Data Protection News Update 25 March 2024

United Kingdom

Data Protection and Digital Information Bill subject to Lords line by line scrutiny

  • Members of the UK House of Lords will begin their review of the proposed Data Protection and Digital Information Bill.
  • The Data Protection and Digital Information Bill aims to update and simplify the UK’s data protection framework. In particular, it contains provisions to require social media companies to retain information in connection with an investigation into a death of a child who was suspected to have died by suicide.
  • The House of Lords set committee hearings on the legislation for 20, 25, and 27 March, during which new amendments will be discussed. 

ICO statement in response to reports of data breach at the London Clinic

  • The UK’s Information Commissioner’s Office responded to reports that a staff member at the London Clinic allegedly tried to view the medical information of Catherine, Princess of Wales.
  • The ICO stated they “can confirm that we have received a breach report and are assessing the information provided.”

United States

House passes bill that could ban TikTok in the US, sending it to the Senate

  • The US House passed the Protecting Americans from Foreign Adversary Controlled Applications Act, which could potentially ban TikTok in the US.
  • If this Act is passed, President Joe Biden would establish a process for the FBI and intelligence agencies to designate certain social media apps as national security threats if found to be controlled by a foreign adversary, unless ties with that entity are severed within 180 days.
  • 50 Democrats and 15 Republicans voted against the bill.
  • TikTok’s parent company, ByteDance, has mounted a lobbying campaign to kill the legislation, arguing that it would violate the First Amendment rights of tis 170 million US users and harm thousands of small business that rely on it.


French unemployment agency data breach impacts 43 million people

  • France’s unemployment agency, France Travail, experienced a cyberattack that breached the data of 43 million people.
  • Between 6th February and 5th March, hackers stole details belonging to job seekers registered with the agency in the last 20 years.
  • The agency said citizen’s personally identifiable information (full name, date of birth, phone number, email address), including job candidate profiles, were compromised during the cyberattack.
  • The cyberattack on this agency sets a new record in France, as it affects the largest number of individuals, more than 33 million.

Telemarketing, Privacy Guarantor: Code of Conduct Launched

  • Italy’s data protection authority, the Garante, announced the telemarketing monitoring body has been accredited and is set to enforce the previously adopted code of conduct.
  • The body will ensure telemarketers adopt the code, including “specific measures to guarantee the correctness and legitimacy of the data processing carried out along the entire telemarketing ‘chain.’”
  • To combat the growth of abusive call centres, the Code of Conduct establishes the application of a penalty or non-payment of commission for each contract stipulated following a promotional contact without consent.


Glassdoor wants to know your real name

  • Employment website Glassdoor updated its policy to have users verify their names, raising privacy concerns from users who have used the website to make anonymous reviews about their employers.
  • They company has changed their sign-up process, and are asking people to disclose their first name, job title, and employer, when historically, it had only required email addresses.
  • Reviews of employers posted to Glassdoor will remain anonymous, but the company’s policy of collecting and verifying real names has triggered concern among users and privacy experts.
  • Glassdoor’s help pages state they have to verify identities and employment information to “ensure that our users can engage in authentic, candidate conversations with other professionals, coworkers, and company leaders in a safe space.”

South China Athletic Association: Hong Kong privacy watchdog probes data breach involving loss of 70,000 members’ personal information

  • Hong Kong’s Office of the Privacy Commissioner for Personal Data launched an investigation into a cyberattack on the South China Athletic Association that affected 70,000 members.
  • The SCAA said, due to an “unauthorised third-party intrusion,” members’ personally identifiable information may have been breached.
  • The personal information included identity cards and passport details.


More Posts

Send Us A Message