Data Protection News Update 25 March 2024

IGS
March 25, 2024

United Kingdom

Data Protection and Digital Information Bill subject to Lords line by line scrutiny

Members of the UK House of Lords will begin their review of the proposed Data Protection and Digital Information Bill.
The Data Protection and Digital Information Bill aims to update and simplify the UK’s data protection framework. In particular, it contains provisions to require social media companies to retain information in connection with an investigation into a death of a child who was suspected to have died by suicide.
The House of Lords set committee hearings on the legislation for 20, 25, and 27 March, during which new amendments will be discussed.

ICO statement in response to reports of data breach at the London Clinic

The UK’s Information Commissioner’s Office responded to reports that a staff member at the London Clinic allegedly tried to view the medical information of Catherine, Princess of Wales.
The ICO stated they “can confirm that we have received a breach report and are assessing the information provided.”

United States

House passes bill that could ban TikTok in the US, sending it to the Senate

The US House passed the Protecting Americans from Foreign Adversary Controlled Applications Act, which could potentially ban TikTok in the US.
If this Act is passed, President Joe Biden would establish a process for the FBI and intelligence agencies to designate certain social media apps as national security threats if found to be controlled by a foreign adversary, unless ties with that entity are severed within 180 days.
50 Democrats and 15 Republicans voted against the bill.
TikTok’s parent company, ByteDance, has mounted a lobbying campaign to kill the legislation, arguing that it would violate the First Amendment rights of tis 170 million US users and harm thousands of small business that rely on it.

Europe

French unemployment agency data breach impacts 43 million people

France’s unemployment agency, France Travail, experienced a cyberattack that breached the data of 43 million people.
Between 6^th February and 5^th March, hackers stole details belonging to job seekers registered with the agency in the last 20 years.
The agency said citizen’s personally identifiable information (full name, date of birth, phone number, email address), including job candidate profiles, were compromised during the cyberattack.
The cyberattack on this agency sets a new record in France, as it affects the largest number of individuals, more than 33 million.

Telemarketing, Privacy Guarantor: Code of Conduct Launched

Italy’s data protection authority, the Garante, announced the telemarketing monitoring body has been accredited and is set to enforce the previously adopted code of conduct.
The body will ensure telemarketers adopt the code, including “specific measures to guarantee the correctness and legitimacy of the data processing carried out along the entire telemarketing ‘chain.’”
To combat the growth of abusive call centres, the Code of Conduct establishes the application of a penalty or non-payment of commission for each contract stipulated following a promotional contact without consent.

International

Glassdoor wants to know your real name

Employment website Glassdoor updated its policy to have users verify their names, raising privacy concerns from users who have used the website to make anonymous reviews about their employers.
They company has changed their sign-up process, and are asking people to disclose their first name, job title, and employer, when historically, it had only required email addresses.
Reviews of employers posted to Glassdoor will remain anonymous, but the company’s policy of collecting and verifying real names has triggered concern among users and privacy experts.
Glassdoor’s help pages state they have to verify identities and employment information to “ensure that our users can engage in authentic, candidate conversations with other professionals, coworkers, and company leaders in a safe space.”

South China Athletic Association: Hong Kong privacy watchdog probes data breach involving loss of 70,000 members’ personal information

Hong Kong’s Office of the Privacy Commissioner for Personal Data launched an investigation into a cyberattack on the South China Athletic Association that affected 70,000 members.
The SCAA said, due to an “unauthorised third-party intrusion,” members’ personally identifiable information may have been breached.
The personal information included identity cards and passport details.

Data Protection News Update 22 April 2024

United Kingdom ICO reprimands housing association for insufficient data security ICO publishes guidance to improve transparency in health and social care United States Change Healthcare’s

Data Protection News Update 15 April 2024

United Kingdom Information Commissioner’s Office seeks views on accuracy of generative AI models United States US Senator says TikTok divestiture deadline could be extended to

Asking (and answering) an obvious but important question: why does data confidentiality matter, ethically speaking?

In my last article, I focused on the ethical significance of one of the most prominent failure of data governance in recent times; namely, the

Data Protection News Update 08 April 2024

United Kingdom ICO sets out priorities to protect children’s privacy online ICO joins global data protection and privacy enforcement programme United States US and UK