Hello Friends,
After UK’s Information Commissioner’s Office, now, France's data protection authority, CNIL’s investigation has found Clearview’s collection and use of biometric data in a violation of the EU General Data Protection Regulation.
As a result, CNIL has ordered Clearview AI to stop processing photographs and videos publicly accessible online and to delete data within two months.
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Happy Holidays and Enjoy reading!
ENFORCEMENT
Norway's Data Protection Agency Issues $7 Million GDPR Fine to Grindr
Norway’s Data Protection Agency, Datatilsynet, issued a $7 million GDPR fine to the Grindr app for processing and sharing user data—including highly sensitive information relating to data subjects’ sexual orientation—to advertisers without consent. The DPA found specific violations of GDPR Article 6 (1) on lawful processing and 9 (1) on the processing of special categories of personal data.
CHILDREN'S PRIVACY—IRELAND
Ireland’s Data Protection Commission Published Guidelines for Protecting Children’s Data
The Data Protection Commission (DPC) has on 17th December 2021 published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (the Fundamentals). The Fundamentals introduce child-specific data protection interpretative principles and recommended measures that will enhance the level of protection afforded to children against the data processing risks posed to them by their use of/ access to services in both an online and offline world.
Data Loss - UK
13 million Records of UK Police Data Leaked to Dark Web
After an apparent refusal to pay a ransom demand, Russian hackers have leaked a sampling of 13 million records of UK police data to the dark web in retaliation. The records were stolen from a police contractor, and the Russian hackers released just a small portion of what they stole but have threatened to release more if their demands continue to be rebuffed.
Privacy Litigation - Hong Kong
Meta Sues Hong Kong Based Social Data Trading Ltd for Its Data Scraping Practices
Meta, the parent company of Facebook, has sued Hong Kong-based Social Data Trading Ltd. for scraping data from millions of Instagram and Facebook profiles. Meta alleges that after it blocked Instagram and Facebook access to Social Data Trading, the company continued to surreptitiously pull profile information from both websites.
HR Privacy
NYC Places Ground-Breaking Restrictions on AI Use in Hiring Practices
In a ground-breaking move, likely to have a significant impact on employee hiring and HR tech, the New York City Council has passed a measure (“the NYC measure”) that bans the use of automated decision-making tools to (1) screen job candidates for employment, or (2) evaluate current employees for promotion unless the tool has been subject to a “bias audit”, conducted not more than one year prior to the use of the tool. The NYC measure will take effect on January 2, 2023.
BIOMETRICS—AUSTRALIA & FRANCE
CNIL Orders Clearview AI to Stop Processing Images
France's data protection authority, the Commission Nationale de l'informatique et des libertés, ordered Clearview AI to stop processing photographs and videos publicly accessible online and to delete data within two months. The CNIL said an investigation found Clearview’s collection and use of biometric data is a violation of the EU General Data Protection Regulation.
Australian Federal Police Ordered to Strengthen Privacy Governance
Australian Information and Privacy Commissioner Angelene Falk found the Australian Federal Police failed to conduct a privacy impact assessment before implementing Clearview’s facial recognition tool and failed to make sure its use complied with the Australian Government Agencies Privacy Code.