Welcome to our weekly privacy newsletter to read the latest privacy-related news from across the globe. We classify our weekly privacy newsletter into three parts namely Applause, Breaches and Current News (ABC's) of Privacy news. For any feedback on our weekly newsletter, please feel free to send your comments to social@oneDPO.com.
The Australian Competition and Consumer Commission (ACCC) has finalized the rules governing the Consumer Data Right (CDR). The CDR allows individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, as well as the right to control who can have it and who can use it. Experts feel it has the potential to protect and empower consumers.
Israeli political party the Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses, and gender of every single eligible voter in Israel, as well as the phone numbers. Likud uploaded the voter registry to the Elector app, which is used by the party to manage Election Day. It is further unknown how many people gained access to the data and downloaded it.
Health Share of Oregon, the state's largest Medicaid coordinated care organization (CCO), said that the organization contracted non-emergent medical transportation vendor GridWorks suffered a break-in, and a laptop was stolen subsequently. Information contained on the laptop included names, addresses, phone numbers, dates of birth, Social Security numbers, and Medicaid ID numbers. The company cannot confirm whether the information was sold online.
A software error in Denmark's government tax portal has accidentally exposed the personal identification (CPR) numbers of 1.26 million Danish citizens. An audit by the Danish Agency for Development discovered the software error and the subsequent leak. This bug exposed approximately details for more than 1.2 million Danish tax-payers.
The Spanish data protection authority, the AEPD, fined mobile network operator Xfera Móviles 60,000 euros for violations of the EU General Data Protection Regulation. A complainant alleged that changes were made to their account without consent, and the company possessed sensitive information such as the account details and email address.
Child-Welfare Activists confronted Facebook as it moves forward with a plan to encrypt all of its messaging platforms. Child welfare activists feel that encryption would allow child predators to operate with impunity across the company's apps. The company, however, said it was building safety measures for children and working closely with child safety experts.
A San Francisco-based company Unity Technologies has agreed to settle a class-action complaint about allegedly violating children's privacy by harvesting data for ad-targeting purposes. The affected children's parents alleged that the ad-tech companies collected identifiers as well as personal data such as the user language, time zone, and mobile network.