Privacy Transformation - Issue 110
PRIVACY
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
On June 21, the European Data Protection Board issued its highly anticipated final recommendations on supplementary measures for data transfers. The recommendations outline a process organizations can follow to transfer personal data outside the European Economic Area to ensure compliance with the "Schrems II" judgment. This article provides an early analysis of the EDPB's final recommendations of supplemental measures for personal data transfers.
Note: See Resource section for EDPB Data Transfer Guidance
Survey: Most Irish employers have no vaccination strategy in place
Almost 90pc of Irish businesses have called for guidance on the collection of employee vaccination data as restrictions lift.
Related:
90% of businesses want guidance on worker vaccination data, survey finds
'No clear legal basis' for processing information around employee vaccine status, DPC says
Note: See Resource section for latest DPC guidance on processing vaccination data in the employment context.
CJEU clarifies competence of non-lead supervisory authorities in cross-border GDPR infringements
In its decision of 15 June 2021, the Court of Justice considers that the GDPR authorises, under certain conditions, a non-lead supervisory authority of a Member State to exercise its power to bring any alleged infringement of the GDPR before a court of that State and to initiate or engage in legal proceedings in relation to an instance of cross-border data processing.
SECURITY & TECH
How remote work opened the floodgates to ransomware
Ransomware has roared into the headlines in recent weeks after criminal hacking networks, tentatively linked to Russia, launched attacks on the major US meat packing plant JBS and the nation’s largest fuel pipeline.
Tech Companies Are Training AI to Read Your Lips
First came facial recognition. Now, an early form of lip-reading AI is being deployed in hospitals, power plants, public transportation, and more.
Opinion: How the Next Layer of the Internet is Going to be Standardised
A big change in how the Internet is defined - and who defines it - is underway.
European Data Protection Agency Examining Cloud Services; Data Must Be Sequestered From US Services To Remain GDPR-Compliant
The investigation is scrutinizing major cloud services that are widely used by EU agencies, such as Amazon AWS and Microsoft Azure, to determine if they are GDPR-compliant.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Medicaid Contractor Data Breach Affected 334,000 Providers
Maximus Corp., a global provider of government health data services, says a data breach exposed the personal information of more than 334,000 Medicaid healthcare healthcare providers across the US.
ENFORCEMENT
ICO: Nuisance calls land home improvements company with a £130,000 fine
The Information Commissioner’s Office (ICO) has fined a home improvement company £130,000 for making more than 900,000 nuisance marketing calls.
TikTok confronted with Dutch legal claim of EUR 1.5 billion for violating children's privacy in the Netherlands
TikTok sued for the unlawful processing of their personal data.
CNIL: Fine issued to Brico Privé for marketing and cookie violations
CNIL has issued Brico Privé a fine of €500,000 for marketing and cookie violations. [Note: Only available in French]
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
DPC: Guidance on employer processing of COVID-19 vaccination data
The DPC has published guidance on processing of COVID-19 vaccination data in the context of employment.
DPC: Garda Vetting – Data Protection Considerations
This guidance note provides background information on the type of information that can be included in a vetting disclosure and sets out data protection considerations for organisations carrying out Garda vetting. The note also outlines some of the data protection rights of individuals undergoing vetting.
DPC: Guidance on the Collection of Personal Data Prior to Viewing a Property
This note highlights some of the key issues that arise in the context of estate agents collecting personal data for the purpose of arranging viewings of a property.
EDPB: Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data
Version 2.0 of the EDPBs recommendations on measures that supplement transfer tools to ensure compliance, adopted after public consultation.
EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces
The EDPB and EDPS have adopted a joint opinion on the European Commission’s Proposal for a Regulation laying down harmonised rules on artificial intelligence (AI).
RELATED: EDPB Press Release
EDPS Opinion on the Proposal for a Regulation on Markets in Crypto-assets
EDPS Opinion on the Proposal for a Regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937
RESOURCES
Indicator framework to evaluatethe public health effectiveness ofdigital proximity tracing solutions
The overall objective of this indicator framework is to provide a set of indicators to guide national health authorities in the monitoring and evaluation of their digital proximity tracing solutions.
NOYB: 2020 Annual Report
Includes updates on ongoing projects, financials and plans for 2021.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.