IT Security & Privacy

The Office of the Australian Information Commissioner (OAIC) recently published new guidance aimed at helping organizations navigate the privacy implications of age assurance technologies. The timing is not accidental. In the three months since Australia’s Social Media Minimum Age scheme came into force, the regulator says it has seen a noticeable increase in age checks being used not just on social platforms, but across a wider range of online services.

Mirosław Wróblewski, President of Poland’s Personal Data Protection Office (UODO), imposed an administrative fine of $1.5 million (PLN 5,898,064) on Restaurant Partner Polska, the company responsible for operating the Glovo platform in Poland. The decision follows an inspection examining how personal data from users of the “Glovo – food delivery and other” app was processed.

Italy’s data protection authority has fined Intesa Sanpaolo €17.6 million after concluding that the bank unlawfully processed the personal data of roughly 2.4 million customers while preparing a large-scale transfer of accounts to its digital subsidiary Isybank.

South Korea is set to strengthen its privacy enforcement regime after lawmakers approved amendments to the country’s Personal Information Protection Act (PIPA) that introduce tougher penalties for repeat data breaches, expand the responsibilities of corporate leadership, and require certain organizations to adopt formal security and privacy certification frameworks.

The European Commission and the European Data Protection Board (EDPB) have published the responses received during a public consultation on draft guidelines designed to clarify how two cornerstone pieces of EU digital regulation (the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR) should interact in practice.

Italy’s data protection authority has fined energy supplier Acea Energia €2 million after an investigation found that contracts for electricity and gas services were activated without customers’ knowledge, following failures in how the company and its sales partners handled personal data.

A cyberattack on research systems at the University of Hawaiʻi Cancer Center has exposed personal data connected to roughly 1.2 million individuals, according to incident disclosures released by the university in late February.