Privacy Transformation - Issue 110

PRIVACY

EDPB’s data transfer recommendations adopt a risk-based approach with teeth

EDPB’s data transfer recommendations adopt a risk-based approach with teeth

On June 21, the European Data Protection Board issued its highly anticipated final recommendations on supplementary measures for data transfers. The recommendations outline a process organizations can follow to transfer personal data outside the European Economic Area to ensure compliance with the "Schrems II" judgment. This article provides an early analysis of the EDPB's final recommendations of supplemental measures for personal data transfers.

Note: See Resource section for EDPB Data Transfer Guidance

Survey: Most Irish employers have no vaccination strategy in place

Survey: Most Irish employers have no vaccination strategy in place

Almost 90pc of Irish businesses have called for guidance on the collection of employee vaccination data as restrictions lift.

Related:

90% of businesses want guidance on worker vaccination data, survey finds

'No clear legal basis' for processing information around employee vaccine status, DPC says

Note: See Resource section for latest DPC guidance on processing vaccination data in the employment context.

CJEU clarifies competence of non-lead supervisory authorities in cross-border GDPR infringements

CJEU clarifies competence of non-lead supervisory authorities in cross-border GDPR infringements

In its decision of 15 June 2021, the Court of Justice considers that the GDPR authorises, under certain conditions, a non-lead supervisory authority of a Member State to exercise its power to bring any alleged infringement of the GDPR before a court of that State and to initiate or engage in legal proceedings in relation to an instance of cross-border data processing.

SECURITY & TECH

How remote work opened the floodgates to ransomware

Ransomware has roared into the headlines in recent weeks after criminal hacking networks, tentatively linked to Russia, launched attacks on the major US meat packing plant JBS and the nation’s largest fuel pipeline.

Tech Companies Are Training AI to Read Your Lips

Tech Companies Are Training AI to Read Your Lips

First came facial recognition. Now, an early form of lip-reading AI is being deployed in hospitals, power plants, public transportation, and more.

Opinion: How the Next Layer of the Internet is Going to be Standardised

Opinion: How the Next Layer of the Internet is Going to be Standardised

A big change in how the Internet is defined - and who defines it - is underway.

European Data Protection Agency Examining Cloud Services; Data Must Be Sequestered From US Services To Remain GDPR-Compliant

European Data Protection Agency Examining Cloud Services; Data Must Be Sequestered From US Services To Remain GDPR-Compliant

The investigation is scrutinizing major cloud services that are widely used by EU agencies, such as Amazon AWS and Microsoft Azure, to determine if they are GDPR-compliant.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Medicaid Contractor Data Breach Affected 334,000 Providers

Medicaid Contractor Data Breach Affected 334,000 Providers

Maximus Corp., a global provider of government health data services, says a data breach exposed the personal information of more than 334,000 Medicaid healthcare healthcare providers across the US.

ENFORCEMENT

ICO: Nuisance calls land home improvements company with a £130,000 fine

ICO: Nuisance calls land home improvements company with a £130,000 fine

The Information Commissioner’s Office (ICO) has fined a home improvement company £130,000 for making more than 900,000 nuisance marketing calls.

TikTok sued for the unlawful processing of their personal data.

CNIL has issued Brico Privé a fine of €500,000 for marketing and cookie violations. [Note: Only available in French]

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

DPC: Guidance on employer processing of COVID-19 vaccination data

The DPC has published guidance on processing of COVID-19 vaccination data in the context of employment.

DPC: Garda Vetting – Data Protection Considerations

DPC: Garda Vetting – Data Protection Considerations

This guidance note provides background information on the type of information that can be included in a vetting disclosure and sets out data protection considerations for organisations carrying out Garda vetting. The note also outlines some of the data protection rights of individuals undergoing vetting.

DPC: Guidance on the Collection of Personal Data Prior to Viewing a Property

DPC: Guidance on the Collection of Personal Data Prior to Viewing a Property

This note highlights some of the key issues that arise in the context of estate agents collecting personal data for the purpose of arranging viewings of a property.

EDPB: Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

Version 2.0 of the EDPBs recommendations on measures that supplement transfer tools to ensure compliance, adopted after public consultation.

EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces

EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces

The EDPB and EDPS have adopted a joint opinion on the European Commission’s Proposal for a Regulation laying down harmonised rules on artificial intelligence (AI).

RELATED: EDPB Press Release

EDPS Opinion on the Proposal for a Regulation on Markets in Crypto-assets

EDPS Opinion on the Proposal for a Regulation on Markets in Crypto-assets

EDPS Opinion on the Proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937

RESOURCES

Indicator framework to evaluatethe public health effectiveness ofdigital proximity tracing solutions

Indicator framework to evaluatethe public health effectiveness ofdigital proximity tracing solutions

The overall objective of this indicator framework is to provide a set of indicators to guide national health authorities in the monitoring and evaluation of their digital proximity tracing solutions.

NOYB: 2020 Annual Report

NOYB: 2020 Annual Report

Includes updates on ongoing projects, financials and plans for 2021.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.