M People
Regal Medical Group in California is facing at least five proposed class-action lawsuits related to a December 2022 ransomware attack that affected 3.3 million people. The suits allege the company failed to protect individuals' sensitive information and violated state and federal laws, including the Health Insurance Portability and Accountability Act. Potentially exposed data included personally identifiable information.
Privacy in Spotlight
Cybersecurity Researchers uncover ChatGPT Android Malware, Phishing Campaigns
The popularity of artificial intelligence chatbots, such as ChatGPT, has led to new Android malware and phishing campaigns, according to research from cybersecurity firm Cyble. Researchers found phishing websites containing malware are spread via a spoofed social media page for ChatGPT maker OpenAI. Other phishing sites posed as payment portals for users to pay for ChatGPT services in order to steal their credit card information. In total, Cyble found 50 fake Android apps posing as legitimate using the ChatGPT brand.
Air Canada launches Facial Recognition Option for Travelers
Air Canada is launching a voluntary facial recognition option for passengers flying through Vancouver International Airport and visiting its lounge at Toronto's Pearson International Airport. Travelers will upload a facial image and scan of their passport to the Air Canada application where it will be stored for up to 36 hours after a flight departs. Travelers will be required to grant consent each time they want to use their stored data for a new trip.
British Columbia OIPC to host Children’s Privacy Forum
The Office of the Information and Privacy Commissioner of British Columbia will hold the OIPC Youth Privacy Forum on March 9. The event is open to the province's high school students, grades 10-12, and seeks to hear directly from youth about the privacy issues that affect them. There will also be teen privacy discussions related to social media and the educational experience.
Regulations
European Parliament, EDPB to debate proposed EU-US Data Privacy Framework Opinions
The European Parliament Committee on Civil Liberties, Justice, and Home Affairs announced a March 1 debate on a motion to finalize its nonbinding opinion on the proposed EU-U.S. Data Privacy Framework and the subsequent U.S. adequacy decision. European Data Protection Board Chair Andrea Jelinek is slated to present EU data protection authorities opinion on the matter for parallel discussion among members of the European Parliament.
Canadian Privacy Regulators Launch TikTok Investigation
The Office of the Privacy Commissioner of Canada and provincial privacy authorities announced an investigation into TikTok's data practices. Regulators in Alberta, British Columbia, and Québec will join the OPC in a review of whether the organization’s practices are in compliance with the Canadian privacy legislation in relation to user consent and transparency obligations. The OPC also stressed the probe will have a particular focus on TikTok’s privacy practices as they relate to younger users.
India’s proposed Digital Personal Data Protection Bill to cover Minors Under 18
India's Ministry of Electronics and Information Technology defined a child as someone under 18 years old in the proposed Digital Personal Data Protection Bill. An official said the government will be allowed to revisit the definition after a year with an eye toward moving coverage to minors under 16. The official explained there is no reason why (the age) cannot be lowered so long as companies can assure us that they have put in place a proper framework for data protection and prohibition of targeted advertising.
Australian Government committed to reform Metadata Retention Laws
Australian Attorney-General Mark Dreyfus said the government was committed to reforming the Mandatory Data Retention Regime. He highlighted the work of the bipartisan Parliamentary Joint Committee on Intelligence and Security, which published a report finding while the Mandatory Data Retention Regime provides critical assistance to law enforcement and intelligence services, the regime lacks transparency and adequate safeguards. Also, the PJCIS heard evidence that a large number of non-criminal law enforcement agencies, including local councils, were using other laws to gain access to people’s metadata outside the retention regime.