Data Protection News 04 September 2023

United Kingdom

Email communications guidance published by the ICO

  • The ICO has warned organisations to refrain from using blind carbon copy function when sending emails that contain sensitive personal data.
  • The guidance also comes with advice for organisations when sending bulk emails.
  • Mihaela Jembei, ICO Director of Regulatory Cyber, said: “Failure to use BCC correctly in emails is one of the top data breaches reported to us every year – and these breaches can cause real harm, especially where sensitive personal information is involved”.
  • Find the guidance here:

United States

Amazon and Starbucks seek to dismiss lawsuit over biometric payment system

  • The lawsuit claims that Amazon’s “Just Walk Out” cashless checkout – which facilitates cashless check out at Amazon Go and two New York City Starbucks that share space with Amazon Go stores, is in violation of New York City Law.
  • The plaintiffs claim that the biometric data collected by the technology does not adhere to the city ordinance requiring a clear and conspicuous notice of such to be visible for all.
  • Amazon on the other hand argues its customers consent to the use of the technology.

US District Court judge rules car insurer will face nationwide class-action lawsuit over driver’s license data

  • Car insurer GEICO has been accused of disclosing data found on driver’s licenses to identity thieves.
  • The lawsuit centres around the claim that the company auto-populated the numbers from driver’s licenses into its database when its users provided their basic information so as to obtain insurance quotes.
  • After a data breach, this data then went on to be used for fraudulent unemployment benefit applications under the victim’s names.


Ireland’s Data Protection Commission warns parents about back-to-school photos

  • The Irish DPC is warning parents about potential unintended oversharing of children’s personal data.
  • This is due to the start of ‘back-to-school’ photos that many parents tend to post online this time of year.
  • The Commission recommends parents be careful when sharing details about their children’s schools, and their location, when uploading these sorts of posts.


Canada’s largest railway company accused of monitoring employees

  • Employees at Canadian National have alleged that the company used work-issued tablets to track train operators off the clock.
  • The geolocation that was allegedly collected by the company was processed without the consent of the employees.
  • The tracking was only discovered by accident, through a disclosure process where the company was obligated to disclose why they were disciplining a worker.

High Court of Kenya orders Worldcoin to halt processing in the country

  • Worldcoin, the crypto currency exchange, has been ordered to temporarily halt its processing of biometric data in Kenya.
  • This is to have effect until an investigation by the Office of the Data Protection Commissioner of the country is resolved.
  • The High Court also ordered Worldcoin to destroy all data in its possession under the supervision of the Office of the Data Protection Commissioner and has revoked their license as a data controller.

India’s interception monitoring systems create a “backdoor” for government surveillance

  • Telecom companies are obliged to install the hardware in subsea cable landing stations and data centres, and the software searches, copies and provides personal data to Indian security agencies.
  • According to the government, all requests for monitoring have to be approved by the Home Secretary of India.
  • Critics claim this approval process is simply a procedural safeguard, and does little to prevent targeted snooping, bypassing privacy protections.


More Posts

Send Us A Message