Dear friends,
The Indian government shared draft e-commerce policy for stakeholder consultation, and it includes provisions on data localization and conditions for cross-border data flows, as well as government ownership of data, and these are being widely discussed. The policy is open for consultation until the end of March. The government last week also issued an ordinance on use of Aadhaar by the private sector, after it failed to get Parliament clearance as reported in my earlier notes. Aadhaar use was strictly restricted to specified use cases following the Supreme Court judgment.
A vulnerability discovered in the Australian Bureau of Statistics algorithm designed to protect the privacy of census data is now under risk of large parts of the census data to be re-identified. Researchers warned the agency in 2017 about the issue, but the ABS downplayed the buzz, calling it “theoretically possible.”
Hong Kong’s Privacy Commissioner for Personal Data also issued an enforcement notice to Hong Kong Broadband Network with an explicit requirement to devise a data-retention policy following an investigation about the data breach incident at HKBN that reportedly compromised the personal data of about 380,000 customers.
Victor Gevers, a security researcher at the GDI Foundation, said that he had found a database of 364 million records containing social media profiles and chat logs linked to names and identity card numbers, raising concerns around data privacy protection in China. The main database was piping data to 17 other servers.
Mark Zuckerberg, chief executive of Facebook, unveiled a privacy-focused vision for his social networking site, highlighting principles for private interactions, end-to-end encryption, and noticeably a partial announcement on secure data storage — not storing sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.
There’s lots more in this week’s newsletter in order to help you stay abreast of the latest developments in the data privacy space. Until next time!