Privacy Transformation - Issue 108

PRIVACY

The European Commission issues Schrems II-proof Standard Contractual Clauses to allow global dataflows

The European Commission issues Schrems II-proof Standard Contractual Clauses to allow global dataflows

Following the coming into effect of the GDPR three years ago and in light of last year’s Schrems II decision, the European Commission has adopted a new set of Standard Contractual Clauses (SCC) aimed at enabling lawful transfers of personal data to non-EU countries. The SCC take into consideration the feedback received

See Resources Section for updated SCCs

Data Protection Commissioner raised repeated concerns with Mother and Baby Home Commission

Data Protection Commissioner raised repeated concerns with Mother and Baby Home Commission

The Data Protection Commissioner (DPC) wrote repeatedly to the Mother and Baby Home Commission raising concerns about the handling of sensitive survivor testimony and delays in responding to queries.

Four Irish parties to be questioned over election data use

Four Irish parties to be questioned over election data use

The Republic of Ireland's Data Protection Commissioner has contacted four political parties over their use of data during elections. Helen Dixon is carrying out an audit on how Sinn Féin, Fianna Fáil, Fine Gael and the Green Party process data concerning electors and voters.

EU Commission starts legal action against Belgium over privacy watchdog

The European Commission has launched the first step of legal action against Belgium for failing to ensure the independence of its privacy watchdog in breach of EU privacy rules.

Opinion: NOYB goes to war on the cookie banner terror

On 31 May 2020, Max Schrems' organisation, NOYB, launched a new campaign aimed at ending what they dramatically refer to as the “cookie banner terror." The campaign was spearheaded by sending over 560 draft complaints to companies who, in their view, use “unlawful” cookie banners.

SECURITY & TECH

HSE may have to replace 30,000 laptops as a result of cyber attack

HSE may have to replace 30,000 laptops as a result of cyber attack

HSE officials said 33% of servers have now been decrypted and 58% of end user devices are now connected.

iOS15: Apple continues privacy war with app tracker reports

iOS15: Apple continues privacy war with app tracker reports

The tech giant will now provide updates showing when apps access a device's microphone and photos.

What We Can Learn from Recent High Profile Cyber Attacks?

What We Can Learn from Recent High Profile Cyber Attacks?

What actions should organisations take to improve their security amid rising and more sophisticated threats?

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

The 100GB archive posted on a hacker forum contains 8.4 billion entries of passwords combined from multiple previous data leaks and breaches.

GDPR-Compliant Blockchain: Personal Data Privacy in Blockchain

GDPR-Compliant Blockchain: Personal Data Privacy in Blockchain

A permissioned blockchain like Hyperledger Fabric network provides more control over data to participants than public blockchain and data subjects have more command over their personal data.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Apache Pizza announce data breach associated with details of delivery customers

Apache Pizza announce data breach associated with details of delivery customers

The Data Protection Commission has been notified of the breach and Apache Pizza said they will contact gardaí.

ENFORCEMENT

Dutch DPA: Fine imposed for not having a EU Representative

Dutch DPA: Fine imposed for not having a EU Representative

Under the GDPR, controllers or processors not established in the European Union are required to appoint a representative in the EU when they process personal data within the scope of the GDPR.  The Dutch Data Protection Authority has announced its decision to fine Locatefamily.com €525,000 for not having such as representative.

UK: Conservative Party fined £10,000 for sending unlawful emails

UK: Conservative Party fined £10,000 for sending unlawful emails

The Information Commissioner’s Office (ICO) has fined the Conservative Party £10,000 for sending 51 marketing emails to people who did not want to receive them.

Dutch parents sue TikTok for €1.4 billion

Dutch parents sue TikTok for €1.4 billion

A Dutch parents group claims that TikTok is putting children at risk with its content and is collecting too much data. They claim the Chinese smartphone app is in breach of EU law.

UK ICO fines three companies for nuisance marketing

UK ICO fines three companies  for nuisance marketing

The Information Commissioner’s Office (ICO) has fined three separate companies a total of £415,000 for sending nuisance marketing to people about car finance, solar panels and funeral plans.

Amazon Faces Possible $425 Million EU Privacy Fine

Amazon Faces Possible $425 Million EU Privacy Fine

Luxembourg has circulated a draft decision sanctioning Amazon’s privacy practices and proposing the fine among the bloc’s 26 other national authorities.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

DPC: The Legislative Consultative Process

DPC: The Legislative Consultative Process

Under the General Data Protection Regulation and the Data Protection Act 2018, the Government is required to consult with the Data Protection Commission during the preparation of a legislative measure that relates to processing. This guidance document sets out the legislative consultation process.

RESOURCES

Standard contractual clauses for controllers and processors in the EU/EEA

Standard contractual clauses for controllers and processors in the EU/EEA

New Data Protection Contractual Clauses based on Art 28 GDPR and Art 29 Regulation 2018/1725

EDPB Annual Report 2020: Ensuring data protection rights in a changing world

EDPB Annual Report 2020: Ensuring data protection rights in a changing world

The European Data Protection Board has presented its Annual Report 2020. The report provides a detailed overview of the work carried out by the EDPB in a year marked by the worldwide pandemic.

[Access Annual Report Here]

EDPS Case Law Digest:Transfers of personal data to third countries

This resources aims to clarify the structure of the analysis carried out by the CJEU in judgments concerning the transfer of personal data to third countries, highlighting the logic/steps followed and the jurisprudential acquis in relevant case law.

Report: Human Rights in a Pandemic

Report: Human Rights in a Pandemic

Irish Council for Civil Liberties Report: A human rights analysis of the Irish Government's response to COVID-19.