Skip to main content
Please wait...

 

Hello Friends,

India’s DPDP bill is set to be introduced in Parliament's monsoon session this year and seeks to balance privacy protections with industry-friendly measures. Enjoy reading!

Privacy Enforcement

ICO reprimands Police for Recording 200K Calls

The U.K. Information Commissioner's Office reprimanded Surrey and Sussex police for using an app that recorded and automatically saved more than 200,000 phone calls without individuals' knowledge. The ICO said the app was downloaded onto the work phones of 1,015 staff members and it was highly likely it captured a large variety of personal data, the processing of which the ICO determined was unfair and unlawful. The ICO issued the reprimand instead of a 1 million GBP fine per department.

Read More

Garante fines Marketing Company 300K Euros

Italy's data protection authority, the Garante, fined a digital marketing services company 300,000 euros for allegedly illegally processing users' personal data for marketing purposes. The Garante said the company's online portals used dark patterns to entice users to pay consent to the processing of data for marketing purposes and to the communication of data to third parties always for the same purpose. The company was also unable to demonstrate obtained consent for sending promotional messages, the Garante said.

Read More

 

Privacy in Spotlight

AI Voice and Video Tool creates Convincing Replicas

Audio and video artificial intelligence tool Synthesia from ElevenLabs was able to replicate Wall Street Journal technology columnist Joanna Stern's voice. Stern wrote the tool fooled both her family and bank phone login system. She said for quick sentences, the avatar can be quite convincing. The longer the text, the more her bot nature comes through. Additionally, Stern said the potential for misuse was a real problem, and all users have to do is check a box agreeing they wouldn't use the technology for fraudulent purposes.

Read More

ChatGPT resolves Garante’s Data Protection concerns

Italy's data protection authority, the Garante, removed its limited block of OpenAI's ChatGPT after the company rectified alleged data protection issues. The regulator ordered limits on the popular generative artificial intelligence tool's data collection 31 March and gave OpenAI a 30 April compliance deadline over EU General Data Protection Regulation allegations concerning legal bases for processing data and children's data protection. It's unclear how the data processing claims were addressed, but OpenAI recently added an age verification and parental consent process.

Read More

 

Regulations

Government receives more than 20K Submissions on India’s proposed DPDP Bill

Officials have received more than 20,000 public submissions on India's draft Digital Personal Data Protection Bill, the Hindustan Times reports. In a submission, Supreme Court of India Advocate and Cyber Saathi founder N.S. Nappinai said, “To formulate a draft that neither protects individuals from corporate nor Government excesses does not spell out a robust privacy legislation." The Internet Freedom Foundation also raised concerns that the bill allows for the non-consensual processing of personal data. The bill is on track to be introduced in Parliament's monsoon session.

Read More

Ireland’s DPC issues Employee Data Protection Guidance

Ireland's Data Protection Commission announced fresh employer guidance on handling the data of current, former, and prospective employees. The DPC said the guidance is aimed at standard data collection, including employees' names and contact information, but added employers need to also consider nontraditional data like information on occupational health, sick leave, performance reviews, or disciplinary actions. The guidance also includes guidelines for employee monitoring and tracking.

Read More

Data Localisation Provisions removed from Draft DPDP Bill

India's Minister of State for Electronics and Information Technology, and Skill Development and Entrepreneurship Rajeev Chandrasekhar said data localization provisions were changed in the recent version of the proposed Digital Personal Data Protection Bill. We want to create a framework for every legislation that allows it to evolve and we certainly will not impose hardcore data localisation as a condition, Chandrasekhar said. Localization provisions were previously a requirement for cross-border transfers of sensitive and critical personal data.

Read More