Data Protection News Update 24 July 2023

United States

Biden Administration announced the ‘US Cyber Trust Mark program

  • The Biden Administration announced a cybersecurity certification and labeling program. This label will help American consumers in choosing smart devices that are safer and less vulnerable to cyberattacks.
  • The cybersecurity labeling program is set to launch in 2024.

Typos lead to the disclosure of millions of US military emails

  • Due to typos, millions of emails by the US military were misdirected to Mali for over a decade. The members of the military have been misspelling its email suffix .MIL with the domain of Mali, which is .ML.
  • According to the Financial Times, the Dutch contractor managing Mali’s .ML domain has been warning U.S. officials repeatedly about this issue.

FTC fines BetterHelp for improper data sharing

  • The FTC has issued an order banning BetterHelp, a counseling service, from sharing user’s health data for advertising and retargeting purposes. The order requires BetterHelp to pay USD7.8 million.


Netherland’s benefits agency UWV illegally tracked recipients

  • The NL Times reports that Netherland’s benefits agency (UWV) has illegally collected data from benefit recipients and tracked users via their websites. The usage behavior of recipients on the website were constantly analysed and tracked to ‘investigate whether they were illegally staying abroad while receiving unemployment benefits’. They have also secretly placed cookies on their website to track their users.

Italian’s DPA issued multiple fines

  • Garante, Italy’s data protection authority, issued multiple fines to a number of entities for being in breach of data protection laws and their marketing activities. A fine of €1 million has been issued against Autostrade for processing personal data of 100,000 users of a toll booth reimbursement app. Rinascente has been fined for illegally processing customer data and ‘profiling activities through the use of loyalty cards’.


Canada publishes cybersecurity guidance

  • The Canadian government published a cybersecurity guidance for mitigating generative AI’s cybersecurity risks.
  • The document contains definitions and information on the use of generative AI in several sectors and the risks involved. Furthermore, the document provides guidance as to steps to take to mitigate those risks.

Passport Data of 34 million Indonesian citizen stolen

  • CPO Magazine reports that a hacker reportedly stole the passport data of 34 million Indonesian citizen and that they are currently offering the data on a hacking forum for USD10,000.
  • The Indonesian authorities have announced that they are investigating the matter.

Australian Federal Police pauses the use of surveillance platform

  • Crikey reports that the Australian Federal Police has paused the use of the surveillance platform Auror until a privacy assessment is conducted. Auror is a ‘retail crime intelligence and loss prevention platform’.
  • This decision was made due to a freedom of information request which exposed that over 100 police staff began using the platform in question in 2021 before privacy and security reviews were performed and were collecting data form retailers that had not been reported to the police.

United Kingdom

Survey reveals that 26% of adults in the UK have used generative AI

  • A survey conducted by Deloitte revealed that 26% of adults in the UK have used generative AI. Of those 4,150 UK adults that were surveyed, half had heard of generative Ai and one in 10 admitted to using it for work.
  • It is reported that this adoption rate is rare and exceeds those of voice-assisted smart speakers such as Amazon’s Alexa.

ICO publishes guidance on how to avoid reprimands

  • The ICO has published a review of the formal reprimands it has issued in the second quarter of 2023 and provides a guide on how to avoid similar data protection problems that could lead to similar reprimands by the ICO.
  • Main steps that should be taken is the proper training of staff members and introducing effective policies and having a focus on data protection by design and default.


More Posts

Send Us A Message