Data collection, IT and Personal data - Information Management Today

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. As indicated in the paragraph quoted above, the company collected some very sensitive personal information.

Personal data

Personal data Privacy Information governance Compliance

TikTok sued over its use of children’s personal data

IT Governance

APRIL 22, 2021

TikTok is again being accused of illegally processing children’s personal data. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for. TikTok has continually defended the way it processes children’s personal data.

Personal data

Personal data IT GDPR Privacy

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

On 11 August 2023, India’s long-awaited law governing data protection – the Digital Personal Data Protection Act, 2023 ( DPDP Act ) – received the President’s assent and was published in the official gazette the following day. data subjects, using the GDPR terminology) located within India.

Personal data

Personal data GDPR Data breaches Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

Personal data protection in the time of coronavirus (Covid-19)

Data Protection Report

FEBRUARY 25, 2020

Outbreak of the coronavirus and personal data privacy. There have been several data breach incidents which have given rise to concerns over privacy and potential discrimination against people from Wuhan and Hubei Province. Highlights of the CAC Circular.

Personal data

Personal data Big data Data Privacy Data breaches

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

NOVEMBER 26, 2019

The apps that includes the SDK code are able to collect user names, email addresses, and Tweets via unspecified Android apps. ” While oneAudience did not comment on the incident, MobiBurn published a statement denying that it is harvesting Facebook data and announced an investigation on third-party apps using its SDK.

Personal data

Personal data IT Access Marketing

Singapore Releases New Guidelines on the Use of Personal Data in AI Systems

Data Protection Report

MARCH 25, 2024

On 1 March 2024, Singapore’s Personal Data Protection Commission ( PDPC ) issued the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems ( AI Advisory Guidelines ). It does not discuss the use of personal data in the context of generative AI ( GenAI ) solutions.

Personal data

Personal data B2C B2B Data collection

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

MARCH 1, 2022

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. The implication was that data controllers did not fully understand, and therefore were not effectively making use of, the research provisions.

Personal data

Personal data GDPR Data collection Archiving

TikTok’s data collection being scrutinised by Australia’s privacy watchdog

The Guardian Data Protection

DECEMBER 27, 2023

Office of the Australian Information Commissioner launches inquiry into platform’s use of marketing pixels to track people’s online habits Australia’s privacy watchdog has launched an inquiry into how TikTok harvests personal data and whether it is being done with consent.

Data collection

Data collection Privacy Marketing Personal data

China Emphasizes Protection of Personal Data by Issuing a New Circular

Hunton Privacy

FEBRUARY 18, 2020

Consent Requirement for Collection of Personal Information. Based on the above, there is no substantial new rule in this Circular, although it expressly emphasizes the legitimate protection of the personal data collected during the process of prevention and control of epidemics and disease outbreaks.

Personal data

Personal data Big data Data collection Cybersecurity

Two FTC complaints that over-retention of personal data violates Section 5

Data Protection Report

FEBRUARY 13, 2024

In both cases, the FTC’s complaint alleged that the companies retained personal data for longer than was necessary, and that conduct violated Section 5 of the Federal Trade Commission Act as an unfair act or practice. Count II focused on the collection and use of consumer data from third-party apps.

Personal data

Personal data Privacy Marketing Data collection

Pressure on Meta Mounts Over Pixel Collecting Health Data

Data Breach Today

OCTOBER 25, 2022

Mark Warner Demands Answers From Meta on its Pixel Practices As controversy grows around the use of Facebook Pixel code and similar tracking tools that harvest sensitive health and other personal data of consumers, so does the pressure from lawmakers demanding answers from tech vendors about those data collection practices.

Data collection

Data collection Personal data IT

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

DLA Piper Privacy Matters

JUNE 27, 2022

The Italian privacy authority, the Garante, deemed that the use of Google Analytics results in unlawful transfers of personal data to the United States in violation of the principles outlined in the Schrems II ruling. In Order No. The disputed facts. The key points of the Garante’s decision on Google Analytics.

Personal data

Personal data Analytics GDPR Privacy

SINGAPORE: First decision on the Legitimate Interest Exception under the Personal Data Protection Act (PDPA) issued

DLA Piper Privacy Matters

MARCH 6, 2023

Authors: Carolyn Bigg , Yue Lin Lee and Daisy Wong Singapore’s Personal Data Protection Commission (“PDPC”) has issued its first decision on the Legitimate Interests Exception under the PDPA. In the PDPC’s preliminary decision, RedMart was given directions to assess its collection of the ID Photographs.

Personal data

Personal data Access Risk Data collection

META hit with privacy complaints by EU consumer groups

Security Affairs

MARCH 4, 2024

Consumer groups assert that Meta is not adhering to various rules established by the European privacy regulation GDPR: Fair Processing (Article 5(1)(a)): Personal data must be processed lawfully, fairly, and transparently. Consumer groups claim that Meta’s data collection is unfair and lacks transparency.

Privacy

Privacy GDPR Personal data Data collection

Poland and Lithuania fear that data collected via FaceApp could be misused

Security Affairs

JULY 19, 2019

Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp. Poland’s digital affairs ministry is investigating into the app and it is evaluating the security risks posed by FaceApp to the personal data of its users.

Data collection

Data collection Privacy Risk Personal data

Belgian DPA Publishes Statement Regarding COVID-19 and Workplace-Related Processing of Personal Data

Hunton Privacy

MARCH 23, 2020

On March 13, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) released a statement regarding workplace-related processing of personal data in the context of the COVID-19 crisis (the “Statement”). The personal data collected must be adequately protected ( i.e. , integrity and confidentiality).

Personal data

Personal data GDPR Data collection Risk

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Data Protection Report

MAY 21, 2020

On 14 May 2020, the Singapore Ministry of Communications and Information ( MCI ) and the Personal Data Protection Commission of Singapore ( PDPC ) announced a public consultation (the Public Consultation ) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill ) and related amendments to the Spam Control Act ( SCA ).

Personal data

Personal data Data breaches Compliance Cybersecurity

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. However, SMBs have can struggle with the expense and execution of complying with data security laws in many countries.

Data Privacy

Data Privacy Compliance Privacy GDPR

German antitrust authority prohibits Facebook from combining users’ personal data

Data Protection Report

FEBRUARY 12, 2019

On 7 February 2019, the German antitrust authority ( Bundeskartellamt , the FCO ) ruled against Facebook combining user personal data from different sources, saying it was exploiting its position as a dominant social media company in violation of the EU data protection laws. Is the decision final?

Personal data

Personal data Data collection GDPR Marketing

Overview of Thailand Draft Personal Data Protection Act

Data Protection Report

AUGUST 6, 2018

Data protection laws in Asia continue to be introduced and updated. On 22 May 2018, the Thai Cabinet approved in principle a revised draft of Thailand’s first personal data protection act (Draft Act). Thailand currently does not have any specific law regulating data protection. Collection of personal data.

Personal data

Personal data Data collection Compliance GDPR

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. Retention period. The need for a DPIA.

Personal data

Personal data GDPR e-Delivery Communications

Dan Solove on Privacy Regulation

Schneier on Security

APRIL 24, 2024

I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent. As to privacy, consent authorizes and legitimizes a wide range of data collection and processing. Express consent cannot scale.

Privacy

Privacy Personal data GDPR Data collection

CNIL Publishes 2024 Investigation Focus Plan

Hunton Privacy

FEBRUARY 9, 2024

On February 8, 2024, the French Data Protection Authority (the “CNIL”) announced the priority topics for its inspections in 2024. In 2024, the CNIL will focus its investigations on the following priority topics: Data Collection for the Olympic and Paralympic Games. Data of Minors.

Data collection

Data collection Personal data Privacy Access

FRANCE: The CNIL provides further insights following its formal notices against the use of Google Analytics

DLA Piper Privacy Matters

JUNE 13, 2022

The setup of Google Analytics does not prevent the transfer of personal data outside the EU since all personal data collected via Google Analytics is hosted in the US. However, such list does not address the issues raised by international data transfers and notably the consequences of the Schrems II decision.

Analytics

Analytics IT Personal data Encryption

CNIL Publishes Action Plan on AI

Hunton Privacy

MAY 16, 2023

On May 16, 2023, the French Data Protection Authority (the “CNIL”) announced its action plan on artificial intelligence (the “AI Action Plan”).

Artificial Intelligence

Artificial Intelligence Personal data Data collection Privacy

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

JULY 27, 2020

It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate. Related: Will ‘blockchain’ lead to more equitable wealth distribution? This is not just my casual observation. It’s more profound than fire or electricity.”

IT

IT Government Artificial Intelligence Personal data

Germany’s Federal Supreme Court provisionally confirms Facebook’s use of personal data is alleged abuse of dominant market position

Data Protection Report

JULY 16, 2020

The terms require users to “consent” to Facebook’s use of personal data, i.e. they are compelled to agree that their personal data may be combined with their personal data from other services within Facebook’s group (e.g. WhatsApp and Instagram), as well as from third party websites.

Personal data

Personal data Marketing GDPR Data collection

Businesses to Assist NHS Test and Trace Efforts

Hunton Privacy

JUNE 25, 2020

Establishments and companies in the UK will therefore be responsible for the additional collection and potential sharing of customers’ personal data. Any entity engaging in this kind of data collection will need to comply with the requirements of data protection law.

Data collection

Data collection Personal data Compliance Retail

EU: CJEU’s landmark decision in Meta vs Bundeskartellamt

DLA Piper Privacy Matters

JULY 12, 2023

The decision imposes important requirements in relation to the interpretation of the GDPR and the interplay between competition authorities and data protection supervisory authorities, in particular, with regards to the personalised use of consumers’ personal data for targeted advertising by social media platforms.

GDPR

GDPR Personal data Data collection Marketing

European Commission Publishes Details of its Forthcoming Data Act

Data Matters

JUNE 18, 2021

The European Commission has formally launched its legislative initiative aimed at increasing access to and further use of data, so that more public and private actors can benefit from technologies such as Big Data and machine learning. a more flexible framework for access and use of private data sources by public bodies; b.

IT

IT Cloud Big data Personal data

Colorado AG Publishes Draft Colorado Privacy Act Rules

Hunton Privacy

NOVEMBER 1, 2022

Right to Request to Exercise Personal Data Rights (Rule 4.02 – Rule 4.07; 6.11). The proposed regulation provides the people of Colorado with a mechanism to protect their personal data rights by making requests directly to data controllers, or businesses who control their personal data.

Privacy

Privacy Personal data Data collection Compliance

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

HL Chronicle of Data Protection

JULY 7, 2020

The Dutch Data Protection Authority (DPA) issued a EUR 830,000 (approximately USD 937,000) fine against the Dutch Credit Registration Bureau (BKR) for violating data subject rights. The fine stems from BKR’s practice of charging fees and discouraging individuals who wanted to access their personal data.

GDPR

GDPR Personal data Data collection Access

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

Hunton Privacy

MARCH 18, 2022

Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use. The complaints focused on whether the transfer of EU personal data to Google in the U.S. Background. through the use of the Google Analytics cookie is unlawful.

Analytics

Analytics Privacy GDPR Personal data

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Hunton Privacy

MAY 17, 2023

Related Statutory Amendments in S.B. 262 In addition to the FDBR, S.B. 262 also contains provisions relating to government moderation of social media and protection of children in online spaces. Government Moderation of Social Media S.B.

Privacy

Privacy Personal data Sales Government

Belgium: Belgian Data Protection Authority issues its first fine

DLA Piper Privacy Matters

MAY 29, 2019

The Belgian Data Protection Authority on Tuesday May 28 sanctioned a local politician with a fine of 2000 EUR for having abused e-mailaddresses of citizens for election purposes. Politicians holding a public mandate must be aware that personal data obtained during the performance of public duties may never be used again for personal purposes.

IT

IT GDPR Personal data Compliance

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

NOVEMBER 23, 2022

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users.

Analytics

Analytics Privacy Personal data Data collection

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Hunton Privacy

JANUARY 2, 2019

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. See last bullet point below.).

Personal data

Personal data Data collection Marketing Communications

China’s First Data Protection Measures Lifting Its Veils

HL Chronicle of Data Protection

JUNE 13, 2019

The scope of application of the Data Security Measures. The data covered by the Data Security Measures includes personal data and important data. Requirements for personal data collection statements. Other items required by laws and administrative regulations.

Personal data

Personal data IT Data collection Compliance

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. The company processes data on behalf of a company based in the EEA.

GDPR

GDPR Compliance Personal data Privacy

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

Data Protection Report

NOVEMBER 2, 2021

The Singapore High Court and the Hong Kong District Court have both considered the right to compensation for injury to feelings in two recent cases involving misuse of personal data but arrived at different conclusions. Reed, brought an action against Mr. Bellingham for contravention of Singapore’s Personal Data Protection Act 2012.

Personal data

Personal data Data collection Data Privacy Compliance

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR puts forth a litany of rules for how organizations in and outside of Europe handle the personal data of EU residents. The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data.

GDPR

GDPR Compliance Personal data Privacy

GPs urged to refuse to hand over patient details to NHS Digital

The Guardian Data Protection

JUNE 1, 2021

Senior doctors call on colleagues not to share personal data, in effort to buy time to raise awareness of plans Senior GPs have called on colleagues to refuse to hand over patients’ personal data to NHS Digital, in a move they hope will buy time to raise awareness of plans to place all medical records in England on a central database.

Personal data

Personal data Data collection IT Privacy

UK data bill favours big business and ‘shady’ tech firms, rights group claims

The Guardian Data Protection

AUGUST 6, 2023

Data protection and digital information bill changes wording on which requests for personal data can be refused Individuals’ control over and access to their data is being undermined by a post-Brexit bill that favours big business and “shady” technology companies, a digital rights group has claimed. Continue reading.

Data collection

Data collection Personal data Access IT

$10,000,000 civil penalty for disclosing personal data without consent

TikTok sued over its use of children’s personal data

Trending Sources

India: New Digital Personal Data Protection Act, Start Planning Now.

When are schools required to report personal data breaches?

Personal data protection in the time of coronavirus (Covid-19)

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Singapore Releases New Guidelines on the Use of Personal Data in AI Systems

UK: New guidance on processing personal data for scientific research purposes

TikTok’s data collection being scrutinised by Australia’s privacy watchdog

China Emphasizes Protection of Personal Data by Issuing a New Circular

Two FTC complaints that over-retention of personal data violates Section 5

Pressure on Meta Mounts Over Pixel Collecting Health Data

ITALY: the Garante aligns with CNIL and DSB holding that the use of Google Analytics leads to unlawful transfer of Personal Data

SINGAPORE: First decision on the Legitimate Interest Exception under the Personal Data Protection Act (PDPA) issued

META hit with privacy complaints by EU consumer groups

Poland and Lithuania fear that data collected via FaceApp could be misused

Belgian DPA Publishes Statement Regarding COVID-19 and Workplace-Related Processing of Personal Data

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

German antitrust authority prohibits Facebook from combining users’ personal data

Overview of Thailand Draft Personal Data Protection Act

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Dan Solove on Privacy Regulation

CNIL Publishes 2024 Investigation Focus Plan

FRANCE: The CNIL provides further insights following its formal notices against the use of Google Analytics

CNIL Publishes Action Plan on AI

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

Germany’s Federal Supreme Court provisionally confirms Facebook’s use of personal data is alleged abuse of dominant market position

Businesses to Assist NHS Test and Trace Efforts

EU: CJEU’s landmark decision in Meta vs Bundeskartellamt

European Commission Publishes Details of its Forthcoming Data Act

Colorado AG Publishes Draft Colorado Privacy Act Rules

Dutch DPA Issues Record Fine for Violating GDPR Data Subject Rights

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

Florida Comprehensive State Privacy Law Sent to Governor for Signature

Belgium: Belgian Data Protection Authority issues its first fine

Experts claim that iPhone’s analytics data is not anonymous

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

China’s First Data Protection Measures Lifting Its Veils

GDPR compliance checklist

A Tale of Two Cities: The Right of Private Action in Data Protection in Singapore and Hong Kong

How to implement the General Data Protection Regulation (GDPR)

GPs urged to refuse to hand over patient details to NHS Digital

UK data bill favours big business and ‘shady’ tech firms, rights group claims

Stay Connected