DataHub Weekly | Privacy & Enterprise Messaging Services.
May 24, 2024 11:30 am
Data Protection News
Kenya
The Office of the Data Protection Commissioner was held to have breached Regulation 11(1) of the Data Protection (Complaints Handling Procedure and Enforcement) Regulations, 2021 which requires the respondent to a complaint to make representations and provide any relevant material or evidence in support of its representations within twenty-one days. The ODPC was ordered to conduct a fresh hearing and determination of the complaint against the Applicant.
Access an easy-to-read case summary of the determination. Read more on DataHub
Tanzania
The High Court held the Tanzania Beijing Huayuan Security Guard Service Company Ltd (the “Respondent”) liable for infringing on the rights of Deogras John Marando (the “Appellant”) when it used the Appellant's image in promotional material without his permission.
Access an easy-to-read case summary of the determination. Read more on DataHub
South Africa
Judith Hawarden (the “Plaintiff”) succeeded in suing ENS for the loss of R5.5 million because of a Business Email Compromise (BEC). The Plaintiff was an ENS’ client who wired money to the firm using account details provided in an email but unaware that the emails had been compromised. The court said that ENS owed a general duty of care to The Plaintiff because as a law firm, ENS was aware of the risk of business email compromises.
Access an easy-to-read case summary of the determination. Read more on DataHub
Quiz
Which of the following is NOT required when a data subject's consent is given in the context of a written declaration which also concerns other matters?
- The request must use clear and plain language.
- The request for consent must be presented in a manner clearly distinguishable from other matters.
- The request for consent must be presented in an easily accessible form.
- The request for consent must include an explicit time frame for its validity.
Learn how to comply with privacy and data protection laws by joining our Compliance Workshops.
In the News
Slack accused of using user's messages to train AI
Slack, the enterprise messaging service was the subject of condemnation this week when it was announced that it is using organisational (customer) data to train its AI models. You can opt out, but most data privacy laws do not consider 'opt out' an acceptable basis for processing personal data.
Some relationships built on trust are now under siege as AI becomes more integrated into productivity tools, introducing new risks. No one signed up to these services with the knowing that their data will become fodder for training AI.
Slack is not alone; Zoom faced similar backlash for a comparable announcement earlier this year.
For corporate Slack users with private channels and chats, this raises several privacy concerns which organisations using similar closed third party channels need to review:
- Review supplier contracts to understand potential uses of your data.
- Impose additional disclosure requirements when negotiating supply contracts. Even if you don't use the service, someone in your supply chain might be using non-compliant tools.
- Consider the liability of knowingly using tools that do not guarantee confidentiality.
- Reflect on the implications for privacy and confidentiality.
- Review other privacy focused and privacy compliant alternatives.
Want more?
Check out Africa-focused data protection resources: datahub.africa which includes:
• AI Policies & Case Tracker
• Country data laws and factsheets
• Data Protection decisions and summaries
• RSVP for Compliance Workshops
• Data Protection Blog
Follow DataHub on LinkedIn, Twitter or check us out online.
DataHub is a free to use data-focused product by MZIZI Africa