Happy New Year Friends,
India's Ministry of Electronics and Information Technology is currently preparing a note on the Personal Data Protection Bill for consideration by cabinet ministers.
The note from MeitY will carry the ministry's view on the bill and offer further policy proposals if any. The note is expected to be circulated to other ministers before it's presented to Parliament during the February budget session.
The Indian Parliament is yet to act on the PDPB final report issued by a Joint Parliamentary Committee in December 2021.
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
Enforcement
EDPS Sanctions Parliament Over Data Transfers, Cookie Consent
The European Data Protection Supervisor sanctioned the European Parliament for violating regulations on data transfers and cookie consent. The EDPS found fault with a COVID-19 testing website launched by Parliament in September 2020 which attracted complaints about third-party trackers and cookie consent banners that did not meet consent standards.
Austrian DPA Says Google Analytics Violates EU GDPR
The Austrian Data Protection Authority has decided that the use of Google Analytics violates the General Data Protection Regulation (GDPR). Other EU member states could follow suit, as regulators cooperate in a task force in the European Data Protection Board. The decision is based on several complaints that the Austrian NGO noyb filed in the wake of the European Court of Justice’s ‘Schrems II’ decision.
Lead Generation Company to Pay $1.5M Over Sale, Use of Consumer Data
A lead generation company that collected sensitive information from millions of consumers under the guise of connecting them with lenders will pay $1.5 million in civil penalties and face restrictions on their operations as a result of a Federal Trade Commission lawsuit.
The FTC’s complaint alleges that since at least 2012, ITMedia Solutions LLC, a number of affiliate companies, and their owners and officers have operated hundreds of websites that were designed to entice consumers into sharing their most sensitive financial information—including their Social Security numbers and bank account information.
Privacy Regulations
MeitY To Come Up with A Note for The Cabinet on Data Protection Bill
The Ministry of Electronics and Information Technology (MeitY) is preparing a note for the cabinet on the proposed Data Protection Bill. According to government officials, the ministry is preparing a note that is likely to come up in the cabinet soon and will be presented in the upcoming budget session of the parliament.
Israel Proposes Privacy Protection Act Amendments
On January 6, 2022, the Israeli government released a long-anticipated bill amending and updating Israel’s 1981 Privacy Protection Act (PPA) (the Bill). If passed, the Bill would constitute the most comprehensive update of the PPA in more than two decades. Primarily, the Bill greatly enhances the enforcement and investigation powers of the privacy regulator, the Israel Privacy Protection Authority (IPPA).
China To Order Cybersecurity Reviews for Some Firms Seeking Overseas Listings
Reuters reports the Cyberspace Administration of China will begin enforcing rules on Feb 15 that will require cybersecurity reviews for some Chinese companies with international business. Organizations holding personal data of more than 1 million users will undergo mandated reviews to gain clearance to list shares with overseas markets.
Jordan Drafts Law to Protect Citizens’ Personal Data
A draft Personal Data Protection Law of 2021 is being proposed in Jordan, aiming to protect citizens’ personal data “in light of the ease of collection, retention, and processing,” as well as their right to privacy. The draft law establishes a regulatory framework for maintaining and processing personal data, as well as a legal framework balancing individuals’ rights to personal data protection with technological advances
Privacy Resources
EDPB Publishes Breach Notification, Handling Guidelines
On 3rd January 2022, the European Data Protection Board published its guidance on examples of data breach notifications. The guidelines adopted following discussion at the EDPB's December plenary, concern more specific recommendations and best practices around handling data breaches and risk assessment
The Office of The Privacy Commissioner of New Zealand Offers Sensitive Data Handling Guidance
The Office of the Privacy Commissioner of New Zealand published guidance on the application of the Privacy Act as it relates to sensitive personal information. The guide works to differentiate between non-sensitive and sensitive data before detailing the regulatory factors that should be considered for sensitive data.