OneDPO

ABC’s of Privacy This Week – March 12, 2020

Applause

·     Chinese messaging platform increases privacy practices

According to South China Morning Post, WeChat, a popular messaging platform, has started updating its data privacy controls, particularly the restrictions on its third-party apps. WeChat has reportedly dialed back third-party data collection rights on several developers, asking for more transparency regarding the type of information collected. WeChat spokespeople insisted that user privacy has always been their bottom-line after revelations about app developers abusing their privacy rules. 

For more info: https://www.scmp.com/tech/apps-social/article/3065206/tencents-wechat-tightens-privacy-controls-third-party-apps-calls

·     Italian DPA publishes guide on smart assistants

Italy’s Data Protection Authority or DPA, the Garante, recently issued a fact sheet containing information about how users can preserve privacy while using smart applications, assistants, and devices. The guide aims to help users make informed decisions about using intelligent assistants while protecting confidential information and personal details. The suggestions for people who voluntarily or involuntarily enter the world of digital assistance include turning off the device. At the same time, the user sleeps, deactivating rarely used nonessential features, and recording histories periodically. (original article is in Italian)

For more info: https://www.gpdp.it/web/guest/temi/assistenti-digitali

Data Breaches

·     900K affected in Virgin Media data breach

BBC News reported that personal information of 900,000 current and potential Virgin Media consumers were left accessible by unauthorized entities and unsecured for ten months through a marketing database. Contact information, home addresses, and email addresses were accessed on one occasion, at least by an unknown user, according to the reports. However, passwords and financial details were not exposed by the security gap. There was no hacker involved, and this was not due to a criminal attack. 

For more infohttps://www.bbc.com/news/business-51760510

·     Personal data of 10K UK railway passengers exposed

According to BBC News, 10, 000 travelers had personal details exposed by C3UK WI-Fi networks installed at seven railway stations in the UK. The provider found an open, unsecured database with 146 million records of personal information, including contact details and birth dates. C3UK confirmed that the database was public, and no one accessed it from their team and their security team. This was categorized as a low-risk vulnerability because financial information and passwords were not left accessible. 

For more info: https://www.bbc.com/news/technology-51682280

·     COVID-19 privacy issues hit Indonesian patients

The Jakarta Post reports, Indonesian people affected by COVID-19 lack privacy protections. Two of the infected patients had their initials, ages, and home addresses publicly disclosed and shared on Whats App and other social media platforms. Advocacy Researcher Wahyudi Djafar and Institute for Policy Research claimed that the exposures were due to the lack of privacy legislation and controlled restrictions on the type of personal information that can or can’t be shared. 

For more info https://www.thejakartapost.com/news/2020/03/04/covid-19-patients-become-victims-of-indonesias-lack-of-privacy-protection.html

Current News

·     Privacy legislation anticipated in Quebec

According to PortSwigger News, New privacy standards are expected to be proposed in Quebec soon. Justice Minister Sonia LeBel remarked that an updated privacy law would give citizens more control over their data and enforce businesses to obtain “informed consent” to process user information. Certain features of GDPR are supposedly going to be a part of the new legislation. 

For more info: https://portswigger.net/daily-swig/data-rights-in-canada-quebec-to-modernize-its-privacy-law-with-a-gdpr-style-flair

·     Washington Privacy Act amendments pass through a pair of committees

According to JD Supra, changes to the Washington Privacy Act passed through the House Innovation, Technology, and Economic Development Committee and the House Committee on Appropriations. Both the committees approved an amendment that created a private right of action within the Act. 

For more infohttps://www.jdsupra.com/legalnews/washington-privacy-act-update-private-97569/