ABC's of Privacy This Week - May 20, 2020

Applause

Australian Parliament passes legislation offering privacy protections for COVIDSafe app

According to The New Daily, the Parliament of Australia has passed legislation providing more robust privacy protections for the country's COVIDSafe contact tracing app. According to the legislation, fines and jail time can be administered to anyone who tries to access app data illicitly, refuse to serve anyone who hasn't downloaded the app, or forced an individual to sign up.

For more info: https://thenewdaily.com.au/news/coronavirus/2020/05/14/parliament-passes-more-protection-for-covidsafe-tracing-app-data/

2020 Chinese census adopts privacy measures

According to The Global Times, China added privacy updates to its data processing of personal information that will be used for The Seventh National Population Census of the People's Republic of China. 

Reportedly, citizens have been granted the option to upload personal data via WeChat to avoid the risk of data loss. "(Local census takers) are not allowed to access the information. We can only check how many people have uploaded their information," a census pilot worker quipped.

For more info: https://www.globaltimes.cn/content/1187707.shtml

E.C. releases guidelines for contact tracing app interoperability.

The European Commission has reportedly published guidelines for interoperability between COVID-19 contact tracing and warning apps across the E.U. With the help of prior guidance on data protection and the apps. The commission interoperability guidelines suggest apps should be "voluntary, transparent, temporary, cyber-secure, (and) using temporary and pseudonymized data."

For more info: https://ec.europa.eu/digital-single-market/en/news/coronavirus-common-approach-safe-and-efficient-mobile-tracing-apps-across-eu

Senate approves the privacy-focused FISA amendment.

According to Politico, the U.S. Senate has approved an amendment to the Foreign Intelligence Surveillance Act that would give more privacy protections to surveillance subjects. 

Additionally, the amendment has also ended a National Security Agency program that allowed it to obtain Americans' phone records for terrorist investigations without court approval. The amended FISA now heads back to the House of Representatives.

For more info: https://www.politico.com/news/2020/05/13/senate-browsing-histories-fisa-254970

AMA releases principles to build trust in data privacy protections

Reportedly the American Medical Association released new privacy principles supporting an individual's right to control, access, and delete the personal information to build public trust in data privacy protections. 

They said they would engage government and industry stakeholders to discuss future regulation using the principles. AMA President Patrice Harris said the principles "promote individual rights, equity, and justice, the corporate responsibility to the individual, applicability and federal enforcement."

For more info: https://www.ama-assn.org/press-center/press-releases/ama-issues-new-principles-restore-trust-data-privacy

Data Breach

Breach exposes workers' compensation data

Workers' compensation appeal decisions, including workers' personal information, were posted online, according to CBC News reports. The 1998'2009 Nova Scotia Workers' Compensation Appeals Tribunal decisions were reportedly posted on the Canadian Legal Information Institute website; the data included names, employers, and health information. The documents, however, have since been removed. 

According to WCAT, it is following the province's privacy breach protocol.

For more info: https://www.cbc.ca/news/canada/nova-scotia/nova-scotia-government-saying-little-privacy-breach-1.5566936

Ontario IPC investigates data breach at a long-term care home

According to CBC News, the Information and Privacy Commissioner of Ontario are currently looking into a "significant privacy breach" at a long-term care home. 

The reported breach involved "individual resident personal health info," according to Minister of Long-Term Care Merrilee Fullerton. IPC Brian Beamish has said that the "confidentiality and security" of personal health information "is vital if Ontarians are to have confidence in our health care system and long-term care homes, especially during a pandemic."

For more info: https://www.cbc.ca/news/canada/toronto/data-breach-pickering-long-term-care-home-1.5563431

Current News

Breach exposes workers' compensation data

The Turkish Data Protection Authority has fined amazon Turkey 1,200,000 TL ($273,435) for violations related to its electronic messaging and cookie use, the first fine of its kind in Turkey. 

According to the DPA, Amazon sent commercial electronic messages to users and transferred personal data without explicit user consent and failed to provide information on data processing with cookies, as required by law. 

The decision finally instructs Amazon to update its privacy statement, terms of use, and cookie notices.

For more info: https://www.marsanerezturan.com/post/amazon-turkey-fine

Swedish DPA fines health board for publishing sensitive personal data.

Datainspektionen, the Swedish data protection authority, has issued a SEK 120,000 penalty fee against 'rebro County Region's Health and Medical Board for publishing on its website sensitive personal data about a patient admitted to a forensic psychiatric clinic. The DPA concluded that oral procedures for publishing documents and personal data were not followed. The board has been instructed to implement procedures ensuring data is published per directives. (Original article is in Swedish.)

For more info: https://www.datainspektionen.se/nyheter/fel-publicera-kansliga-personuppgifter-pa-region-orebro-lans-webb/

Dutch DPA investigating TikTok's child privacy practices

Autoriteit Persoonsgegevens, the Dutch data protection authority, has started investigating whether social media app TikTok adequately safeguards children's privacy. According to Vice President Monique Verdier, the A.P. is investigating whether TikTok is designed in a "privacy-friendly manner. The information children receive when installing and using the app should be easy to understand and sufficiently explain how their data is collected, processed, and used. The A.P. is reportedly also investigating the apps' parental consent requirements. (Original post is in Dutch)

For more info: https://autoriteitpersoonsgegevens.nl/nl/nieuws/ap-start-onderzoek-naar-tiktok