SimpLawfy

Image by montypeter on Freepik  Nov 29: Meta fined $277M yet again in Ireland for data breaches, concerns in Korea that major global companies' privacy officers are in-name only           Irish regulators fined Meta another $277 million for breaching the GDPR . This fine was the result of an investigation into reports that over 533 million user data was found online in a hacker's forum, with the data including names, phone numbers, locations, birthdates, and email addresses. The data breach occurred through 'data scraping'. This latest fine on Meta comes after a 405 million euro fine on Instagram in September for mishandling teenagers' personal information, a 17 million euro fine in September for mishandling data breach notifications, and a 225 million euro fine for WhatsApp for violating rules on sharing user data with other Meta companies.            There are concerns in Korea that major international companies ope...

Created with Microsoft Bing Image Creator powered by DALL-E  Nov 21: Korea's Supreme Court rules unauthorized personal info in police reports as illegal, EU warnings about Qatar World Cup apps, and still more Apple Privacy issues.          In Korea, the Supreme Court ruled that providing investigatory agencies with unauthorized personal information learned during the course of work or complaint, if provided without the consent of the person in question, is an illegal 'leakage' of personal information that violates Korea's Personal Information and Protection Act (PIPA). This ruling means that when filing a complaint or report to the police (or other such investigatory government agencies), that complaint must not contain personal information obtained without consent. However, the Supreme Court also stated that whether the act of including such personal information without consent in a complaint/report is an illegal action that merits punishment is...

Created with Microsoft Bing Image Creator powered by DALL-E  Nov 18: Google reaches $392M settlement over location data, India proposes new privacy legislation on data processing         Google reached a $391.5 million settlement with 40 states over allegations over its location tracking practices .  The problematic practices included confusion around the scope of location history setting and the extent to which users could limit Google's location tracking by adjusting their account/device settings. Location data can be problematic for privacy rights because they can be used to track behavioural patterns, which has become more relevant since Roe v Wade was overturned, leading to concerns that location data could track abortion seekers when they visit abortion or fertility clinics.           India proposed a new privacy legislation called " the Digital Personal Data Protection Act ", which aims to enable persona...

 Nov 16: Korea's PIPC hands out minor fines to multiple businesses for violations of privacy laws                Korea's Personal Information Protection Commission (PIPC) fined 10 businesses that violated Korea'as Personal Information Protection Act (PIPA) a total of 32 million won . The investigation began through reports to the Korea Internet & Security Agency (KISA) about safety measures being neglected and consent not obtained for collecting information. The investigation confirmed that personal data was breached by hacking or mistake of personnel, as well as failures to notify the affected person of the data breach.              The PIPC also fined another four major businesses - Hyundai Motor Company, Nongshim, IMO, and LPI team - 18 million won for neglecting their duty to protect personal information and not properly notifying affected parties of the leak .  The affected...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 15: facial recognition monitoring of employees violating privacy laws, PIPC plans to investigate leak of Itaewon victim names Korea's National Human Rights Commission ruled that managing employee's commuting by using facial recognition devices violated their right to decide on personal information . The local government in Gyeonggi-do had been using facial recognition to check commuting for faculty members checking in/out as they argued that handwritten/fingerprint methods of commuting confirmation was not accurate, to prevent unjust requests of overtime pay. However, due to not providing an alternative means, it was ruled that the 'right to decide on personal information' was violated, as part of Korea's employee-monitoring laws Korea's Personal Information Protection Commission (PIPC) announced that they intend to launch an investigation into whether privacy laws were breached when on internet med...

Created with Microsoft Bing Image Creator powered by DALL-E Does Digital Currency pose a Privacy Risk? Taking a look at China's Digital Yuan  In Brief:                China's promotion of the digital yuan in the past year and the mandatory government registration to use it have raised concerns over the unprecedented amount of government surveillance and financial control that the digital yuan has created. Such privacy risks, however, depend largely on the design and intent of the central bank digital currency (CBDC) when they are created; a CBDC that utilizes privacy-by-design and by-default can greatly improve privacy and security of users. Therefore, a better question to ask may instead be whether the improvements to privacy protection brought by well-designed CBDCs justifies taking on any increased privacy risks.  In Detail:                 Recently, China's digital yuan 'e-CNY' r...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 11: Lawsuit for Apple ignoring privacy settings and collecting data on some of its apps Apple is facing a class action lawsuit due to the Apple App store sending the company analytics data regardless of whether the user had enabled a privacy setting to disable such sharing of information . The Apps that shared collected and shared data regardless of privacy settings requesting them not to be shared, included Apple Music, APple TV, Books, iTunes Store, and Stocks. The lawsuit currently alleges that Apple violated the California Invasion of Privacy Act.  In Canada, privacy watchdogs confirm that Sobeys - which operates many pharmacies in Canada - is currently suffering a data breach.   This incident is a wakeup call in Canada's agri-food sector, which has been under increasing cyberattacks in recent months : Maple Leaf Foods Inc was hit by a cybersecurity attack last week, as well as a larger cyberattack on meat sup...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 10: Cloud Computing firms Citrix and VMWare report major vulnerabilities, Singapore works with UK and Canada for improved Cybersecurity regarding Internet of Things.  Two major cloud-computing companies, Citrix and VMware, have reported high risk vulnerabilities in their products that need patches urgently. Hacking groups related to Chinese and Iranian governments are known to have used these vulnerabilities, and ransomware attackers have also recently begun to target them as well.  The government of Singapore agreed to work with UK and Canadian governments in a joint commitment to promote and support cybersecurity measures for "Internet of Things" devices . The joint action is intended to reduce duplication of testing and avoid fragmentation of international standards. 

Created with Microsoft Bing Image Creator powered by DALL-E Nov 9: Greater focus on Workplace Privacy by Korea's PIPC, Singapore debates Online Safety Bill  Korea's Personal Information Protection Commission (PIPC) formed a 'Workers Personal Information Processing Improvement Study Group' which seeks to address concerns over the increasing privacy concerns over CCTV and biometric devices used in workplaces . These concerns include infringed privacy rights due to the difficulty of denying consent and problems on the reliability of artificial intelligence used in job interviews. Surveys conducted by the Korea Internet and Security Agency (KISA) found that when attempting to comply with privacy laws, companies faced challenges over unclear legal standards for digital devices, union opposition, refusal of consent by workers, and safety measures being difficult to implement.  In Singapore, MPs debated how authorities will determine 'egregious content' in the Online S...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 8: KCC Conference on risks of data breach in secondhand mobile phones, Blockchain Labs released BlockChat Korea's Communications Commission (KCC) has begun discussions over how best to reduce the risk of exposing personal information in secondhand mobile phones . Despite the related industry organizations forming self-monitoring centers and spreading awareness, data breaches have repeatedly occurred while users were signing up for or changing mobile devices. Thus the KCC is holding a kickoff conference with industry leaders and a public council to discuss better policies and strategies to reduce such data breaches.  Blockchain Labs released "BlockChat" in open Beta, which is a messenger app that uses blockchain technology and does not rely on a data central server . The proposed benefits of this type of app is that there is a much reduced risk of breaches in personal information and conversations, as nobody c...

  Designed by Freepik Daily Brief            In Busan, Korea, an elderly welfare facility was discovered to have embezzled 810 million won(around $577 thousand US) in subsidies using the personal information of the elderly . Their personal information were used to make over 2000 elderly appear to be participating in employment reserved for the elderly. They also used online shopping accounts using their personal information to order masks and jackets, received the government subsidies for them, and then cancelled the order. Furthermore, such orders were disguised to appear as if the elderly's work colleagues or family relatives had received the government subsidies, before redirecting the funds to the embezzler's account. A city official stated that to catch such embezzlement using personal information of other, the monitoring and reporting of welfare workers and fellow citizens is critical.          Korea's KISA (Ko...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 4: Tiktok allowing Chinese employees to access EU user data, Concerns over unauthorized WeChat logins           TikTok is lately under fire for allowing its EU user data to be accessible to other countries, including China . This comes alongside TikTok's CEO confirming last July that China-based employees could access a "narrow set of non-sensitive" US user data. The possible result of this is either a fine under the GDPR or even a ban on TikTok due to worries that the Chinese government is using the app to spy on EU users.          In China there are also increasing concerns that Tencent's WeChat, which is widely used by Chinese citizens in everyday life, may be facing severe privacy leaks. The m ost recent issue has been over claims of unauthorized logins on the WeChat app , which Tencent stated were merely '"misunderstandings" caused by technical issues rather ...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 3: Itaewon crush photos/videos privacy issues As an update to the news regarding the Itaewon Halloween crush incident and the privacy rights issues posed by videos and pictures taken of the event that were circulated on the internet without any mosaics protecting identifiable facial images, Korea's Personal Information Protection Commission (PIPC) has requested the cooperation of major SNS/internet companies such as Google, Meta, NAVER, Kakao, Twitter, etc in helping monitor and delete user posts that breach Korea's PIPC. They have further stated that they may also request Korea's Police force to investigate and possibly press charges for violations of personal information protection laws they find. However, as a Kakao official stated (and applicable to other such internet platforms), it may not be possible to monitor all chat rooms or messages due to privacy or policy concerns. This ongoing incident raises th...

Created with Microsoft Bing Image Creator powered by DALL-E Nov 2: Taiwan govt residential database hacked Last week on Oct 30, an anonymous hacker attacked the Taiwan government's residential database and obtained the personal data of two hundred thousand Taiwanese residents . The hacker is attempting to sell the information online for five thousand dollars. This attack, along with increasingly frequent attacks from Chinese hackers, have raised concerns over data security in Taiwan. 

Asian Privacy Daily Brief - Nov 1, 2022           Korea's Personal Information Protection Commission (PIPC) is stepping up efforts to monitor and remove photos or videos taken at the scene of the recent Itaewon Halloween crowd crush that reveal identifiable facial imagery to protect personal information rights. Using mosaics to blur out faces is required in Korea to protect privacy rights, and the PIPC intends to ask major companies such as Google, Meta, Naver, Kakao, Twitter, etc to help remove user posts that expose personal information.          Korea's Internet and Security Agency (KISA) issued warnings about malware and cyberattacks that exploit the Itaewon Halloween crowd crush incident . For instance, hackers/scammers may send emails pretending to be from government agencies dealing with the Itaewon incident, or hide malware in relevant photos and videos. A fake government emergency-response report containing malware h...