£200,000 fine for nuisance call activities by ICO
ICO has imposed a fine of £200,000 on IT’s OK Limited Company for making 1,752,149 nuisance calls to individuals registered with the Telephone Preference Service, the country’s single and official call registry for landline and mobile phone numbers, over an eleven-month period. According to the decision, the company’s actions represented an exploitative campaign potentially targeting vulnerable individuals.
Read more..
Taiwan fines car renting giant İRent
The Taiwan Ministry of Transportation and Communications has imposed a fine of 90,000 yuan on the car rental company iRent, which experienced a data breach. The company is accused of non-compliance with the Personal Data Protection Act and the Automobile Transportation Industry Personal Data File Security Maintenance Plan, as well as its processing method, by not creating a complete personal data file security maintenance plan. The company was given until February 28 to comply.
Read more..
Regal Medical Group faces class-action lawsuits
According to GovInfoSecurity, the California-based Regal Medical Group, will face at least five class-action lawsuits due to a ransomware attack affecting 3.3 million individuals. The organization is alleged to have been negligent in protecting individuals’ health data, not investing enough in data security, and violating many state and federal laws, including the California Consumer Privacy Act (CCPA), HIPAA, and the Federal Trade Commission Act.
Itally bannes Artificial Intelligence
The Italian Data Protection Authority, Garante, has banned the American artificial intelligence chatbot company Replika from processing the personal data of Italian users. Garante, stating that the application presents tangible risks for minors, does not respect the principle of transparency, and processes personal data unlawfully, gave the company a 20-day period to stop data processing activities. If the company fails to comply with the instructions, it could be fined up to 20 million euros or up to 4% of its annual global turnover.
ICO publishes Guidance for Online Game Developers
ICO has published a guidance document aimed at assisting game designers who develop online games for children in their efforts to comply with the United Kingdom’s Age Appropriate Design Code. Among the ICO’s recommendations are conducting detailed risk assessments, implementing effective age verification systems, being transparent, preventing harmful use of children’s data, default privacy settings, responsibly creating profiles, and applying positive nudge techniques to encourage children to select privacy options.
EDPB announces decision in Meta Data Transfer Case
The European Data Protection Board (EDPB) has announced that it will disclose its binding decision on the legality of Meta’s data transfers between the EU and the US by April 14.
The case stems from a privacy infringement lawsuit filed in 2013 by Max Schrems, an Austrian who has given his name to decisions invalidating agreements allowing free data transfers between Europe and the US, and who has led campaigns against Facebook due to privacy breaches. The Privacy Shield framework, which regulated data transfers between the EU and the US, was invalidated by the Court of Justice of the European Union in the ‘Schrems II’ decision on July 16, 2022. The Irish Data Protection Commission proposed in July 2022 not to permit Meta to rely on Standard Contractual Clauses for exchanging user information with the US. Depending on the outcome of the decision, Facebook and Instagram may be forced to stop sending European user data to the US due to privacy concerns.
ICO issues Reminder to Accountants of SMEs
ICO has invited accountants to acknowledge their crucial roles in assisting the data protection compliance practices of small and medium-sized enterprises (SMEs). According to the announcement, a study conducted by the UK regulator indicates that more than a third (34%) of SMEs rely on their accountants for advice.
Datatilsynet publishes Cookie Wall Guide
The Danish Data Protection Authority, Datatilsynet, has published a guide on the distribution of cookie walls following two specific complaints. The regulator summarized the inferences for ongoing best practices, noting that companies need to “take note” if they “would like to or already use a similar approach.
Anonymization Guide from Spanish DPA
The Spanish Data Protection Authority, Agencia Española de Protección de Datos (AEDP), has published a guide on data anonymization. AEDP emphasized that anonymization is not a human activity that reaches perfection and there’s always a possibility of its degradation. Thus, it underscored the need for regular reviews, updates, and the adoption of appropriate measures to ensure suitability, considering aspects such as the nature, context, purposes, and risks.