Hello Friends,
Utah became the fourth US state to enact comprehensive consumer privacy legislation. EU, US 'In Principle' agreed to a new trans-Atlantic data agreement.
European Data Protection Board adopted guidelines on dark patterns. Dark patterns are interfaces and user experiences implemented on social media platforms that cause users to make unintended, unwilling, and potentially harmful decisions regarding the processing of their personal data.
This news and more, in this fortnights Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
DATA BREACH
India: Nimhans Sees Ransomware Attack
Premier mental health institute Nimhans faced a cybersecurity threat following a ransomware attack earlier this week. A communication from its IT cell to employees on March 22 night said the institute was targeted with “a ransomware initiated via malicious malware in an email accessed possibly on Windows 7 or 8”. There is no clarity on the extent of damage caused. Sources, however, said lab reports of patients and old patient data may have been affected
ENFORCEMENT
EU: New GDPR Fine For Meta: €17 Million For Facebook GDPR Violations Tied To A Dozen Data Breaches
A string of at least a dozen data breaches dating back to 2018 is finally catching up with Meta’s Facebook, as the Irish Data Protection Commission (DPC) has issued a fine under the terms of the General Data Protection Regulation. The €17 million GDPR fine stems from a failure to demonstrate that adequate security measures were in place to prevent data breaches.
UK: ICO Fines Tuckers Solicitors LLP £98,000 For Data Breach
Criminal defence firm Tuckers Solicitors has been fined £98,000 after failing to secure sensitive court bundles that were later published on the dark web and held to ransom by organised criminals. The information commissioner found that a ransomware attack on the national firm resulted in the encryption of 972,191 files, of which 24,712 related to court bundles.
EU: Swedish DPA Fines Bank For EU GDPR Violations
The Swedish Privacy Protection Authority (IMY) issues an administrative sanction fee of SEK 7,500,000 against Klarna Bank AB after an investigation has shown that the company has not complied with several of the rules in the Data Protection Ordinance (GDPR).
PRIVACY REGULATIONS
China Makes Genetic Data A National Resource
The Chinese government has identified genetic data as a national strategic resource and is strengthening state control over the country's gene banks and other repositories of genetic information.
Utah Becomes Fourth US State To Enact Comprehensive Consumer Privacy Legislation
On March 24, Gov. Spencer Cox, R-Utah, signed the Utah Consumer Privacy Act into law, making Utah the fourth state to enact comprehensive consumer privacy legislation. The law goes into effect on Dec. 31, 2023.
EU, US Agree 'In Principle' To New Trans-Atlantic Data Agreement
On March 25, 2022, US President Joe Biden and European Commission President Ursula von der Leyen made the long-awaited announcement that the United States and the European Union have agreed, in principle, to the Trans-Atlantic Data Privacy Framework (the Framework), after more than a year of negotiations.
PRIVACY RESOURCES
EU Guidelines On Dark Patterns In Social Media Platform Interfaces
The EDPB adopted Guidelines on dark patterns in social media platform interfaces. The guidelines offer practical recommendations to designers and users of social media platforms on how to assess and avoid so-called “dark patterns” in social media interfaces that infringe on GDPR requirements.