Luxembourg’s National Commission for Data Protection issued a reminder to municipalities regarding the data protection officer requirement under the EU General Data Protection Regulation. The CNPD found "some municipalities had not yet fulfilled" DPO obligations and began informing them of the need to come into compliance with Article 37.1(a) of the GDPR.
The New York Times reports research from a former Google engineer showed TikTok's in-application web browser has keystroke-tracking capabilities that could reveal users' personal data. Privacy researcher Felix Krause discovered the potential tracking, which could lead to deciphering credit card numbers, passwords and other personal information.
The U.K. Information Commissioner’s Office issued a six-step guide for small businesses that receive data protection complaints. The steps are to acknowledge receipt of the complaint, find out the specific issue related to the complaint, provide updates to the data subject, record actions taken in response to complaint, formally respond to the individual with the outcome of the investigation, and review lessons observed.
Google employees petitioned the company to enhance privacy protections for users seeking abortion information online, The Associated Press reports. More than 650 Google employees sent a letter to CEO Sundar Pichai and other Alphabet executives that called for the company to increase privacy protections for users. For example, one demand was to block advertisements that could direct users to “pregnancy crisis” centers instead of abortion services.
Australia’s Minister for Health and Aged Care decided the country’s COVIDSafe application would no longer be used as of Aug. 16. Under the Privacy Act 1988, the government developed a legal framework for citizens to provide personal data through the app to help authorities “prevent or control” the spread of COVID-19. The National COVIDSafe Data Store administrator is now required to no longer collect data through the app and remove the app from stores for download.
While the title of data protection officer has long been in use, particularly in Germany and France, the EU General Data Protection Regulation introduced a new legal definition of a DPO with specific tasks. The IAPP Resource Center offers insights on the data protection officer role, which organizations are obligated to designate a DPO, mandated tasks under the GDPR and more.Full Story
Members of Indian Parliament could exclude provisions for a data protection authority when drafting a fresh data protection bill, the Hindustan Times reports.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, breaks down the latest privacy happenings in the nation’s capital, including a look at a road less traveled for responding to an inquiry from the U.S. Federal Trade Commission. Other notes on FTC happenings include potential Republican minority replacements for outgoing Commissioner Noah Phillips.Full Story
A view from Brussels: How EU trade policies may dictate data transfer regime
CNBC reports asset managers are joining financial institutions in working toward improved security for employees' personal communication tools used for connecting with clients remotely. Fund management firms are scrutinizing how staff and clients interact using tools such as WhatsApp in an effort to comply with rules laid out by the U.S.
According to Baker McKenzie's Connect on Tech blog, Vietnam's government issued a decree outlining provisions of the Cybersecurity Law. The decree covers requirements for data localization and law enforcement data collection related to criminal investigations. Localization provisions include types of data to be localized, company compliance thresholds and data retention periods. The decree becomes effective Oct.