DATA PROTECTION UPDATES

LEGAL UPDATES ON DATA PROTECTION AND PRIVACY 

You may follow the recent developments on Data Protection and Privacy in Türkiye and around the World. 

US FEDERAL TRADE COMMISSION DECISION ON 1HEALTH.IO:

The US Federal Trade Commission (FTC) has fined 1Health.io, a provider of ancillary solutions to genetic testing companies, $75,000 for storing users' sensitive information on public data servers, failing to keep promises about the security and destruction of DNA results, changing its privacy policy, and failing to obtain users' consent.
 
It also ordered the company to instruct laboratories to destroy DNA samples held in third-party laboratories within 180 days.

22.09.2023

ICO FINES DIFFERENT COMPANIES A TOTAL OF £590,000:

The ICO has fined 5 different companies a total of £590,000 for making 1.9 million marketing calls to elderly and vulnerable people.

This decision is aimed at preventing marketing calls, which are usually made to elderly and vulnerable people in order to reach them and insure their various household goods. Andy Curry, the ICO's Investigations Manager, said: "We are working to protect these people who are seen as easy prey.

22.09.2023

ADMINISTRATIVE FINE AGAINST TIKOK BY THE IRISH DATA PROTECTION AUTHORITY DPC:

The DPC investigated the extent to which TikTok complies with the GDPR in relation to the processing of children's data. In this context, a number of settings, such as user profiles being public by default and age verification, were scrutinised. 

As a result of the investigation, TikTok was fined €345 million and given three months to correct the breaches identified in the decision.

22.09.2023

THE DUTCH DATA PROTECTION AUTHORITY WILL INVESTIGATE THE USE OF DATA BY ARTIFICIAL INTELLIGENCE:

The Dutch Data Protection Authority (AP) is conducting various investigations into the processing of personal data by artificial intelligence, with a particular focus on applications for children. In this context, the AP requested information from a technology company about the operation of a chatbot integrated into applications popular with children.

The AP, which also is a member of the EDPB's ChatGPT Committee, had previously asked OpenAI how it processes personal data for the ChatGPT system.

22.09.2023

DATATILSYNET PUBLISHES GUIDELINES ON EMPLOYEE ACCESS TO PERSONAL DATA:

Datatilsynet, Denmark's data protection authority, has published guidance on preventing unauthorised access to personal data by employees. 

The guidance states that employees should only be able to access data if there is a business need, that personal data used by employees should be recorded in order to detect misuse, and that companies should carry out a risk assessment to determine whether they have good practices in place.

22.09.2023