Welcome to our weekly privacy newsletter to read the latest privacy-related news from across the globe. We classify our weekly privacy newsletter into three parts namely Applause, Breaches and Current News (ABC’s) of Privacy news. For any feedback on our weekly newsletter, please feel free to send your comments to firstname.lastname@example.org.
The long-awaited Personal Data Protection Bill, 2018 is likely to be brought to the floor in the upcoming winter session of the Indian Parliament. The proposed bill introduces provisions related to privacy by design, conditions for cross-border data transfer and appointing data protection officers, making it vastly different from the existing data protection framework.
Montreal-based Desjardins data breach has affected all of the financial cooperative’s 4.2 million members, prompting government reforms to protect personal information in the Canadian province of Quebec. An internal probe revealed that the reason behind the data breach is due to the unauthorized use of internal data by an employee which led to the breach of personal information, including social insurance number, address and details of banking habits.
UniCredit, one of Italy’s top bank, has uncovered a data breach involving the personal records of 3 million domestic clients. The lender said in a statement on Monday the compromised records contained no details, that would allow access to customer accounts or for unauthorized transactions to be carried out. An internal probe is ongoing and a spokesman for UniCredit said no further details could be disclosed on how the breach happened.
Indian-based educational technology firm Vedantu faced a data breach in the last week of September, which risked data of more than 680,000 customers. The vulnerability exposed customer details such as email ids’, names and phone numbers. The company confirmed that the vulnerability was fixed within a few days and the affected customers were informed about the attack and advised to change their passwords.
The Austrian data protection authority (DPA) imposed an administrative fine of 18 million euros on Österreichische Post AG (ÖPAG) after conducting administrative fine proceedings. The fine was based on the evidence that ÖPAG had violated the GDPR by processing personal data on the alleged political association of affected data subjects.
Alphabet, Google’s parent company announced on Friday that it is acquiring San-Francisco based smartwatch maker Fitbit for $2.1 billion. Fitbit has also issued a statement that Google was paying $7.35 per share in cash. The deal will likely face scrutiny over how Google plans to use the data Fitbit users have shared. Google has assured its Fitbit users that it will provide tools to review, move, and delete their data.
A conference in Vancouver showcased a product demonstration of SnapPay Grocers which enables you to pay your monthly grocery bills using the facial recognition technology. Privacy advocates are cautious about the deployment of the technology as the grocery store itself plans to store and process the collected data. This could lead to a potential data breach without proper implementation and security measures.
Singapore’s Personal Data Protection Commission imposed fines against eight companies for violations of the Personal Data Protection Act. The highest financial penalty of $90,000 was levied on Ninja Logistics for failing to put in place reasonable security arrangements to protect customers’ data, allowing the data to be accessed publicly.
Raiffeisen Bank S.A. and Vreau Credit S.R.L were imposed an administrative fine of 150,000 Euros by the National Supervisory Authority. The breach of security happened when employees of Raiffeisen Bank S.A., transmitted the information to the employees of the company Vreau Credit S.R.L. through the WhatsApp mobile application, to determine the eligibility of the respective individuals. Moreover, the information was shared between the companies without the consent of the customers.