Privacy Enforcement
Dutch Court fines Florida-based Software Company 75K Euros for Webcam Monitoring
The Dutch court ordered a Florida-based software development company to pay 75,000 euros to a former employee who refused to leave his webcam on. The Netherlands resident who worked for Chetu's Rijswijk branch said the company’s screen-sharing and webcam workday requirements were “an invasion” of privacy and violated data privacy regulations. “Instruction to leave the camera on is contrary to the employee’s right to respect for his private life,” the court said.
ICO fines 1.48 Million GBP over Easylife for Misusing Customer’s Personal Information
The U.K. Information Commissioner’s Office fined catalog retailer Easylife 1.48 million GBP for using the personal information of nearly 150,000 customers to target them with advertisements. Easylife, which sells household goods, was fined 1.35 million GPB for predicting customers’ medical conditions using their data without consent and targeting them with “health-related products." The company also received an additional fine of 130,000 GPB for making more than 1.3 million “predatory direct marketing calls.” The ICO found that 80 of 122 items Easylife sold were “trigger products” the company would use to profile customers.
LifeBridge Health Settles Data Breach Lawsuit for $ 9.5 Million
LifeBridge Health agreed to a $9.5 million settlement in a class-action lawsuit over a 2018 data breach that compromised the personal data of more than 500,000 patients. Under the settlement, an $800,000 fund will cover claims from class members who said their personal data was exposed to identity thieves and LifeBridge Health will allocate $7.9 million to security improvements, including data encryption and multifactor authentication.
Data Breach
2K, a Video Game Company experiences Data Breach
Video game maker 2K issued a warning to users to be cognizant of “suspicious activity” on their accounts. The company reported it was breached in September, which compromised the personal information of an “unknown number” of users and recommended they change their passwords stored online. The stolen personal information includes names, email addresses, console IDs, and Gamertags.
Privacy in Spotlight
Former Uber CSO convicted for 2016 Data Breach Cover-Up
A federal jury found former Uber Chief Security Officer Joe Sullivan guilty of obstructing justice for keeping the ride-hailing app's 2016 data breach from the U.S. Federal Trade Commission, which had been probing Uber’s privacy protections at the time. The ruling marks the first decision on U.S. chief executive liability about data breaches. "Mr. Sullivan's sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet," Sullivan's attorney David Angeli said. No date has been set for sentencing.
Trust Stamp launches Government-Focused Biometric Data Authenticator Tool
A new solution may strengthen protections for users’ biometric data by utilizing irreversibly transformed identity tokens (IT2). Trust Stamp launched “Privtech” which offers four layers of privacy protection for “government-focused” digital identity services. At Level Four, “enrolment and authentication processes take place entirely on the user’s device, with only a one-time identifier leaving the device.” The company said using IT2 tokens allows Privtech to identify the user “without disclosing underlying biometric data.”
Regulations
Indian Government reiterates Intent to table Reworked Data Protection Bill
The Government of India told the Supreme Court of India that a revised data protection bill will be tabled in Parliament's Winter Session. During a hearing challenging WhatsApp's privacy notice, Solicitor General Tushar Mehta told the court the government is "alive" to India's lack of a privacy framework and a reworked bill is "underway." Supreme Court justices asked Mehta and the government to bring the bill before Parliament to resolve the WhatsApp case or they will move to a final hearing on the matter on Jan. 17, 2023.
Nigeria releases Draft Data Protection Bill
Nigeria released its draft Data Protection Bill, 2022 outlining a legal framework for personal data protection. The bill would establish the Nigeria Data Protection Commission to regulate personal data processing and outlines principles for processing personal information — including conducting data protection impact assessments and appointing a data protection officer — breach notification and cross-border data transfer restrictions, and enforcement abilities including investigations and civil remedies.
ICO opens Consultation on Employee Monitoring Draft Guidance
The U.K. Information Commissioner’s Office opened a consultation on draft guidance related to employment practices and data protection. The ICO will release drafts on various topics in stages. “The draft guidance aims to provide practical guidance about monitoring workers in accordance with data protection legislation and to promote good practice,” the ICO said. The consultation closes on Jan. 11, 2023.
California Governor signs 2 Bills to protect Abortion Data Privacy
Governor Gavin Newsom, recently signed two bills into California law that protect individuals' abortion data. The bill AB 1242 prohibits state law enforcement entities and corporations from fulfilling search warrant requests from out-of-state law enforcement investigating anyone obtaining a lawful abortion in California. The other bill, AB 2091, bars healthcare providers from "releasing medical information on an individual seeking abortion care in response to a subpoena or request from out-of-state."
ICO issues Guidelines for Live Direct Marketing Calls
The U.K. Information Commissioner's Office published guidance for marketers using live marketing calls. The guidelines cover required and suggested best practices for how marketers can comply with the Privacy and Electronic Communications Regulations 2003. The guidelines include an overview of what direct marketing calls are, what is provided under the PECR, and considerations businesses should take into account with live calls.