Hello Friends,
The Indian government is set to release the draft rules proposed to be enacted under the Digital Personal Data Protection (DPDP) Act for public consultation in the second or third week of August 2024. The rules are expected to be notified after the current Parliamentary session concludes.
By proactively addressing DPDPA compliance, we not only mitigate legal risks but also reinforce trust and credibility with our customers.
"Given the urgency of this matter, we propose starting the compliance process by taking up privacy assessments today to know the organisational gaps and expedite your efforts in aligning with DPDPA requirements. Taking immediate action will help you to be on the path towards compliance.”
Enjoy reading!
Privacy Enforcement
Texas AG secured largest ever settlement of $1.4 billion by a single State from Meta.
The Texas Attorney General had sued Meta in 2022 for unlawfully capturing the biometric data of millions of Texans without obtaining their informed consent as required by Texas law. After only approximately two years since filing the petition, Texas reached a settlement agreement with Meta. The company will pay the state of Texas $1.4 billion over five years.
South Korea PIPC fines AliExpress KRW 1.97 billion for PIPA violations
The South Korean Personal Information Protection Commission (PIPC) imposed a penalty of KRW 1.97 billion (approx. $1.43 million) on Alibaba.com Singapore E-Commerce Private Limited (AliExpress) for violation of the Personal Information Protection Act (PIPA). The PIPC said AliExpress provided information about customers in South Korea to about 180,000 sellers in other countries, mostly in China, without taking measures required by the Personal Information Protection Act.
Data Breach
Türkiye KVKK announces data breach involving a Children’s Hospital in Chicago.
The Türkiye Personal Data Protection Authority (KVKK) disclosed a data breach involving Ann & Robert H. Lurie Children's Hospital of Chicago. The KVKK highlighted that Lurie Children's Hospital had notified them of the breach, as required by Article 12(5) of the Law on Protection of Personal Data. Nearly 800,000 people had their sensitive health information leaked during a ransomware attack.
Türkiye KVKK announces SunExpress data breach.
The Personal Data Protection Authority (KVKK) disclosed a data breach involving Güneş Ekspres Havacılık A.Ş. (SunExpress). The KVKK highlighted that SunExpress had notified them of the breach, as required by Article 12(5) of the Law on Protection of Personal Data No. 6698.According to the KVKK, SunExpress reported that a cyber attacker gained unauthorized access to the data. The breach occurred on July 15, 2024, and was detected on the same day.
Privacy in Spotlight
Indian Budget allocates INR 20M for establishment of Data Protection Board.
The Minister of Finance and Corporate Affairs of India presented the Union Budget for 2024-2025 in which it has allocated the Ministry of Electronics and Information Technology INR 20 million for setting up the Data Protection Board of India under the Digital Personal Data Protection Act that came into force last year.
FCCPC Fines Meta $220M for Violating Nigerian Data Protection Laws.
In a decisive move to protect Nigerian consumers’ data privacy, the Federal Competition and Consumer Protection Commission (FCCPC) has issued a Final Order against Meta Platforms, Inc. and WhatsApp LLC. Following a comprehensive 38-month investigation, the Commission, in collaboration with the Nigeria Data Protection Commission (NDPC), concluded that Meta Parties engaged in numerous violations of the Federal Competition and Consumer Protection Act (FCCPA) 2018 and Nigeria Data Protection Regulation (NDPR) 2019.
Regulations
Israel: Medical information mobility law published in law book.
On July 24, 2024, the Parliament (Knesset) announced the publication of the Medical Information Mobility Law, 2024 in the law book. The purpose of the law is to regulate the right of every person to transfer medical information to improve medical treatment, among other things, with consent while maintaining privacy. In addition, the Law will contribute to the effectiveness of the healthcare system by minimizing redundancies in tests and treatments, and in the long term will save time and efforts to the healthcare system.
Czechia: Draft law on cyber security published.
the National Office for Cyber and Information Security (NÚKIB) announced that on July 23, 2024, the draft law on cyber security in the version approved by the Government was published in the electronic library of the legislative process (eKlep). The latest version of the draft law consolidates the incorporated requirements of the Government and the Legislative.