ABC’s of Privacy This Week- May 20,2020
Australian Parliament passes legislation offering privacy protections for COVIDSafe app
According to The New Daily, the Parliament of Australia has passed legislation providing more robust privacy protections for the country’s COVIDSafe contact tracing app. According to the legislation, fines and jail time can be administered to anyone who tries to access app data illicitly, refuse to serve anyone who hasn’t downloaded the app, or forced an individual to sign up.
2020 Chinese census adopts privacy measures
According to The Global Times, China added privacy updates to its data processing of personal information that will be used for The Seventh National Population Census of the People’s Republic of China.
Reportedly, citizens have been granted the option to upload personal data via WeChat to avoid the risk of data loss. “(Local census takers) are not allowed to access the information. We can only check how many people have uploaded their information,” a census pilot worker quipped.
For more info: https://www.globaltimes.cn/content/1187707.shtml
E.C. releases guidelines for contact tracing app interoperability.
The European Commission has reportedly published guidelines for interoperability between COVID-19 contact tracing and warning apps across the E.U. With the help of prior guidance on data protection and the apps. The commission interoperability guidelines suggest apps should be “voluntary, transparent, temporary, cyber-secure, (and) using temporary and pseudonymized data.”
Senate approves the privacy-focused FISA amendment.
According to Politico, the U.S. Senate has approved an amendment to the Foreign Intelligence Surveillance Act that would give more privacy protections to surveillance subjects.
Additionally, the amendment has also ended a National Security Agency program that allowed it to obtain Americans’ phone records for terrorist investigations without court approval. The amended FISA now heads back to the House of Representatives.
AMA releases principles to build trust in data privacy protections
Reportedly the American Medical Association released new privacy principles supporting an individual’s right to control, access, and delete the personal information to build public trust in data privacy protections.
They said they would engage government and industry stakeholders to discuss future regulation using the principles. AMA President Patrice Harris said the principles “promote individual rights, equity, and justice, the corporate responsibility to the individual, applicability and federal enforcement.”
Breach exposes workers’ compensation data
Workers’ compensation appeal decisions, including workers’ personal information, were posted online, according to CBC News reports. The 1998–2009 Nova Scotia Workers’ Compensation Appeals Tribunal decisions were reportedly posted on the Canadian Legal Information Institute website; the data included names, employers, and health information. The documents, however, have since been removed.
According to WCAT, it is following the province’s privacy breach protocol.
Ontario IPC investigates data breach at a long-term care home
According to CBC News, the Information and Privacy Commissioner of Ontario are currently looking into a “significant privacy breach” at a long-term care home.
The reported breach involved “individual resident personal health info,” according to Minister of Long-Term Care Merrilee Fullerton. IPC Brian Beamish has said that the “confidentiality and security” of personal health information “is vital if Ontarians are to have confidence in our health care system and long-term care homes, especially during a pandemic.”
Breach exposes workers’ compensation data
The Turkish Data Protection Authority has fined amazon Turkey 1,200,000 TL ($273,435) for violations related to its electronic messaging and cookie use, the first fine of its kind in Turkey.
According to the DPA, Amazon sent commercial electronic messages to users and transferred personal data without explicit user consent and failed to provide information on data processing with cookies, as required by law.
For more info: https://www.marsanerezturan.com/post/amazon-turkey-fine
Swedish DPA fines health board for publishing sensitive personal data.
Datainspektionen, the Swedish data protection authority, has issued a SEK 120,000 penalty fee against Örebro County Region’s Health and Medical Board for publishing on its website sensitive personal data about a patient admitted to a forensic psychiatric clinic. The DPA concluded that oral procedures for publishing documents and personal data were not followed. The board has been instructed to implement procedures ensuring data is published per directives. (Original article is in Swedish.)
Dutch DPA investigating TikTok’s child privacy practices
Autoriteit Persoonsgegevens, the Dutch data protection authority, has started investigating whether social media app TikTok adequately safeguards children’s privacy. According to Vice President Monique Verdier, the A.P. is investigating whether TikTok is designed in a “privacy-friendly manner. The information children receive when installing and using the app should be easy to understand and sufficiently explain how their data is collected, processed, and used. The A.P. is reportedly also investigating the apps’ parental consent requirements. (Original post is in Dutch)