Global updates – a quick glance
Argentina:
- Threshold for increased special deduction/ special tax allowance revised to ARS 225,937 per month from ARS 175,000 per month for the year 2022.
- For companies having 100 or more employees, provision of ‘childcare spaces’ became mandatory for children between 45 days and 3 years of age.
Australia:
- Electronic execution/signing of documents and virtual conduct of meetings made permanent in wake of COVID-19 crisis.
- From July 1, 2022, cessation of employment will not be treated as taxing point for Employee Share Scheme (“ESS”) interests.
- Gradual implementation of e-invoicing in public sector from 2022 and in B2B from 2023 onwards.
- Superannuation guarantee contribution base increased to AUD 60,220 per quarter from AUD 58,920 per quarter and superannuation contribution rate increased to 10.5% from 10% from July 1, 2022.
Canada:
- Canada’s Federal budget announced for the year 2022-2023. Corporate tax rates remain unchanged. The Budget provides an update on the Canadian implementation of the two-pillar plan of the Organization for Economic Co-operation and Development (“OECD”)/ G20 Inclusive Framework on Base Erosion and Profit Shifting (“BEPS”).
- Canada introduces changes in federal income tax slabs for 2022; tax rates remain unchanged.
- Ontario requires employers to implement a ‘right to disconnect’ policy, prohibits certain non-compete agreements.
- Ontario introduces significant beneficial ownership register requirements for private corporations effective January 1, 2023.
- British Columbia introduces 5 days of mandatory paid sick leave annually for employees effective from January 1, 2022.
China:
- China has come up with the revised “Negative Lists” applicable from January 1, 2022, relaxing further restrictions on foreign investment.
- regime.
Colombia:
- Colombia introduces amendments in the definition of reporting entity and changes in the due dates for filing ultimate beneficial ownership information.
- Colombia enacts new law “Labor Disconnection Law”, requires employers to formulate an “internal work disconnection policy” for their employees.
- Colombia extends paternity leave from 8 working days to 2 weeks and introduces shared parental and flexible part-time parental leave.
- Colombia issues decree setting deadlines for 2022 for tax return payment and filing as well as transfer pricing compliance viz. return, local file, master file, and Country-By-Country (“CBCr”) reporting.
- Colombia issues a decree on Binding Corporate Rules providing minimum standards for the protection of personal data.
Czech Republic: Czech Republic extends the paternity leave period from 1 week to 2 weeks effective from January 1, 2022.
Denmark:
- Revised Intrastat reporting thresholds to be effective from January 1, 2022.
- New work from home rules introduced in Denmark from the end of April 2022
France:
- For the year 2022, the corporate Tax Rate shall be reduced from 26.5% to 25% for all the companies
Honduras: Personal income tax slabs increased for year 2022
India: Effective from April 1, 2022, the e-invoicing turnover threshold lowered to INR 200 million.
Italy:
- Deadline for replacing Italy’s tax reporting system (“esterometro”) by Sistema di Interscambio (“Sdi”) extended to July 2022 from January 2022.
- Companies with more than 50 employees to prepare Equal Opportunities Report every 2 years.
Lithuania: Lithuania increases Intrastat reporting thresholds for 2022 effective from January 1, 2022.
Mexico: Unit of Measurement and Update (“UMA”) values for 2022 announced effective from February 1, 2022.
Netherlands: Effective from August 2, 2022, Paid Parental Leave to be increased from 50% to 70%.
Peru:
- Tax Unit Value increased to PEN 4,600 from PEN 4,400 for 2022.
- Timelines issued for reporting beneficial ownership information for 2022 and 2023.
Slovenia: Slovenia amends income tax act, reduces the personal income tax rate from 50% to 45%.
South Africa:
- Corporate income tax rate reduced from 28% to 27% for years of assessment ending on or after March 31, 2023.
- Code of good practice on prevention and elimination of harassment at the workplace came into effect on March 18, 2022.
Spain: Community of Madrid reduces personal income tax rates by 0.5% with effect from January 1, 2022.
Taiwan:
- Tax registration rules for e-commerce companies are effective from March 1, 2022.
- Paid paternity leave increased from 5 days to 7 days from January 2022.
- Controlled Foreign Company (“CFC”) rules are set to be effective from January 1, 2023.
Thailand: Reduction in social security contributions rate from 5% to 1% for the period of 3 months (from May to June 2022).
UAE: UAE introduces new penalties of up to AED 50,000 and/ or suspension of issuing of work permits and/ or legal action, for delay in payment of wages.
Vietnam: Vietnam introduces fine of up to VND 30 million for sexual harassment at the workplace.
Data Protection Fines Table | ||||
Country | Authority Name | Fine imposed on | Reason For Fine Related to Data Protection Failure | Amount of Fine |
Colombia | Superintendence of Industry and Commerce (“SIC”) | A non-depositary credit sector company namely System Group (SAS) | Fine was imposed for following failures:i) Violation of provisions of Habeas data (viz. personal data, etc.),ii) Failure to ensure accuracy and quality while processing personal data,lack of informed consent while processing the data | COP 27,653,343 |
France | The French Data Protection Authority (Commission nationale de l’informatique et des libertés/CNIL) | Information Technology companies namely Google (Google LLC and Google Ireland Limited) and Facebook Ireland Limited | Failing to provide an equivalent solution (button or other) enabling the user to refuse saving of the cookies, which is provided for accepting the same. This amounts to an infringement of rights under French Data Protection Act. | Google (Google LLC and Google Ireland Limited) – EUR 90 million and EUR 60 million respectively Facebook Ireland Limited – EUR 60 million |
Hungary | National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és | Company providing technical and IT support, namely Techno-Tel. | For unlawfully processing biometric data using facial recognition cameras in a public area surveillance system. | HUF 500,000 |
Ireland | The Data Protection Commission (‘DPC’) | An Information Technology company namely Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) | Failure to have an appropriate system that aids in demonstrating the security measures put in place to protect users’ data. | EUR 17 million |
Italy | The Italian Data Protection Authority (‘Garante’) | Electric power generation and transmission company namely Enel Energia (SpA) | Non-cooperation with the authorities during investigation and violation of principles of accuracy in processing data for telemarketing purpose | EUR 26,513,977 |
Italy | The Italian Data Protection Authority (‘Garante’) | An American facial recognition and software company namely Clearview AI | Unlawful collection of facial images of people for bio-metric data. | EUR 20 million |
Italy | The Italian Data Protection Authority (‘Garante’) | An American facial recognition and software company namely Clearview AI | Failure to appoint EU representative under Article 27 of GDPR | EUR 600,000 |
Spain | Spanish Data Protection Authority (“AEPD”) | A transportation support services company namely Amazon Road Transport Spain S.L | Unlawful processing of criminal conviction data | EUR 2 million |
Poland | The Polish data protection authority (‘UODO’) | A limited liability company in information service industry dealing in digital archive services, namely PIKA Sp. z o. o. | The fine was levied for failure to implement adequate security measures for transmission of data (viz. data was neither encrypted nor pseudonymised) and hence the company was fined for the breach. | PLN 250,000 |
Poland | The Polish data protection authority (‘UODO’) | A joint stock company dealing in electric power generation, transmission, and distribution namely Fortum Marketing and Sales Polska S.A. | The company was responsible for maintenance of data of PIKA Sp. z o. o. (as mentioned above).The fine was imposed for failure to implement technical and organizational security measures for PIKA Sp. z o. o.’s data handled by them. It resulted in a data breach by allowing unauthorized access to customer data. | PLN 4.9 million |
Poland | The Polish data protection authority (‘UODO’) | A joint stock company dealing in depository credit intermediation namely Santander Bank Polska S.A. | The fine was levied for failure to implement adequate security measure resulting into unauthorized access to former employee to customer data and failure to notify affected parties (data subjects) about the data breach. | PLN 545,000 |
Poland | The Polish data protection authority (‘UODO’) | A joint stock company dealing in depository credit intermediation namely Santander Bank Polska S.A. | The fine was levied for failure to implement adequate security measure resulting into unauthorized access to former employee to customer data and failure to notify affected parties (data subjects) about the data breach. | PLN 545,000 |
South Korea | The Personal Information Protection Commission (‘PIPC’) | Dating app “Goldspoon” company namely Triple Comma Co., Ltd. | Failure to: -i) delete customers personal information, ii) obtain consent for the collection of sensitive personal information,iii) destroy information of users who have not used dating app services for more than one year, and other violations of the Personal Information Protection Act. | KRW 148.39 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | A public broadcasting organization namely Korea Education Broadcasting Corporation (‘EBS’) | Failure to notify individuals and obtain their consent about the transfer of collected data to a third party for further processing. | KRW 51.048 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | A Motor Vehicle parts Manufacturing company namely Sungbo Industrial Co., Ltd. | Fine was imposed for the following failures: -i) reporting of the data breach;ii) establishing encryption measures for the data processing.iii) destroying personal information whose purpose or retention status has expired, andiv) leakage of resident registration numbers. | KRW 21.5 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | Software and electronic test tools manufacturing company namely Fluke Korea Co., Ltd. | For delayed reporting of personal data breaches and failure to provide sufficient security measures for the protection of personal data. | KRW 9 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | A mobile gaming company namely Zynga Inc. | Delayed reporting of data breach and failure to provide sufficient security measures for the protection of personal data. | KRW 18.3 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | A South Korean company namely Canva, Inc. | Delayed reporting of data breach and failure to provide sufficient security measures for the protection of personal data. | KRW 10 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | A South Korean company namely How Build Co., Ltd. | For Violating the processing of resident registration numbers and had insufficient safety measures for the protection of personal data. | KRW 14.9 million |
South Korea | The Personal Information Protection Commission (‘PIPC’) | Semiconductor manufacturing company namely SK Hynix Co. Ltd. | Failure to provide sufficient security measures for the protection of personal data. | KRW 5.4 million |
United Kingdom | The Information Commissioner’s Office (“ICO”) | A home improvement firm namely Home2Sense Ltd. | Making a half a million unsolicited marketing calls for offering insulation services to people registered with the Telephone Preference Service (TPS). | GBP 200,000 |
United Kingdom | The Information Commissioner’s Office (“ICO”) | A Company engaged in Finance insurance and credit sector namely Home Sure Solutions Ltd. (HSSL) | Unwanted marketing call targeting the elderly and vulnerable people who are registered with Telephone Preference Service (TPS) which is strictly prohibited to be done without their consent/permission. | GBP 100,000 |
United Kingdom | The Information Commissioner’s Office (“ICO”) | A Company engaged in Finance insurance and credit sector namely UK Appliance Cover Ltd. | Unwanted marketing call targeting the elderly and vulnerable people who are registered with Telephone Preference Service (TPS) which is strictly prohibited to be done without their consent/permission. | GBP 100,000 |
United Kingdom | The Information Commissioner’s Office (“ICO”) | A Company engaged in Finance insurance and credit sector namely UK Platinum Home Care Services Ltd. | Unwanted marketing call targeting the elderly and vulnerable people who are registered with Telephone Preference Service (TPS) which is strictly prohibited to be done without their consent/permission. | GBP 110,000 |