Ticketmaster fined USD 10 Million for Hacking Rival Company
In a recently decided matter, the United States District Court for the Eastern District of New York, ordered the company Ticketmaster, to pay a USD10 million fine which forms part of a deferred prosecution settlement. The Ticketmaster admitted, in the settlement that an employee who had earlier worked for a rival company, was involved in the management of presale ticket sales, had provided the login credentials and other confidential documents and information to Ticketmaster’s executives. Apart from this, the former employee demonstrated to Ticketmaster managers, the technique to exploit the defect in the URL generation scheme that was used by the rival company for unpublished ticketing web pages, and subsequently hacked the competitor’s computer system. Ticketmaster later promoted this same employee who had unlawfully acquired the competitor’s information and used the same to enable Ticketmaster to gain undue commercial advantages.
Additionally, Ticketmaster agreed to implement a compliance and ethics program oriented at preventing its employees from unlawfully obtaining competitors confidential information and detecting and averting any hacking in the future.
The new policy requires the users to consent to the newly adopted policy. The users won’t be able to access chat services unless they agree to the revised policy. The messaging company, earlier used to collect and share the user’s information such as number, location and IP addresses. This move has raised concerns with respect to antitrust and data privacy.
Parliamentary Committee proposes changes to the Draft Data Protection Bill
The joint parliamentary committee that has been reviewing the draft Data Protection bill, has recently proposed 89 alterations to the bill The draft data protection bill which has received the Cabinet’s nod was prepared subsequent to the Apex court’s recognition of privacy as a fundamental right in 2017 and its emphasis on need for data protection in the Aadhaar Judgment. The proposed bill requires the company to store critical data within the country. They can transfer the data overseas but subject to being consented by the data owner for the objectives specified in the bill. Further, a company will be required to set up mechanism facilitating the identification for such users who wish to be identified.
Additionally, the punitive provisions under the proposed legislation prescribes penalty of imprisonment of up to three years for such executives of the company who violates the privacy norms. It also proposes three year imprisonment for such employee entrusted with management of data related business, for advertently matching the anonymous data with public data to ascertain the identity of the individual.
Apex court dismisses allegations of cartelization against Uber and Ola
Recently the Supreme Court of India upheld the National Company Law Appelette Tribunal’s (NCLAT) order rejecting claims of cartelization against aggregators Ola and UBER. It stated that the prices were not designed by the aggregators as owing to prices being fixed by algorithm on demand supply basis there exists no possibility of meeting of mind, hence they acted in their individual capacities. The court however, rejected NCLAT’s finding of no locus standi on part of the petitioner.
The court stated that when the Competition Commission of India (CCI), functions as an inquisitorial body it must keep its door wide open in the public interest. Referring to provisions of the act, the court also held that NCLAT’s narrow construction of section 19 cannot be accepted, for definition of person under section 2 (l) is broad and wide. Hence any one can be an informant. The scope of person under section 19 is wide and therefore, individual or any kind of juristic artificial person can be an informant. This is because the proceeding under the said section may carry an implication on public interest.
Further, the court cited section 35 wherein the expression complainant is substituted by expression person or enterprise, to suggest that, while acting suo moto, NCLAT can receive information from anyone and not necessarily the person aggrieved by such conduct.
Debit and credit card data of over 100 million users leaked
‘Justpay,’ the company that processes the payment for big corporate entities such as Amazon, Swiggy and Make My Trip, has reported that the data of over 100 million people got leaked on the dark-web. The data includes non-sensitive information such as user’s name, contact and masked card information. It was leaked through a compromised server of Justpay and the data were classified as dumped. It also reported that the information such as full card numbers, pin and passwords and orders are safe.
T-Mobile reports a Security Breach
The US based telecom provider T-Mobile recently reported a security breach into its user data. According to the company, the customer information such as phone numbers, lines subscribed to an account and call related data were accessed. “The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs.”
Further, the company claimed that the breach impacted only 0.2% of the user database. The company carries a history of security breach which was reported in August 2018, November 2019 and March 2020.
Authored and compiled by Neharika Vhatkar (Associate, BananaIP Counsels) and Anoop Kumar (Legal Intern)
The IP, Privacy and Antitrust Law News Bulletin is brought to you by the Consulting/Strategy Division of BananaIP Counsels, a Top IP Firm in India. If you have any questions, or need any clarifications, please write to [email protected] with the subject: IP, Privacy and Antitrust Law News.
Disclaimer: Please note that the news bulletin has been put together from different sources, primary and secondary, and BananaIP’s reporters may not have verified all the news published in the bulletin. You may write to [email protected] for corrections and take down.