Hello Friends,
“In the 21st century, our basic needs have completely transformed. Until yesterday, what had no value has now become invaluable, like data. The entire world is discussing the capability of data. By bringing the Data Protection Bill, we have safeguarded future generations. We have given the future generation a tool, based on which, to make their future, they will use it well. Globally, people are interested in India’s Digital Personal Data Protection Act”, the PM said.
By proactively addressing DPDPA compliance, we not only mitigate legal risks but also reinforce trust and credibility with our customers.
"Given the urgency of this matter, we propose starting the compliance process by taking up privacy assessments today to know the organisational gaps and expedite your efforts in aligning with DPDPA requirements. Taking immediate action will help you to be on the path towards compliance.”
Enjoy reading!
Privacy Enforcement
Garante fines bank for data breach
Italy's data protection authority, the Garante, fined UniCredit Bank 2.8 million euros for alleged insufficient cybersecurity measures to prevent a data breach. The agency also fined security provider NTT Data Italia 800,000 euros for reporting the breach after the required deadline.
Swedish court fines financial services company SEK7.5M for GDPR violations
A fine against financial services company Klarna for alleged EU General Data Protection Regulation violations was raised back to SEK7.5 million by Sweden's Administrative Court of Appeal. Last year, a lower court ruled the company should pay SEK6 million in penalties. The appeals court ruled on 11 March that Klarna did not provide clear information to clients about how their personal data was stored
Facebook, Zoom hit with fines over Brazilian data collection
The Diffuse and Collective Interests Court of São Luís ordered Facebook and Zoom to collectively pay BRL20 million and BRL500 to each Brazilian Apple iOS user after it determined the companies collected and shared personal information without users' consent through an integration tool. The platforms will have to delete data and demonstrate how it is collected.
Data Breach
Ransomware group breaches sensitive data from Switzerland's government
A ransomware group stole and published sensitive data from Switzerland's government, including approximately 65,000 classified documents. The breach also leaked citizens' personally identifiable information.
Privacy in Spotlight
NZ privacy commissioner discusses AI's privacy concerns
In an interview with Voxy, New Zealand Privacy Commissioner Michael Webster discussed what AI privacy concerns his office is focused on. He noted the Privacy Act applies to data-driven AI tools and businesses are obligated to make sure you're operating within the Privacy Act, including protecting the information you hold.
Norway's DPA to unveil PrevBOT to monitor for child abuse on social media
Norway's data protection authority, Datatilsynet, will host a webinar 21 March to showcase a research collaboration between the Norwegian Police Academy and the University of Agder. The partnership created the PrevBOT, which is designed to patrol open social media to prevent the sexual abuse of children by using artificial intelligence to identify possible behaviors that could indicate a risk of abuse.
Regulations
Turkey amends PDPL provisions
Turkey's data protection authority, the Kişisel Verileri Koruma Kurumu, announced approved amendments to the Personal Data Protection Law. The amendments include updates to provisions on international data transfers and processing special categories of personal data. The changes take effect 1 June.
Utah repeals, replaces social media law
According to Husch Blackwell's "Byte Back," the Utah State Legislature repealed the Utah Social Media Regulation Act in response to lawsuits from technology lobbying groups. The law now allows for a private right of action for minors whose mental health has been harmed by a social media algorithm
Denmark's DPA rules against unlawful cookie wall practice
Denmark's data protection authority, Datatilsynet, ordered newspaper Berlingske's to bring its cookie walls use into EU General Data Protection Regulation compliance. An investigation found the company blocked content if a user did not allow data collection. Datatilsynet said the practice does not meet valid consent requirements under the GDPR.