DATA PROTECTION UPDATES

LEGAL UPDATES ON DATA PROTECTION AND PRIVACY 

You may follow the recent developments on Data Protection and Privacy in Türkiye and around the World. 

AIR CANADA HAS SUFFERED A CYBER ATTACK:

Air Canada announced that an unauthorised group of individuals gained access to the company's internal system and compromised the personal information of an unknown number of employees.

Peter Fitzpatrick, a spokesman for the airline, said no customers' personal information was affected by the breach.

29.09.2023

DATA PROTECTION AUTHORITY OF TH NORWAY ASKS POLITICAL PARTIES FOR EXPLANATION:

The Norwegian Data Protection Authority has asked the political parties for explanation following complaints from many people who received e-mails from political parties in the run-up to the municipal elections.

The e-mails were sent to residents of Stavanger municipality as part of the municipal elections. The authority then asked the Labour Party, on behalf of the majority parties, to provide an explanation of the purpose and legal basis for the processing. The deadline for responding to this request is 29 September 2023.

29.09.2023

HONG KONG DATA PROTECTION AUTHORITY PUBLISHES GUIDANCE ON DATA BREACHES:

The Hong Kong Personal Data Protection Authority (PCPD) has published a guide for organisations on how to handle data breaches and how to report data breaches.

The guide covers the most common types of data breaches in Hong Kong, how the data breach process should be handled step by step, and to whom, when and how data breach notifications should be made.

29.09.2023

CNIL FINES SAF LOGISTICS €200,000:

CNIL, the French data protection authority, has fined SAF LOGISTICS, an air freight forwarder headquartered in China, €200,000. The reasons for the fine were excessive data collection by the company, non-compliance with the prohibition on processing sensitive personal data, convictions and personal data relating to criminal offences, and insufficient cooperation with the CNIL services.

In this context, 

  • The principle of data minimisation in Article 5,
  • Article 9 on the processing of sensitive personal data,
  • Article 10 on the processing of data relating to convictions and criminal offences,
  • Article 31 on cooperation with supervisory authorities

of the GDPR has been infringed.

29.09.2023

DPC PUBLISHES SUMMARY OF DECISIONS TAKEN BETWEEN 2018 AND 2023:

The Irish Data Protection Authority (DPC) has published a summary of 126 decisions, covering the first five years of the GDPR. The summarised decisions cover topics such as complaints about data subject access requests, the accuracy principle, data breach notifications, the right to be forgotten (right to erasure), transparency and purpose limitation while processing personal data.

22.09.2023