Privacy Transformation - Issue 108
PRIVACY
The European Commission issues Schrems II-proof Standard Contractual Clauses to allow global dataflows
Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCC) aimed at enabling lawful transfers of personal data to non-EU countries. The SCC take into consideration the feedback received
See Resources Section for updated SCCs
Data Protection Commissioner raised repeated concerns with Mother and Baby Home Commission
The Data Protection Commissioner (DPC) wrote repeatedly to the Mother and Baby Home Commission raising concerns about the handling of sensitive survivor testimony and delays in responding to queries.
Four Irish parties to be questioned over election data use
The Republic of Ireland's Data Protection Commissioner has contacted four political parties over their use of data during elections. Helen Dixon is carrying out an audit on how Sinn Féin, Fianna Fáil, Fine Gael and the Green Party process data concerning electors and voters.
EU Commission starts legal action against Belgium over privacy watchdog
The European Commission has launched the first step of legal action against Belgium for failing to ensure the independence of its privacy watchdog in breach of EU privacy rules.
Opinion: NOYB goes to war on the cookie banner terror
On 31 May 2020, Max Schrems' organisation, NOYB, launched a new campaign aimed at ending what they dramatically refer to as the “cookie banner terror." The campaign was spearheaded by sending over 560 draft complaints to companies who, in their view, use “unlawful” cookie banners.
SECURITY & TECH
HSE may have to replace 30,000 laptops as a result of cyber attack
HSE officials said 33% of servers have now been decrypted and 58% of end user devices are now connected.
iOS15: Apple continues privacy war with app tracker reports
The tech giant will now provide updates showing when apps access a device's microphone and photos.
What We Can Learn from Recent High Profile Cyber Attacks?
What actions should organisations take to improve their security amid rising and more sophisticated threats?
RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries
The 100GB archive posted on a hacker forum contains 8.4 billion entries of passwords combined from multiple previous data leaks and breaches.
GDPR-Compliant Blockchain: Personal Data Privacy in Blockchain
A permissioned blockchain like Hyperledger Fabric network provides more control over data to participants than public blockchain and data subjects have more command over their personal data.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Apache Pizza announce data breach associated with details of delivery customers
The Data Protection Commission has been notified of the breach and Apache Pizza said they will contact gardaí.
ENFORCEMENT
Dutch DPA: Fine imposed for not having a EU Representative
Under the GDPR, controllers or processors not established in the European Union are required to appoint a representative in the EU when they process personal data within the scope of the GDPR. The Dutch Data Protection Authority has announced its decision to fine Locatefamily.com €525,000 for not having such as representative.
UK: Conservative Party fined £10,000 for sending unlawful emails
The Information Commissioner’s Office (ICO) has fined the Conservative Party £10,000 for sending 51 marketing emails to people who did not want to receive them.
Dutch parents sue TikTok for €1.4 billion
A Dutch parents group claims that TikTok is putting children at risk with its content and is collecting too much data. They claim the Chinese smartphone app is in breach of EU law.
UK ICO fines three companies for nuisance marketing
The Information Commissioner’s Office (ICO) has fined three separate companies a total of £415,000 for sending nuisance marketing to people about car finance, solar panels and funeral plans.
Amazon Faces Possible $425 Million EU Privacy Fine
Luxembourg has circulated a draft decision sanctioning Amazon’s privacy practices and proposing the fine among the bloc’s 26 other national authorities.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
DPC: The Legislative Consultative Process
Under the General Data Protection Regulation and the Data Protection Act 2018, the Government is required to consult with the Data Protection Commission during the preparation of a legislative measure that relates to processing. This guidance document sets out the legislative consultation process.
RESOURCES
Standard contractual clauses for controllers and processors in the EU/EEA
New Data Protection Contractual Clauses based on Art 28 GDPR and Art 29 Regulation 2018/1725
EDPB Annual Report 2020: Ensuring data protection rights in a changing world
The European Data Protection Board has presented its Annual Report 2020. The report provides a detailed overview of the work carried out by the EDPB in a year marked by the worldwide pandemic.
EDPS Case Law Digest:Transfers of personal data to third countries
This resources aims to clarify the structure of the analysis carried out by the CJEU in judgments concerning the transfer of personal data to third countries, highlighting the logic/steps followed and the jurisprudential acquis in relevant case law.
Report: Human Rights in a Pandemic
Irish Council for Civil Liberties Report: A human rights analysis of the Irish Government's response to COVID-19.