Hello Friends,
India's proposed Personal Data Protection Bill, 2019 may return to its original focus on personal data.
The draft bill is currently being finalized by the Ministry of Electronics and Information Technology and is anticipated to be introduced in the upcoming Monsoon Session starting on 18th July.
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
Privacy Enforcement
Belgian DPA Imposes €50,000 Fine On Rossel & Cie For Unlawful Use Of Cookies
The Belgian Data Protection Authority fined the Roularta press group 50,000 euros for its management of cookies on two websites. The ADP said the company did not meet conditions for collecting user consent for the placement of cookies under the EU General Data Protection Regulation.
CNIL Fines Energy Company For Using Customer Data To Send Marketing Materials
France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined an energy company 1 million euros. CNIL fined Totalenergies Electricite et Gaz France for not allowing customers to opt-out of receiving marketing communications using their personal data when agreeing to a contract with Total energies.
Norway DPA Issues Fines To Consumer Goods Chain
Norway’s data protection authority, Datatilsynet, issued a 5 million Norwegian krone penalty to Trump, a company with a chain of consumer goods stores, for improper user verification methods. Members had been able to register with other users’ accounts and would then have access to others’ trading histories.
Regulations
Reserve Bank Of India Has Released A Draft Master Direction On Outsourcing Of IT Services
The Reserve Bank of India (RBI) has warned of risks from cross-border outsourcing of information technology (IT) services and recommended that regulated entities closely monitor such operations. The RBI’s observations come at a time when it is considering a mandate for domestic processing of payment transactions in order to ring-fence India’s local payment systems. The RBI has recommended that regulated entities build appropriate contingency and exit strategies. Additionally, firms should ensure that the availability of records and the supervising authority would not be affected in the event of liquidation of the service provider.
Guidance Released On Cross-Border Data Processing In China
China’s National Information Security Standardization Technical Committee released guidance on conducting cross-border processing of personal information “in a standardized manner” and in accordance with the Personal Information Protection Law. The “Practice Guidelines for Cybersecurity Standards — Cross-border Processing of Personal Information” covers basic security principles and requirements for cross-border transfers, as well as “the protection of the rights and interests of personal information subjects.”
Non-Personal Data Likely To Be Dropped From India’s Data Protection Law
India's proposed Personal Data Protection Bill, 2019 may return to its original focus on personal data. A Joint Parliamentary Committee previously recommended including regulation of non-personal data under the draft law, but unidentified officials said references to non-personal data are not likely to be included within the scope of the proposal. The draft bill is currently being finalized by the Ministry of Electronics and Information Technology and is anticipated to be introduced in the Monsoon Session.