Privacy Transformation - Issue 112

PRIVACY

Data rights group concerned as CSO collects Covid information

Data rights group concerned as CSO collects Covid information

Digital Rights Ireland has expressed reservations about the CSO allegedly “not being open and transparent about its dealings with medical data”.

German Data Protection Commissioner Tells Country's Government Organizations To Shut Down Their Facebook Pages

German Data Protection Commissioner Tells Country's Government Organizations To Shut Down Their Facebook Pages

Germany's data protection commissioner tells German government organizations to shut down their official Facebook Pages by January 2022 or face potential enforcement action.

HSE breached GDPR with circular about vaccination status, says expert

HSE breached GDPR with circular about vaccination status, says expert

An employment law expert has warned that the HSE breached data protection laws when it issued communications through a circular to determine the vaccination status of staff.

ICO launches investigation into the use of private correspondence channels at the Department of Health and Social Care

ICO launches investigation into the use of private correspondence channels at the Department of Health and Social Care

The ICO has launched a formal investigation into the use of private correspondence channels at the Department for Health and Social Care. The investigation will establish if private correspondence channels have been used and if their use led to breaches of freedom of information or data protection law.

SECURITY & TECH

US companies hit by 'colossal' cyber-attack

US companies hit by 'colossal' cyber-attack

About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm. Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.

Microsoft tells US lawmakers cloud has changed the game on data privacy, gets 10 info demands a day from law enforcement

Microsoft tells US lawmakers cloud has changed the game on data privacy, gets 10 info demands a day from law enforcement

The US House Committee on the Judiciary met on Wednesday to hear testimony on the government's practice of secretly subpoenaing cloud service providers, and Microsoft was happy to oblige.

Game Over: Chinese Company Deploys Facial Recognition to Limit Teenagers

Game Over: Chinese Company Deploys Facial Recognition to Limit Teenagers

Tencent Games says it has been using facial recognition to enforce China’s rules on how much time people under 18 can spend playing video games.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

British Airways agrees to pay victims of record-breaking data breach

British Airways agrees to pay victims of record-breaking data breach

British Airways (BA) has reached an out-of-court settlement with the victims of a data breach that exposed personal data belonging to more than 420,000 customers.

Thousands of patients hit by NHS data breaches

Thousands of patients hit by NHS data breaches

The private data of thousands of NHS Patients has been wrongly shared with strangers, including a case where a person’s HIV status was released.

ENFORCEMENT

Italy’s DPA fines Glovo-owned Foodinho $3M, orders changes to algorithmic management of riders

Italy’s DPA fines Glovo-owned Foodinho $3M, orders changes to algorithmic management of riders

Algorithmic management of gig workers has landed Glovo-owned, on-demand delivery firm Foodinho in trouble in Italy where the country’s data protection authority issued a €2.6 million penalty after an investigation found a laundry list of problems.

Lithuanian DPA: Fine Imposed on a Sports Club for Infringements of the GDPR in Processing of Fingerprints of the Customers and Employees

Lithuanian DPA: Fine Imposed on a Sports Club for Infringements of the GDPR in Processing of Fingerprints of the Customers and Employees

The State Data Protection Inspectorate (SDPI) has carried out an investigation into processing of biometric personal data in a sports club and imposed a fine in the amount of EUR 20,000 on VS FITNESS UAB for the identified infringements of the General Data Protection Regulation (GDPR).

ICO fines transgender charity for data protection breach exposing sensitive personal data

ICO fines transgender charity for data protection breach exposing sensitive personal data

The UK's Information Commissioner’s Office has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.

AEPD (Spain) Ordered a processor to answer an erasure request from a data subject

AEPD (Spain) Ordered a processor to answer an erasure request from a data subject

The Spanish DPA ordered a processor (Amazon Web Services) to answer an erasure request from a data subject that had not been completed by the controller (a news website).

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB Adopts Guidelines

EDPB Adopts Guidelines

The EDPB has adopted guidelines on Codes of Conduct as a tool for transfers, final versions of the Guidelines on Virtual Voice Assistants & Guidelines on the concepts of Controller & Processor.

RESOURCES

UK ICO 2021-2021 Annual Report

The UK ICO has published its 2021-2021 Annual Report. Information Commissioner Elizabeth Denham has said that the ICO's response to the challenges of the past year produced "what I believe is this office’s most significant body of work."

Information Rights Strategic Plan: Trust and Confidence

The ICO has released a research paper assessing the levels of awareness experienced by individuals of their information rights.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note