Business AgreementsIntellectual Property

Misuse of Privacy Policy

This article is all about the privacy poly and Misuse of privacy policy along with cases that came to light all around the world.

Misuse of a privacy policy  results in serious aftermath. A privacy policy is a legal document that explains how an organisation accumulates, manages, processes, and respects the personal data of its consumers on a website or app. Most privacy policies employ clear and unambiguous language to make sure that users or site viewers comprehend what personal data the company rack up and how that information would be used.

Any digital medium that fetches and piles up the user data, such as web pages, e-commerce sites, blogs, online software, smartphone apps, and desktop programs, must have a privacy policy.

Misuse of Privacy Policy 

Data or misuse of privacy policy can be interpreted as making use of any data in such a manner that it is not intended to be utilised. Data usage regulations are generally outlined in laws, industry standards, business policies, and user agreements.

Misuse of Privacy policy is frequently linked to data theft. In contrast to data theft, information is not necessarily provided to third parties in the situation of data abuse. It can, in some situations, result in a data breach.

For instance, an employee may copy data on a flash drive for personal use but then misplace it, resulting in a data leak. Alternatively, an employee might work from home by sending data to their own laptop, which can be hijacked.

Enactments to Prevent Misuse of Privacy Policy 

Countries all across the world are acting to shield their people’s online privacy, which was formerly completely unregulated. As a result, it’s vital to stay informed on rules and guidelines made to limit misuse of privacy policy  in any region where your company operates in order to prevent sanctions.

Let us have a look at the countries that have taken the step to limit the misuse of privacy policy.

European Nations

The General Data Privacy Regulation (GDPR) is widely thought to be important in data protection legislation, and given that it applies to every country in the EU, it’s difficult not to place it at the top of the list.

Because of how thoroughly the GDPR outlines both data subject rights and the obligations of data handlers and processors, it is practically impossible for any business subject to the GDPR to argue that they are unaware of their legal obligations. Noncompliance and data breaches are punishable by fines of up to 20 million euros or 4% of the breaching company’s annual global turnover, whichever is greater.


In May 2017, Japan’s Act on Personal Information Protection, or, was revised to include enterprises from outside Japan that serve Japanese residents.

Additionally, recently, the EU and Japan signed an agreement on “reciprocal adequacy.” This means that corporations and organisations based in the European nations and subject to the GDPR may face sanctions in both the EU and Japan if a privacy infringement occurs in Japan while the company or organisation is located in the EU—and likewise.


The Lei Geral de Proteção de Dados (LGPD) of Brazil was among the first data protection legislation to go into force following the GDPR.

In practically every major regard, it came into effect after the GDPR, including applicability, scope, and rules for data transfers outside of Brazilian jurisdiction. The LGPD, on the other hand, specifies somewhat less severe penalties for enterprises that fail to obey the laws regarding misuse of privacy policy; the maximum fine authorised is roughly 50 million Brazilian real ($10.6 million).


Encountered Misuse of Privacy Policy and Breaching

Data abuse is not necessarily theft. Theft occurs when a bad actor steals personal data without permission; data misuse occurs when the accumulated information is used for purposes other than those intended. These incidents are typically less malicious than an insider threat selling firm data to a third party and instead adopting a more careless approach. Here is the list below mentioning the misuse of privacy policy cases witnessed by the world.


The French data protection regulator fined Google roughly $57 million in 2020 for being ignorant about how the company exploited customers’ personal data. At the same time, Ireland’s Data Protection Commission informed the global juggernaut of its intent to scrutinise the company’s use of and openness regarding user location data—the second notification since the GDPR became policy in 2018.

Leaked Nationwide Children’s Hospital Data

The Nationwide Children’s Hospital Research Institute in Columbus, Ohio, suffered a trade secrets breach that was discovered in spring 2021. A researcher at the facility sold the hospital’s trade secrets to China, along with his wife. During ten years of research, the two collected data in separate laboratories before illegally passing it on to competitors. Exosome-related hidden data is crucial for research as well as for diagnosing and treating various disorders.

Yu Zhou, the researcher, was convicted of 33 months in prison, asset forfeiture, and a $2.6 million fine for conspiring and trading trade secrets.

Twitter’s admission

In September 2019, Twitter confirmed allowing advertisers way into its users’ personal data in order to increase marketing campaign targeting. The problem, which the firm described as an internal oversight, gave Twitter’s Tailored Audiences marketers access to user contact details. Without our approval, Twitter’s ad purchasers might cross-reference their marketing database with Twitter to discover shared customers and deliver them customised advertising.

Credit Suisse data theft

Credit Suisse was the victim of an insider threat conducted by an internal staff whistleblower in February 2022. The employee released material to a German newspaper that he had access to.

As a result, information on over 18,000 accounts, containing more than $100 billion was disclosed to the Süddeutsche Zeitung newspaper, and thereafter to a wide range of other global media and organisations. Journalists swiftly disseminated the information, which contained details on ‘dirty billings’ belonging to several sanctioned individuals. Credit Suisse’s stock dropped roughly 3% following the incident.

Theft of Avago and Skyworks trade secrets

A U.S. District Court convicted Chinese national Hao Zhang guilty of trade secret stealing and economic spying against both Avago and Skyworks on June 26, 2020. According to the court, Hao spent five years collecting materials with the intention of assisting the Chinese government and starting his own business.

Hao and his associates collected information about wireless device manufacture and performance. The conspirators then formed their own company and attempted to compete with the companies from which they stole information. Employees from China’s Tianjin University also participated in the scheme.

Nearly every single day, a firm or government misuses your information. Whether these violations are deliberate or unintentional, we need to learn from them in order to better design tomorrow’s rules and technologies. Read more about your rights and obligations on Vakilsearch!

Read more:-



Back to top button


Remove Adblocker Extension