Privacy Transformation - Issue 112
PRIVACY
Data rights group concerned as CSO collects Covid information
Digital Rights Ireland has expressed reservations about the CSO allegedly “not being open and transparent about its dealings with medical data”.
German Data Protection Commissioner Tells Country's Government Organizations To Shut Down Their Facebook Pages
Germany's data protection commissioner tells German government organizations to shut down their official Facebook Pages by January 2022 or face potential enforcement action.
HSE breached GDPR with circular about vaccination status, says expert
An employment law expert has warned that the HSE breached data protection laws when it issued communications through a circular to determine the vaccination status of staff.
ICO launches investigation into the use of private correspondence channels at the Department of Health and Social Care
The ICO has launched a formal investigation into the use of private correspondence channels at the Department for Health and Social Care. The investigation will establish if private correspondence channels have been used and if their use led to breaches of freedom of information or data protection law.
SECURITY & TECH
US companies hit by 'colossal' cyber-attack
About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm. Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
Microsoft tells US lawmakers cloud has changed the game on data privacy, gets 10 info demands a day from law enforcement
The US House Committee on the Judiciary met on Wednesday to hear testimony on the government's practice of secretly subpoenaing cloud service providers, and Microsoft was happy to oblige.
Game Over: Chinese Company Deploys Facial Recognition to Limit Teenagers
Tencent Games says it has been using facial recognition to enforce China’s rules on how much time people under 18 can spend playing video games.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
British Airways agrees to pay victims of record-breaking data breach
British Airways (BA) has reached an out-of-court settlement with the victims of a data breach that exposed personal data belonging to more than 420,000 customers.
Thousands of patients hit by NHS data breaches
The private data of thousands of NHS Patients has been wrongly shared with strangers, including a case where a person’s HIV status was released.
ENFORCEMENT
Italy’s DPA fines Glovo-owned Foodinho $3M, orders changes to algorithmic management of riders
Algorithmic management of gig workers has landed Glovo-owned, on-demand delivery firm Foodinho in trouble in Italy where the country’s data protection authority issued a €2.6 million penalty after an investigation found a laundry list of problems.
Lithuanian DPA: Fine Imposed on a Sports Club for Infringements of the GDPR in Processing of Fingerprints of the Customers and Employees
The State Data Protection Inspectorate (SDPI) has carried out an investigation into processing of biometric personal data in a sports club and imposed a fine in the amount of EUR 20,000 on VS FITNESS UAB for the identified infringements of the General Data Protection Regulation (GDPR).
ICO fines transgender charity for data protection breach exposing sensitive personal data
The UK's Information Commissioner’s Office has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.
AEPD (Spain) Ordered a processor to answer an erasure request from a data subject
The Spanish DPA ordered a processor (Amazon Web Services) to answer an erasure request from a data subject that had not been completed by the controller (a news website).
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB Adopts Guidelines
The EDPB has adopted guidelines on Codes of Conduct as a tool for transfers, final versions of the Guidelines on Virtual Voice Assistants & Guidelines on the concepts of Controller & Processor.
RESOURCES
UK ICO 2021-2021 Annual Report
The UK ICO has published its 2021-2021 Annual Report. Information Commissioner Elizabeth Denham has said that the ICO's response to the challenges of the past year produced "what I believe is this office’s most significant body of work."
Information Rights Strategic Plan: Trust and Confidence
The ICO has released a research paper assessing the levels of awareness experienced by individuals of their information rights.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note