Privacy Transformation - Issue 106
PRIVACY
Data Protection Commission resumes Facebook data transfer probe
The Data Protection Commission (DPC) has given Facebook six weeks to respond to an investigation that may trigger a ban on the social media giant's transatlantic data transfers following a High Court ruling that the probe could resume.
HSE hack: A sensitive Tusla database dealing with child protection cases can't be accessed
Child Protection work by Tusla has been hugely hampered by the HSE cyber-attack as a database used to manage cases has been hit. The National Childcare Information System (NCCIS) looks after child protection and welfare cases across the country. Multiple sources have told The Journal that the hack has caused a halt to work as social workers, administrative staff and management cannot access critical data files.
MEPs urge the Commission to amend UK adequacy decisions
The European Commission should amend its draft decision on UK data protection to ensure EU standards for citizens’ privacy are respected.
EDPS — GDPR: a three-year-old who must still learn to walk before it runs
Three years ago today, the most fundamental piece of legislation for data protection in the European Union, the General Data Protection Regulation (GDPR), entered into application. Today, we take a moment to reflect on what the last three years have had to offer.
RELATED: NOYB Statement: 3rd Anniversary of the GDPR
Final Revised SCCs expected soon with final revised EDPB Recommendations to follow after 15 June
It was reported yesterday that publication of revised final EU Standard Contractual Clauses may be as soon as next week and that revised final EDPB.
Opinion: The Irish High Court judgment on EU-US data flows
The Irish High Court's May 14 judgment concerning Facebook's EU-U.S. data transfers sheds light on the DPC's and the court's initial views on issues.
EU citizens win right to access personal data held by Home Office
EU citizens have won the right to get full access to records about them held by the Home Office or any other body after a legal battle by campaigners.
RELATED: Immigration data protection exemption ruled unlawful
SECURITY & TECH
Cyberattack: 80,000 devices being assessed as HSE warns system restoration will take weeks
Substantial disruption to services around the country is expected to continue and emergency departments (EDs) remain extremely busy.
An Insurance Startup Bragged It Uses AI to Detect Fraud. It Didn’t Go Well
Lemonade backtracked after suggesting it uses “non-verbal cues” like eye movements to reject claims. Its response raises more questions than answers.
How Myanmar's military moved in on the telecoms sector to spy on citizens
In the months before the Myanmar military’s Feb. 1 coup, the country’s telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens
Chicago PD automated policing program got this man shot twice
Chicago’s predictive policing program told a man he would be involved with a shooting, but it couldn’t determine which side of the gun he would be on. Instead, it made him the victim of a violent crime.
Amazon’s Ring is the largest civilian surveillance network the US has ever seen
One in 10 US police departments can now access videos from millions of privately owned home security cameras without a warrant.
WhatsApp sues Indian government over ‘mass surveillance’ internet laws
WhatsApp has sued the Indian government over new internet laws which the company says will “severely undermine” the privacy of their users.
EDPS: TechDispatch #1/2021 - Facial Emotion Recognition
Facial Emotion Recognition (FER) is the technology that analyses facial expressions from both static images and videos in order to reveal information on one’s emotional state. The complexity of facial expressions, the potential use of the technology in any context, and the involvement of new technologies such as artificial intelligence raise significant privacy risks.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Analysis: Verizon’s 2021 Data Breach Report: Same, Same, but Different
Phishing, ransomware and malware up again in the 2021 Verizon Data Breach Investigation Report, while the data showed that 61% of breaches involved stolen credential data.
ENFORCEMENT
The EDPS opens two investigations following the “Schrems II” Judgement
The EDPS launched two investigations today, one regarding the use of cloud services provided by Amazon Web Services and Microsoft under Cloud II contracts by European Union institutions, bodies and agencies (EUIs) and one regarding the use of Microsoft Office 365 by the European Commission.
South Korea: The First Case Where the Personal Information Protection Act was Applied to an AI System
On April 28th, the South Korean Personal Information Protection Commission (PIPC) imposed sanctions and a fine of EUR 76,000 on ScatterLab, Inc., developer of the chatbot “Iruda,” for eight violations of the Personal Information Protection Act (PIPA).
German competition watchdog probes Google over data use
Germany's competition watchdog has launched a probe into whether Google Germany, Google Ireland and its parent company Alphabet are exploiting their market dominance in the way they handle data, it said today.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB letter to the European Commission on the protection of personal data in the AML-CFT legislative proposals
EDPB letter to the European Commission on the protection of personal data in the AML-CFT legislative proposals.
DPC: ‘Can I talk to the account-holder?’ – Contacting organisations on behalf of someone else
One issue which we come across regularly in the Data Protection Commission (‘DPC’) is dissatisfaction from individuals regarding steps they are being asked to take when they contact an organisation on behalf of someone else.
EDPB adopts opinions on first transnational codes of conduct, Statement on Data Governance Act, Recommendations on the legal basis for the storage of credit card data.
During its plenary session, the EDPB adopted two Art. 64 GDPR opinions on the first draft decisions on transnational Codes of Conduct (Codes) presented to the Board by the Belgian and French supervisory authorities (SAs).
EDPB: Recommendations on the legal basis for the storage of credit card data
Recommendations on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.