Categories
News Regulatory Updates

Newsletter – July 2022

Global Updates – July 2022

Global updates – a quick glance

Argentina: Threshold for increased special deduction and /or special tax allowance is revised to ARS 280,792 per month from ARS 225,937 per month effective June 1, 2022.

Brazil: Remote working employees in Brazil will be regulated by working time regulations and entitled to overtime.

Canada: Québec’s Bill 96 receives royal assent, it imposes new French language obligations set in the “Charter of the French Language”, affecting workplaces, businesses, contracts, etc.

China: 

  • China and Shanghai release new businesses measures to support the economy, allow delayed housing fund payments, and provide subsides for new hiring
  • Shanghai and Beijing revise salary thresholds for social security contribution effective  July 1, 2022

Colombia: Colombian Government approves general guidelines on remote working.

Finland: Family Leaves Reform enters into force in Finland; increasing parental leave and providing flexibility for leaves.

France: National Industrial Property Institute (Institut national de la propriété Industrielle/INPI) launches single online platform for easier business registration.

Germany:  A fourth Covid Relief Act effective from June 19, 2022, grants extension to applicability of loss carry-back, accelerated depreciation method applicability for additional years and extends tax return filing deadlines.


Hong Kong: Hong Kong passes a Tax Concession Bill to allow tax reduction from salary tax and profit tax for assessment year of 2021-22.


India:

  • Effective April 6, 2022, Ministry of Corporate Affairs (“MCA”) declares certain details in members’ register to  not be available for public inspection.
  • TDS rules on the transfer of virtual digital assets (“VDAs”) effective July 1, 2022.
  • From July 14, 2022, India issued work from home rules for Special Economic Zone (“SEZ”) Units.


Indonesia: Effective May 1, 2022, Indonesia implements VAT and income taxes on crypto assets and on certain financial technology services.

Ireland: Employers with more than 250 employees mandated to submit the Gender Pay gap report by December 31, 2022.

Italy: Ultimate beneficial ownership (UBO Information) reporting requirements are effective beginning June 9, 2022.

Malaysia: Amendments to the Employment Act 1955 providing paternity leaves (7 days) and increased maternity leave (98 days) are effective beginning September 1, 2022.

Poland: Polish deal amended; revised Personal Income Tax (“PIT”) regulations for the year 2022.

Serbia: Serbian Government mandates E-invoicing System with implementation in phases.

Singapore: Beginning May 30, 2022, Singapore introduces timelines for updating the register of “nominee directors” and “foreign company members”.

Sweden: Amendments to the Employment Protection Act are effective beginning October 1, 2022

Thailand: Thailand’s Personal Data Protection Act is effective beginning June 1, 2022.

Data Protection Fines Table
CountryAuthority NameFine imposed onReason For Fine Related to Data Protection FailureAmount of Fine
 Denmark Danish Data Protection Authority (‘Datatilsynet‘) The Danish Civil Service AgencyThe fine was imposed for failure to implement adequate data security measures with regards to its data processing activities.DKK 100,000
France  The French Data Protection Authority (Commission nationale de l’informatique et des libertés/CNIL)A Software Company engaged in providing software solutions for medical analysis laboratories namely Dedalus Biologie SAS (“Dedalus”)The fine was imposed for failure to comply with the instructions issued by the data controller on the processing of the information as required by the law, as well as failing to ensure the security of the personal data.EUR 1.5 million
FranceThe French Council of State confirming decision of Data Protection Authority (CNIL)A Company primarily engaged in providing computer processing and data preparation services namely Amazon Europe Core.The fine was imposed for placing advertising cookies on the computer of users of the selling “website” without prior consent of such users and providing unclear information to the user.EUR 35 million
Hungary  Hungarian Data Protection Authority (NAIH)
A commercial banking company namely Budapest Bank Zrt.The fine was imposed for processing unlawful artificial intelligence-based analysis of recorded audio of customer service calls.HUF 250 million
IrelandThe Data Protection Commission (‘DPC’)Bank of Ireland The fine was imposed for providing inaccurate client information resulting in detrimental effect on the customer’s creditworthiness rating due to mix-up of customers’ account data  EUR 463,000    
Italy The Italian Data Protection Authority (‘Garante per la Protezione dei Dati Personali – Garante’)A company engaged in providing transportation services namely Uber B.V and Uber Technologies IncThe fine was imposed because:
1. The information notice provided to passengers was generic, giving unclear and incomplete information.
2. Failure to obtain valid consent from passengers before processing their personal data; and
3. Failure to notify Authorities of processing data for geolocation purpose.
EUR 2,120,000 each on Uber B.V. and Uber Technologies Inc.
NetherlandsThe Italian The Dutch Data Protection Authority(Autoriteit Persoonsgegevens/AP)Ministry of Finance/ Tax and Customs AdministrationThe fine was imposed for illegally processing personal data over several years, retaining data for a period longer than necessary and maintaining old and inaccurate information in its ‘Fraud Signalling Facility’ (“FSV”) a system which contains the data related to fraud.EUR 3.7 million
NetherlandsThe Dutch Data Protection Authority(Autoriteit Persoonsgegevens/AP)Ministry of Foreign AffairsThe fine was imposed for failure to implement adequate security measure while processing the sensitive data of visa applicants through National Visa Information System (“NVIS”) along with failure to update the vulnerability analysis of NIVS.EUR 565,000
RussiaRussian Magistrate’s Court (the Magistrate’s Court of the Tagansky District of Moscow) on recommendations of the Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskomnadzor’) Google LLC, a Multi-national Corporation in 
Information Technology industry
The fine was imposed for repeated non-compliance with the localization of personal data of Russian users, as mandated under the Law on Personal Data. The companies are required to store the personal data of Russian citizens within the territory of the Russian Federation.RUB 15 million
RussiaRussian Magistrate’s Court on recommendations of the Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskomnadzor’) United Parcel Service, Inc., a multinational shipping, and supply chain management companyThe fine was imposed for refusal to localize the data of Russian users, as mandated under the Law on Personal Data. The companies are required to store the personal data of Russian citizens within the territory of the Russian Federation.RUB 1 million
RussiaRussian Magistrate’s Court on recommendations of the Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskomnadzor’) 1. Twitch Interactive Inc., a company in the gaming, and streaming video service;
2. Pinterest, Inc., a company in the social media service industry; and 
3. Airbnb Inc., a Holiday rental company.
The fine was imposed for refusal to localize the data of Russian users, as mandated under the Law on Personal Data. The companies are required to store the personal data of Russian citizens within the territory of the Russian Federation.RUB 2 million on each company individually
South KoreaThe Personal Information Protection Commission (‘PIPC’)A South Korean company namely Lightning Market Co. Ltd.The fine was imposed for failure to: – 
1. provide sufficient security measures for the protection of personal data;
2. destroy personal information whose purpose or retention status has expired.
KRW 11 million
South Korea The Personal Information Protection Commission (‘PIPC’)Education Group namely Min-Byeong-cheolThe fine was imposed for failure to provide sufficient security measures for the protection of personal data. KRW 6 million
South Korea The Personal Information Protection Commission (‘PIPC’) A South Korean company namely Balkary Co., LtdThe fine was imposed for failure to:- 
1. provide sufficient security measures for the protection of personal data;
2. destroy personal information whose purpose or retention status has expired.
KRW 11 million 
South Korea The Personal Information Protection Commission (‘PIPC’) Cut and Sew Apparel Manufacturing company namely Andar Co., Ltd,The fine was imposed for the following reasons: 
1. delayed reporting of the leaked personal data;
2. processed resident registration numbers without legal rights. 
KRW 11 million
South Korea The Personal Information Protection Commission (‘PIPC’) A South Korean airline company namely Jeju Air Co., LtdThe fine was imposed for delayed reporting of the leaked personal data.KRW 6 million 
South Korea The Personal Information Protection Commission (‘PIPC’) Technology Park namely DaejeonThe fine was imposed for failure to: –
1. regularly check “access records” required for personal information processing system;
2. notify data subjects about the purpose and use of personal information while processing.
KRW 7.8 million
South Korea The Personal Information Protection Commission (‘PIPC’) A University of Art and design namely KaywonThe fine was imposed for failure to: –
1. destroy personal information where purpose or retention status has expired;
2. securely encrypt resident numbers.
KRW 13.5 million
South Korea The Personal Information Protection Commission (‘PIPC’) Digital broadcasting services provider company namely LG HelloVisionThe fine was imposed for the following reasons: 
2. failure to implement appropriate safeguards for the protection of personal information 
2. processed resident registration numbers without legal rights.
KRW 11 million
SpainSpanish Data Protection Authority (“AEPD”)An electronic power generation and distribution company namely Baser Comercializadora De Referencia S.AThe fine was imposed for failure to 
1. adopt adequate security measures for proper verification of customer and 
2. modification of contract without obtaining valid consent from the customer.
EUR 300,000
United Kingdom        The Information Commissioner’s Office (“ICO”)A company engaged in developing an artificial intelligence-based research tool for face recognition namely Clearview AI Inc.The fine was imposed for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.GBP 7,552,800

CLICK HERE FOR FULL REPORT