Data Protection News Update 29 April 2024

IGS
April 29, 2024

United Kingdom

ICO fines two companies a total of £340,000 for making aggressive and unwanted marketing calls

The Information Commissioner’s Office (ICO) has fined Cardiff-based Outsource Strategies Ltd (OSL) £240,000 and London-based Dr Telemarketing Ltd (DRT) £100,000 after the companies made a total of almost 1.43 million calls to people on the UK’s “do not call” register, the Telephone Preference Service (TPS).
Calls made between 11^th February 2021 and 22^nd March 2022 resulted in 76 complaints to the ICO and TPS.
Those who complained stated that the callers were aggressive and used high-pressure sales tactics to persuade them to sign up for products.
The ICO investigation also found evidence that both companies were specifically targeting elderly and vulnerable people.

Grindr facing UK data lawsuit for allegedly sharing users’ HIV status

The dating app Grindr is facing a mass data protection lawsuit in London from hundreds of users who allegedly had their private information, including HIV status, shared with third parties without consent.
The lawsuit alleges that this highly sensitive information was provided to third parties for commercial purposes.
A spokesperson for Grindr stated that “Grindr has never shared user-reported health information for ‘commercial purposes’ and has never monetized such information.”
Around 670 people have signed up to the lawsuit over breaches said to have taken place between 2018 and 2020, with potentially thousands more joining the case.

United States

Watchdog group asks 5 attorneys general to investigate crisis pregnancy centre privacy practices

Civil rights advocacy group ‘Campaign for Accountability’ sent letters to five US State Attorney Generals seeking an investigation into Crisis Pregnancy Centers’ collection of sensitive medical information.
The group claimed reproductive health centers are gathering personal medical information without disclosing how the information is protected.
The centres provide counselling and services for women coping with unplanned pregnancies and state on their website that they comply with the federal Health Insurance Portability and Accountability Act (HIPAA).
However, because the services offered at the centers are free, they are not legally bound by federal health data privacy laws, creating a privacy risk that could be exploited in the wake of efforts to criminalise abortion.
Change Healthcare has faced mounting losses since the ransomware attack, and recently reported that they have spent USD $872 million responding to the incident as of 31^st March.

Europe

EU Health Data Space: more efficient treatments and life-saving research

The European Parliament has approved a provisional agreement to create the European Health Data Space, a portal which allows patients to access health data including information located in another member state.
Some data will be anonymised or pseudonymised to be used for research purposes.
Upon approval from the Council of the European Union, the framework will take effect 20 days after publishing in the Official Journal of the European Union.

Europe shrugs off Washington’s TikTok fears

EU policymakers will not immediately consider addressing alleged TikTok issues following passage of a US law forcing China-based ByteDance to divest the social platform over national security and sensitive data protection concerns.
Vice President of the European Parliament stated that the EU “realised these challenges many years ago and that’s why we have the Digital Services Act (DSA), obliging the platforms to behave differently.”
Commissioner spokesperson Johannes Bahrke states that strong EU regulations like the DSA and General Data Protection Regulation (GDPR) safeguard Europeans’ privacy and online safety in a non-discriminatory way.

International

Border agency eyes smartphone facial recognition system amid privacy concerns

The Canadian Border Services Agency will test an optional facial recognition pilot program within the next two to four years.
Travellers would be able to use facial recognition technology to identify themselves through their smartphones when crossing the border. The system would match a photo from a traveller’s passport with a selfie taken via a mobile device.
Although the pilot project is still a few years away, an Ottawa-based civil liberties coalition is already flagging concerns regarding privacy and accountability.
The border agency says it ensures the privacy of travellers, and that their information is protected at all times.

Public Consultation on the Cybersecurity (Amendment) Bill

Singapore’s Cyber Security Agency (CSA) released its response to feedback received during public meetings in order to address updating the Cybersecurity (Amendment) Bill.
The guidance answers questions about the amendment including concerns it would increase the cost of compliance efforts for businesses.
The CSA aims to update the Bill to ensure it remains relevant to the digital landscape.

Data Protection News Update 14 May 2024

United Kingdom Organisations must do more do more to combat the growing threat of cyber attacks Northern Ireland police obtained reporters’ phone data, tribunal hears

Data Protection News Update 07 May 2024

United Kingdom Information Commissioner: Persistent sensitive information breaches failing people living with HIV OnlyFans faces UK investigation into age-verification measures United States UnitedHealth CEO tells

Two Conceptions of Algorithmic Fairness: The Case of Generative AI

Algorithmic fairness is perhaps one of the most cited values when people talk about AI ethics. However, there is also deep disagreement about what it

Data Protection News Update 22 April 2024

United Kingdom ICO reprimands housing association for insufficient data security ICO publishes guidance to improve transparency in health and social care United States Change Healthcare’s