Global Updates – July 2022
Global updates – a quick glance
Argentina: Threshold for increased special deduction and /or special tax allowance is revised to ARS 280,792 per month from ARS 225,937 per month effective June 1, 2022.
Brazil: Remote working employees in Brazil will be regulated by working time regulations and entitled to overtime.
Canada: Québec’s Bill 96 receives royal assent, it imposes new French language obligations set in the “Charter of the French Language”, affecting workplaces, businesses, contracts, etc.
China:
- China and Shanghai release new businesses measures to support the economy, allow delayed housing fund payments, and provide subsides for new hiring
- Shanghai and Beijing revise salary thresholds for social security contribution effective July 1, 2022
Colombia: Colombian Government approves general guidelines on remote working.
Finland: Family Leaves Reform enters into force in Finland; increasing parental leave and providing flexibility for leaves.
France: National Industrial Property Institute (Institut national de la propriété Industrielle/INPI) launches single online platform for easier business registration.
Germany: A fourth Covid Relief Act effective from June 19, 2022, grants extension to applicability of loss carry-back, accelerated depreciation method applicability for additional years and extends tax return filing deadlines.
Hong Kong: Hong Kong passes a Tax Concession Bill to allow tax reduction from salary tax and profit tax for assessment year of 2021-22.
India:
- Effective April 6, 2022, Ministry of Corporate Affairs (“MCA”) declares certain details in members’ register to not be available for public inspection.
- TDS rules on the transfer of virtual digital assets (“VDAs”) effective July 1, 2022.
- From July 14, 2022, India issued work from home rules for Special Economic Zone (“SEZ”) Units.
Indonesia: Effective May 1, 2022, Indonesia implements VAT and income taxes on crypto assets and on certain financial technology services.
Ireland: Employers with more than 250 employees mandated to submit the Gender Pay gap report by December 31, 2022.
Italy: Ultimate beneficial ownership (UBO Information) reporting requirements are effective beginning June 9, 2022.
Malaysia: Amendments to the Employment Act 1955 providing paternity leaves (7 days) and increased maternity leave (98 days) are effective beginning September 1, 2022.
Poland: Polish deal amended; revised Personal Income Tax (“PIT”) regulations for the year 2022.
Serbia: Serbian Government mandates E-invoicing System with implementation in phases.
Singapore: Beginning May 30, 2022, Singapore introduces timelines for updating the register of “nominee directors” and “foreign company members”.
Sweden: Amendments to the Employment Protection Act are effective beginning October 1, 2022
Thailand: Thailand’s Personal Data Protection Act is effective beginning June 1, 2022.
| Data Protection Fines Table | ||||
| Country | Authority Name | Fine imposed on | Reason For Fine Related to Data Protection Failure | Amount of Fine |
| Denmark | Danish Data Protection Authority (‘Datatilsynet‘) | The Danish Civil Service Agency | The fine was imposed for failure to implement adequate data security measures with regards to its data processing activities. | DKK 100,000 |
| France | The French Data Protection Authority (Commission nationale de l’informatique et des libertés/CNIL) | A Software Company engaged in providing software solutions for medical analysis laboratories namely Dedalus Biologie SAS (“Dedalus”) | The fine was imposed for failure to comply with the instructions issued by the data controller on the processing of the information as required by the law, as well as failing to ensure the security of the personal data. | EUR 1.5 million |
| France | The French Council of State confirming decision of Data Protection Authority (CNIL) | A Company primarily engaged in providing computer processing and data preparation services namely Amazon Europe Core. | The fine was imposed for placing advertising cookies on the computer of users of the selling “website” without prior consent of such users and providing unclear information to the user. | EUR 35 million |
| Hungary | Hungarian Data Protection Authority (NAIH) | A commercial banking company namely Budapest Bank Zrt. | The fine was imposed for processing unlawful artificial intelligence-based analysis of recorded audio of customer service calls. | HUF 250 million |
| Ireland | The Data Protection Commission (‘DPC’) | Bank of Ireland | The fine was imposed for providing inaccurate client information resulting in detrimental effect on the customer’s creditworthiness rating due to mix-up of customers’ account data | EUR 463,000 |
| Italy | The Italian Data Protection Authority (‘Garante per la Protezione dei Dati Personali – Garante’) | A company engaged in providing transportation services namely Uber B.V and Uber Technologies Inc | The fine was imposed because: 1. The information notice provided to passengers was generic, giving unclear and incomplete information. 2. Failure to obtain valid consent from passengers before processing their personal data; and 3. Failure to notify Authorities of processing data for geolocation purpose. | EUR 2,120,000 each on Uber B.V. and Uber Technologies Inc. |
| Netherlands | The Italian The Dutch Data Protection Authority(Autoriteit Persoonsgegevens/AP) | Ministry of Finance/ Tax and Customs Administration | The fine was imposed for illegally processing personal data over several years, retaining data for a period longer than necessary and maintaining old and inaccurate information in its ‘Fraud Signalling Facility’ (“FSV”) a system which contains the data related to fraud. | EUR 3.7 million |
| Netherlands | The Dutch Data Protection Authority(Autoriteit Persoonsgegevens/AP) | Ministry of Foreign Affairs | The fine was imposed for failure to implement adequate security measure while processing the sensitive data of visa applicants through National Visa Information System (“NVIS”) along with failure to update the vulnerability analysis of NIVS. | EUR 565,000 |
| Russia | Russian Magistrate’s Court (the Magistrate’s Court of the Tagansky District of Moscow) on recommendations of the Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskomnadzor’) | Google LLC, a Multi-national Corporation in Information Technology industry | The fine was imposed for repeated non-compliance with the localization of personal data of Russian users, as mandated under the Law on Personal Data. The companies are required to store the personal data of Russian citizens within the territory of the Russian Federation. | RUB 15 million |
| Russia | Russian Magistrate’s Court on recommendations of the Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskomnadzor’) | United Parcel Service, Inc., a multinational shipping, and supply chain management company | The fine was imposed for refusal to localize the data of Russian users, as mandated under the Law on Personal Data. The companies are required to store the personal data of Russian citizens within the territory of the Russian Federation. | RUB 1 million |
| Russia | Russian Magistrate’s Court on recommendations of the Federal Service for the Supervision of Communications, Information Technology and Mass Media (‘Roskomnadzor’) | 1. Twitch Interactive Inc., a company in the gaming, and streaming video service; 2. Pinterest, Inc., a company in the social media service industry; and 3. Airbnb Inc., a Holiday rental company. | The fine was imposed for refusal to localize the data of Russian users, as mandated under the Law on Personal Data. The companies are required to store the personal data of Russian citizens within the territory of the Russian Federation. | RUB 2 million on each company individually |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | A South Korean company namely Lightning Market Co. Ltd. | The fine was imposed for failure to: – 1. provide sufficient security measures for the protection of personal data; 2. destroy personal information whose purpose or retention status has expired. | KRW 11 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | Education Group namely Min-Byeong-cheol | The fine was imposed for failure to provide sufficient security measures for the protection of personal data. | KRW 6 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | A South Korean company namely Balkary Co., Ltd | The fine was imposed for failure to:- 1. provide sufficient security measures for the protection of personal data; 2. destroy personal information whose purpose or retention status has expired. | KRW 11 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | Cut and Sew Apparel Manufacturing company namely Andar Co., Ltd, | The fine was imposed for the following reasons: 1. delayed reporting of the leaked personal data; 2. processed resident registration numbers without legal rights. | KRW 11 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | A South Korean airline company namely Jeju Air Co., Ltd | The fine was imposed for delayed reporting of the leaked personal data. | KRW 6 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | Technology Park namely Daejeon | The fine was imposed for failure to: – 1. regularly check “access records” required for personal information processing system; 2. notify data subjects about the purpose and use of personal information while processing. | KRW 7.8 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | A University of Art and design namely Kaywon | The fine was imposed for failure to: – 1. destroy personal information where purpose or retention status has expired; 2. securely encrypt resident numbers. | KRW 13.5 million |
| South Korea | The Personal Information Protection Commission (‘PIPC’) | Digital broadcasting services provider company namely LG HelloVision | The fine was imposed for the following reasons: 2. failure to implement appropriate safeguards for the protection of personal information 2. processed resident registration numbers without legal rights. | KRW 11 million |
| Spain | Spanish Data Protection Authority (“AEPD”) | An electronic power generation and distribution company namely Baser Comercializadora De Referencia S.A | The fine was imposed for failure to 1. adopt adequate security measures for proper verification of customer and 2. modification of contract without obtaining valid consent from the customer. | EUR 300,000 |
| United Kingdom | The Information Commissioner’s Office (“ICO”) | A company engaged in developing an artificial intelligence-based research tool for face recognition namely Clearview AI Inc. | The fine was imposed for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition. | GBP 7,552,800 |