Spainfines UNIQLO €450,000 following a data breach
优衣库因数据泄露被西班牙罚款45万欧元
OnAugust 12, 2024, the Spanish data protection authority (AEPD)published its decision in Proceeding No. PS/00238/2024 in which itimposed a fine of €450,000, which was subsequently reduced to€270,000, on UNIQLO EUROPE LTD (UNIQLO), branch in Spain, for aviolation of the General Data Protection Regulation (GDPR) followinga complaint.
2024年8月12日,西班牙数据保护局在第PS/00238/2024号诉讼案中公布了一项决定,在接到投诉后,该局对优衣库欧洲有限公司西班牙分公司处以45万欧元的罚款,后减至27万欧元。
TheAEPD outlined that the complainant, who provided services to UNIQLO,requested to receive their payroll and received an email containing aPDF document with payroll information on the entire UNIQLO workforcefor the month of July. The document contained information includingname, surname, ID, social security membership number, and bankaccount number. The complainant submitted a complaint to the AEPD onMarch 31, 2023.
数据保护据提到,投诉人为优衣库员工,其向优衣库请求工资单,然后收到了一封电子邮件,其中包含一份PDF文件,内含优衣库全体员工7月份的工资单信息。该文件包含的信息包括姓名、身份证、社会保险会员号和银行账号。该投诉人于2023年3月31日向数据保护据进行投诉。
TheAEPD further stated that UNIQLO explained that the breach was causedby a human error within the human resources department and that thenotification was not done in a timely manner due to the employee inquestion not informing the hierarchical superior. The AEPDhighlighted that UNIQLO formally notified the AEPD of the breach onApril 24, 2023, and communicated it to the data subjects on May 4,2024.
数据保护据进一步指出,优衣库解释说,该漏洞是人力资源部门的人为错误造成的,由于相关员工没有通知上级,因此没有及时通知。该保护局透露,优衣库于2023年4月24日正式向该署通报了泄密事件,并于2024年5月4日通知了数据当事人。
Norwayannounces inspections into AI systems
挪威宣布对人工智能系统进行检查
OnAugust 13, 2024, the Norwegian data protection authority(Datatilsynet) announced its supervisory activities for 2024, whichamong other things would include supervision of solutions and systemsthat use algorithms or artificial intelligence (AI). Morespecifically, the Datatilsynet stated that it will carry outinspections in both the private and public sectors.
2024年8月13日,挪威数据保护机构宣布了2024年的监管活动,其中包括对使用算法或人工智能(AI)的解决方案和系统的监管。更具体地说,数据保护机构表示将对企业和政府部门展开检查。
Thecentral topics for the inspections would be a company's internalcontrol system and management system for privacy and informationsecurity. One of the objectives, according to the Datatilsynet is touncover weaknesses or deficiencies that may lead to a breach of theobligations businesses have when they process personal data, and thatsuch weaknesses or deficiencies are closed.
检查的核心主题是公司的内部控制系统以及隐私和信息安全管理系统。据数据保护机构称,检查的目的之一是发现可能导致企业在处理个人数据时违反义务的薄弱环节或缺陷,并进行消除。
北京发布《北京市直播带货合规指引》
2024年8月9日,北京市监局网站公布《关于发布<北京市直播带货合规指引>的公告》。
《指引》共四章三十一条,明确直播带货平台经营者应当履行入驻登记核验义务、建立健全直播带货活动服务协议与行为规范、制定平台禁止和限制营销的商品或者服务目录、建立直播带货信息检查巡查制度、建立对严重违法违规行为处理结果的公示机制、记录保存平台上发布的直播带货信息及历史直播公示信息、建立直播带货直播间运营者信用管理体系和信用评价机制、对直播带货直播间运营者加强教育培训和管理并建立完善行为管控机制等合规义务。