Hello Friends,
India has proposed the Digital Personal Data Protection Bill, 2022. The draft bill aims to enable personal data processing while recognizing individuals' rights and the need to process personal data for lawful purposes.
This news and more, in this fortnight’s Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
Privacy Enforcement
Irish DPC issues a Fine of 265M Euros to Meta
Ireland’s Data Protection Commission fined Meta 265 Million euros for violating EU General Data Protection Regulation. The fine is the third-largest GDPR penalty served to date, following a 405 million euro fine from Ireland to Meta in September. Meta was found to violate Articles 25(1) and 25(2) of the GDPR related to Data Protection by Design and Default. The decision also requires Meta to "bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe."
CNIL issues a Fine of 800K Euros to Discord over GDPR Violations
France’s data protection authority, the Commission Nationale de l'informatique et des libertés, fined software developer Discord, a voice-over IP and instant messaging service provider, in which users can create servers, text, voice, and video rooms, 800,000 euros for failing to comply with EU General Data Protection Regulation requirements on data retention periods and personal data security. The CNIL said it took into account Discord's efforts to reach compliance throughout its investigation and the fact that its business model is not based on the exploitation of personal data when deciding the amount of the fine.
Data Breach
500 Million WhatsApp Users’ Data Leaked
An Ad was posted by a threat actor on a well-known hacking community forum, claiming to sell a 2022 database of about 487 million WhatsApp users’ mobile numbers. The dataset is said to include information on WhatsApp users from 84 countries. The US dataset is for sale for $7,000, the UK – $2,500, and Germany – $2,000. The seller assured that all the numbers in the instance are those of active WhatsApp users but did not disclose how they came into possession of the database, suggesting they "used their strategy" to gather the information.
Sobeys hit by Ransomeware Attack
Sobeys, a Canadian Supermarket and Pharmacy chain, is suspected Black Basta ransomware attack, possibly leaking customer data. The hackers breached some in-store systems at its supermarkets, as well as its pharmacies.
Privacy in Spotlight
Meta unveils teen privacy updates on Instagram and Facebook
Meta introduced new privacy updates for teens on Instagram and Facebook, including default privacy settings for Facebook users under 16 or 18 depending on their country of residence. Current teen users will be encouraged to select more private settings. The company is also working with the National Center for Missing and Exploited Children to build a global platform intended to prevent teens' intimate images from being shared online without consent.
Regulations
India’s Digital Personal Data Protection Bill expected to pass by July-August 2023
Indian Minister for Railways, Communications, Electronics and Information Technology Ashwini Vaishnaw is targeting July or August 2023 for the passage of the proposed Digital Personal Data Protection Bill. Vaishnaw said "sea change over the years" has led to the drafting of the latest bill and prior proposals, while also noting the Prime Minister's mandate "to prepare a comprehensive digital legal framework." Vaishnaw added the draft bill is currently under public consultation and review by an unspecified parliamentary committee.
Australia passes Privacy Legislation Amendment Bill 2022
The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU$50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme. Australian Information Commissioner and Privacy Commissioner said the changes create closer alignment with competition and consumer remedies under the EU General Data Protection Regulation and facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.
Finland launches Project on Children’s Data Protection
The Office of Data Protection Ombudsman with TIEKE Tietohäyskuntan keimistiskeskus ry launches a new project, named 'GDPR4CHLDRN’. The goal of the project is to provide information on the processing of personal data for associations organising children's leisure activities. It will develop methods for supporting the application of data protection legislation for hobbies and sports associations.