Hello Friends,
Meta disclosed in an annual financial report that Facebook and Instagram may cease European operations if the EU and the U.S. can't reach an agreement on data flows.
In another news, CERT-In has published Vulnerability Notes on Google Chrome stating that several vulnerabilities have been found in Google Chrome, which can be exploited by a cyber attacker.
The Cert-in vulnerability report has also provided solutions to fix these vulnerabilities.
Cert-in Vulnerability Note – Google Chrome
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
ENFORCEMENT
Singapore: Quotation And Service Comparison Portal Ordered To Pay Financial Penalty And Issued Direction To Comply
A recent decision of the Personal Data Protection Commission ("PDPC") demonstrates the importance of implementing internal data protection measures to comply with the Personal Data Protection Act ("the Act"). The PDPC investigated after local media reported that iCompare.sg ("the Portal") had data that had been put up on the Dark Web.
Advertising Platform OpenX Will Pay $2 Million For Collecting Personal Information From Children In Violation Of Children’s Privacy Law
California-based online advertising platform OpenX Technologies, Inc. will be required to pay $2 million to settle Federal Trade Commission allegations that the company collected personal information from children under 13 without parental consent, a direct violation of a federal children’s privacy protection law. The FTC also alleged that despite offering an opt-out option, OpenX collected geolocation information from users who specifically asked not to be tracked.
OAIC's Facebook Privacy Claims Can Proceed
The Federal Court of Australia rejected Facebook Inc’s appeal to set aside an earlier ruling by Justice Thawley of the Federal Court granting the Australian Information Commissioner leave to serve legal documents on the US-based entity.
Privacy Regulations
Thailand Establishes Personal Data Protection Commission
Thailand has completed the establishment of the Personal Data Protection Commission (PDPC), the regulator under the country's Personal Data Protection Act B.E. 2562 (PDPA), strongly indicating that the planned full enforcement of the PDPA on June 1, 2022, is likely to proceed as scheduled.
Meta Considers Shutting Down Facebook And Instagram In Europe If Meta Can Not Process Europeans’ Data On US Servers
If Meta is not given the option to transfer, store and process data from its European users on US-based servers, Facebook and Instagram may be shut down across Europe, the social media giants’ owner reportedly warned in its annual report. The key issue for Meta is transatlantic data transfers, regulated via the so-called Privacy Shield and other model agreements that Meta uses or used to store data from European users on American servers. The current agreements to enable data transfers are currently under heavy scrutiny in the EU.
Privacy Resources
EDPB Publishes Breach Notification, Handling Guidelines
International Association of Privacy Professionals (IAPP) has released an interactive map identifying those countries with data protection laws. Within each country’s listing, if available, there is a link to a resource containing the data protection law and the data protection authority
European Commission Presents New Study Monitoring Data Flows In Europe
The European Commission has published a study mapping and estimating the volume of data flowing to main cloud infrastructures across the 27 Member States, Iceland, Norway, Switzerland, and the UK.
The study provides an overview of volume and types of cloud data inflows and outflows per economic sector, location, size of enterprises, and type of cloud services.