Hello Friends,
The digital architecture for the India’s Data Protection Board is also making good progress. The DPDP Act requires a Data Protection Board to function as far as practicable as a digital office and thus needs a digital system to be set up to receive and allocate complaints and conduct hearings and pronouncements for its decisions. Also, the government is not inclined to give companies 12-18 months to comply with the Act.
Enjoy reading!
Privacy Enforcement
Garante fines utility company 10M euros for illegally processing personal data
Italy's data protection authority, the Garante, fined a utility company after receiving consumer complaints it processed out-of-date personal information, which the company used to activate unsolicited contracts. Axpo Italia was ordered to pay a 10 million euro fine for illegally processing personal data of more than 5,000 customers.
Data Breach
Aadhaar data of 815 million on sale on the dark web
According to a report by US-based cybersecurity firm Resecurity on October 9 an individual using the alias “pwn0001” shared a post on BreachForums (a darknet crime forum) offering access to 815 million records containing information on “Indian Citizen Aadhaar and Passport”. The hacker was willing to sell the entire Aadhaar and Indian passport dataset for $80,000 when contacted by Resecurity.
23andMe confirms data breach of an undisclosed number of customers
Genetic testing company 23andMe sent an email to several customers informing them a feature allowing them to compare ancestry information with other users was the target of a data breach. Meanwhile, U.S. Sen. Bill Cassidy, R-La., asked 23andMe to provide details on how personal information from its site allegedly ended up on the dark web.
Privacy in Spotlight
X CEO mulls pulling the platform out of the EU
X CEO Elon Musk is considering pulling the platform out of the EU over concerns related to complying with the Digital Services Act. Musk is reportedly considering either removing the app's availability in the EU or blocking EU citizens' access to it.
Meta to offer ad-free services in Europe
Meta will soon launch a subscription-based advertisement-free service for Facebook and Instagram for users in the EU, European Economic Area, and Switzerland in an effort to comply with the EU General Data Protection Regulation. Meta will still offer both platforms for free, which will serve "ads that are relevant" to users. Meanwhile, Norway's data protection authority, Datatilsynet, announced Meta filed a lawsuit against the regulator to remove a ban on targeted advertising practices.
Regulations
India IT minister says DPDPA draft rules nearing completion
India Union Minister for Railways, Communications, Electronics, and Information Technology Ashwini Vaishnaw said the government is close to releasing the draft rules for the Digital Personal Data Protection Act. Once published, the DPDPA draft rules will be subject to a 45-day public comment period, while the Data Protection Board builds its digital architecture simultaneously.
Saudi Arabia publishes final Personal Data Protection Law
On 7 Sept., the Saudi Data and Artificial Intelligence Authority formally released the Kingdom of Saudi Arabia Personal Data Protection Law. Enforcement of the law will begin on 14 Sept. 2024, which gives organizations one year to prepare for compliance. This law is the first privacy law in the KSA that aligns the kingdom with international privacy laws
COPPA could play a key role in Meta children's lawsuits
The U.S. Children's Online Privacy Protection Act will likely play a major role in the lawsuits 41 states and the District of Columbia filed against Meta. Specific to COPPA, the complaint attempts to make the case, in part, that technology companies, such as Meta, are required to obtain informed consent from parents prior to collecting the personal information of children online.