Privacy Transformation - Issue 10

PRIVACY

Irish genetic data collected by private firm to be shared with health service

Genetic data being collected by an Irish branch of a genomics multinational with links to China will eventually become available to the Irish health service, the chief executive of the company has indicated.

UK taking 'steps' after illegal copying of EU Schengen data

According to a classified report, the UK made illegal copies of EU security data, and its disregard for EU rules on handling such data was a "serious and immediate risk". The Commission now says "practical steps" have since been taken.

The missing pieces: teaching the legal side of web development

We are creating architects who have never heard of building codes, drivers who have never heard of the Highway Code, and doctors who have never heard of the Hippocratic oath.

European Commission - GDPR shows results, but work needs to continue

Just over one year after the entry into application of the General Data Protection Regulation, the European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further.

SECURITY

Does DNS over HTTPS (DoH) imply Privacy?

Does the deployment of DoH provide as much privacy as claimed? In this blog post we present a privacy analysis of the DoH protocol that sheds light on this question. Our results show that despite the use of encryption, DoH traffic still reveals the web pages that users visit, which enables monitoring of user behavior and even the censoring of web traffic.

DATA BREACHES

Data breach cost rises 12% over the past 5 years: IBM Study

IBM Security announced the results of its annual study examining the financial impact of data breaches on organizations. According to the report, the cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average.

ENFORCEMENT

Equifax to Pay Up to 700 Million in 2017 Data Breach Case

The CFPB, the FTC, and 48 State AGS today announced a settlement with Equifax arising from the 2017 data breach that compromised personal data of 143 million Americans. The company, which offers authentication services, failed to safeguard the names, addresses, dates of birth and SSNs of 147 million Americans, and then failed to act once aware of the breach.

CNIL imposes fine of 180K euros for GDPR violation

France’s data protection authority, the CNIL, has imposed a fine of 180,000 euros against Active Insurances, citing the company “breached its obligation to secure personal data provided for by Article 32 of the GDPR.”

Estate agency fined £80,000 for failing to keep tenants’ data safe

The ICO has fined a London estate agency £80,000 for leaving 18,610 customers' personal data exposed for almost two years.

COURTS

Privacy International v Secretary Of State For Foreign & Commonwealth Affairs

The CJEU privacy hearing re UK intelligence agencies’ collection of bulk communications data has been listed before the Grand Chamber for 9th-10th September 2019.

GUIDELINES

German Supervisory Authorities Issue Guidance on Data Subject Rights

Guidance on how to identify data subjects On July 1, 2019, the Bavarian Supervisory Authority for the public sector (“SA”) published guidance on how to identify data subjects.

RESOURCES

Estimating the success of re-identifications in incomplete datasets using generative models

Anonymization has been the main means of addressing privacy concerns in sharing medical and socio-demographic data. Here, the authors estimate the likelihood that a specific person can be re-identified in heavily incomplete datasets.