Our pick of key compliance stories this month
- TikTok faces lawsuit over data privacy concerns
- £60k fine for preventable identifiable serious injury
- Super League fiasco could affect competition law
- Ex-Braskem CEO pleads guilty in $250m bribery case
- EU to propose GDPR-like fines for AI abuses
- Home Office algorithm raises fears of discrimination
- 1 in 5 UK Covid contracts raise corruption alarm
- Ransomware hackers steal Apple product plans
- Baroness Mone loses unfair dismissal case
- FCA asks Wirex to strengthen AML controls
TikTok faces lawsuit over data privacy concerns
TikTok faces a legal challenge over how it collects and uses children's data.
It's alleged that TikTok takes children's personal information, including phone numbers, videos, exact location and biometric data, without sufficient warning, transparency or the necessary consent required by law, and without children or parents knowing what is being done with that information.
TikTok responded in a statement saying: "Privacy and safety are top priorities for TikTok and we have robust policies, processes and technologies in place to help protect all users and our teenage users in particular. We believe the claims lack merit and intend to vigorously defend the action."
- Make sure you take extra care to deal with children's personal data in a secure and lawful manner
- Never bundle requests for consent with other issues - e.g. try to conceal it in terms and conditions
- Never rely on consent where there is a more appropriate basis for processing the data
- Don't treat individuals who have withdrawn consent less favourably than those who haven't
Amber Industries Limited in Oldham, Lancashire has been fined after a 17-year-old apprentice got his hand caught in machinery.
The apprentice was reaming workpieces using an unguarded pillar drill whilst wearing gloves. The glove on his right hand became entangled in the drill bit resulting in three of his fingers being severed.
An investigation by the Health and Safety Executive (HSE) found there were no guards in place to prevent access to rotating parts and that the company had failed to provide suitable information, instruction and training to the apprentice, including clear instructions not to wear gloves. They also failed to provide adequate supervision and monitoring.
HSE inspector Jane Carroll said: “This injury was easily preventable, and the risk should have been identified. Employers should make sure they properly assess and apply effective control measures to minimise the risk from dangerous parts of machinery”.
The company was fined £52,500 and ordered to pay costs of £14,442.
- Never allow the removal of safety guards or other safety measures for any reason
- Ensure that staff are provided with adequate personal protective equipment (PPE) and that it is worn whenever required
- Never allow the use of any work equipment without proper training or authorisation
- Make sure that work equipment is only used for tasks for which it was designed
Super League fiasco could affect competition law
Changes to competition law are being proposed by Culture Secretary Oliver Dowden in order to protect Football as a national treasure.
Football fans will be empowered in the wake of the collapsed European Super League (ESL) project. The Government will follow the example of the French government, where competition law takes into account 'national heritage and cultural implications'.
Liverpool, Manchester United, Tottenham and Arsenal, Chelsea and Manchester City walked away from the ESL after a furious backlash from fans, MPs and ministers. The Government has also threatened legal action to block the ESL.
Mr Dowden said: "Football owners need to understand they are just temporary custodians of this piece of our national life and heritage that goes back over a century".
Ex-Braskem CEO pleads guilty in $250m bribery case
The former chief executive officer of Braskem SA, Brazil’s largest petrochemicals company, admitted he took part in a sweeping bribery plot also involving Braskem’s parent company, Odebrecht SA.
Jose Carlos Grubisich pleaded guilty on Thursday to two counts of conspiracy to violate U.S. anti-bribery laws, acknowledging that he approved a $4.3 million payoff to an official of the state-owned energy company Petroleo Brasileiro SA for rights to build and operate a plant.
Under the deal he struck with prosecutors, Grubisich faces as long as 10 years in prison. His plea is the latest chapter in a sprawling corruption scandal centred on Petrobras.
- Make sure that you conduct adequate due diligence on all third parties and make our stance on bribery clear to them
- Have a suitable Gifts and Entertainment Policy in place so that everyone is clear on what is and is not acceptable
- Never make facilitation payments - they're just bribery by another name
- Remember that bribery is a criminal offence and can result in hefty fines or even a stretch in jail!
EU to propose GDPR-like fines for AI abuses
The European Union (EU) is set to propose a set of enforceable rules that will restrict the use of artificial intelligence (AI) systems against the threat of hefty GDPR-like fines for flagrant violations.
Under the proposals drafted by the European Commission (EC), organisations operating in the EU will not be allowed to use AI for mass surveillance or for ranking social behaviour. Systems deployed to manipulate human behaviour, exploit information about individuals or groups would also be banned in the EU.
Under the rules, authorisation would be required to use biometric identification systems in the public domain, while high-risk AI applications would need to undergo a thorough inspection before they’re deployed.
Home Office algorithm raises fears of discrimination
A controversial new Home Office algorithm being used to detect 'sham marriages' could discriminate according to nationality and the age gap between partners, according to lawyers. The system makes an assessment of whether their partnerships are genuine or designed to get around visa rules.
Critics warn that inherent biases in sham marriage algorithms could affect genuine couples wanting to settle in Britain. The Bureau of Investigative Journalism established that an equality impact assessment (EIA) conducted by the Home Office revealed several issues with the triage process, including the possibility of indirect discrimination based on age.
The system's use of historic data leaves the process open to similar discrimination around nationality, echoing previous concerns about the systems used by the department as it developed a 'hostile environment' regime.
- Make sure you do everything to promote and support diversity - not only is it the right thing to do, but it's also good for business
- Avoid discrimination in any form in relation to the nine protected characteristics: age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex and sexual orientation
- Take any complaints or reports seriously, escalating them appropriately if necessary
1 in 5 UK Covid contracts raise corruption alarm
A fifth of UK Government Covid contracts awarded between February and November 2020 contained one or more red flags for possible corruption and require urgent further investigation.
Transparency International UK said a 'seriously flawed' arrangement, had 'damaged trust in the integrity of the pandemic response'. Companies bidding for contracts were prioritised via a 'VIP lane' driven by their political connections.
The group said Boris Johnson’s government must disclose the identities of companies awarded public money through the VIP lane, which was set up by the Cabinet Office and the Department of Health and Social Care in the early days of the pandemic.
Transparency International identified 73 Covid-related contracts with multiple factors that would ordinarily be treated as red flags for possible corruption, such as the company being politically connected. 27 PPE or testing contracts worth £2.1bn were awarded to firms with connections to the Conservative party.
Ransomware hackers steal Apple product plans
Apple is facing a ransomware demand after a group of cybercriminals stole confidential plans for the company’s upcoming products from a supplier.
The 'Sodin' group, who created and distributed ransomware called REvil, says it stole the plans from Quanta Computer, a Taiwanese company that assembles a number of Apple laptops.
This ransomware encrypts files and demands payment to receive the encryption key and recover the data. However, Sodin has gone one step further this time and attempted to steal the files themselves and extort payment from those who have backups by threatening to publish confidential data.
The hackers released plans for a pair of Apple laptops, a new Apple Watch and a new Lenovo ThinkPad. They even posted a set of blueprints for some products, including schematics for the new iMacs that the company recently launched.
- Be constantly aware and consider cybersecurity in everything that you do - a momentary lapse in concentration can have disastrous consequences
- Be vigilant - remember that access to corporate networks and data makes you a target for cybercriminals
- Treat all unsolicited or unexpected requests with caution - challenge anything that is unusual or suspicious
- Be cautious and even cynical about offers, demands and messages that are designed to arouse curiosity, anxiety or fears
Baroness Mone loses unfair dismissal case
A former housekeeper at Baroness Michelle Mone's mansion has won a payout for unfair dismissal.
Deborah Wendy Lace had been a long-term employee of Mone's husband, Doug Barrowman. However, she was sacked from her role by Mone, the tycoon and Tory peer, last June. Lace claimed Mone's previous behaviour had resulted in other long-term staff either quitting or being dismissed.
The former housekeeper also claimed her relationship with Mone soured when she was ordered to work during a bank holiday to cover for staff who worked while she was self-isolating due to coronavirus.
An Isle of Man tribunal awarded Lace £20,355 for unfair dismissal, with an extra £2,160 added as the company failed to outline employment conditions when she was hired 12 years earlier.
FCA asks Wirex to strengthen AML controls
Wirex has paused the onboarding of new clients in the UK at the behest of the Financial Conduct Authority in order to strengthen its anti-money laundering controls.
The FCA took on supervisory responsibility for anti-money laundering in January 2020 and required existing crypto businesses to register with it by 15 December 2021 in order to enforce compliance. Wirex, whose app allows users to buy, exchange and spend both cryptocurrencies and traditional fiat currencies in conjunction with a multicurrency payment card - says it will dedicate resources to further strengthen its 5AMLD compliance protocols.
Pavel Matveev, co-founder & CEO of Wirex says: “The FCA have, in dialogue with us, made suggestions on how we can implement changes to our operational procedures, which we welcome and intend to follow".
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!