Privacy Transformation - Issue 114
PRIVACY
Austrian activist Schrems' Facebook complaint referred to EU court
Austria's Supreme Court has questioned the legal basis on which Facebook collects user data and referred key issues for a ruling by Europe's top court, after awarding symbolic damages to activist Max Schrems in his privacy case against the company.
RELATED:
NOYB: Statement by Max Schrems on the "Schrems II" Anniversary
Concerns over transparency around horse racing chief’s salary
Concerns have been raised over the lack of transparency around the salary paid to the chief executive of the Irish Horseracing Regulatory Board (IHRB).
Opinion: From 1984 to Miss Minutes - the surveillance state is watching you, and there is little or nothing at law you can do about it
One of the many pities about Nineteen Eighty-Four being too familiar a book is that one can overlook the care with the author of the story constructs the world of an intrusive surveillance state.
SECURITY & TECH
Leak uncovers global abuse of cyber-surveillance weapon
Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests.
RELATED:
Private Israeli spyware used to hack cellphones of journalists, activists worldwide
Pegasus: Spyware sold to governments 'targets activists'
Takeaways from the Pegasus Project
Investigation sought on GDPR compliance of Covid app
The Irish Council for Civil Liberties and Digital Rights Ireland have written to the Data Protection Commission, seeking an investigation into the use of the Covid-19 Tracker App to store a person's EU Digital Covid Certificate.
Defence Forces deployed 'ethical hackers' to fight back against massive HSE cyber attack
The CIS Corps deployed experts trained to think like cyber criminals to tackle the threat.
Should we trust big tech with our health data?
Our medical records are in demand by tech firms who want to use the data to help tackle illnesses.
Amazon wants to use radar so Alexa can watch as you sleep
Amazon has received approval to develop devices that will use radar sensors to monitor your sleep.
We tested AI interview tools. Here’s what we found.
After more than a year of the covid-19 pandemic, millions of people are searching for employment in the United States. AI-powered interview software claims to help employers sift through applications to find the best people for the job. Companies specialising in this technology reported a surge in business during the pandemic.
Analysis: Encryption in the UK Online Safety Bill
Let’s look at how the Online Safety Bill brings the contents of your private communications into scope for scanning, monitoring, and censorship.
Facebook’s controversial use of WhatsApp customer data faces fresh scrutiny
Facebook’s controversial use of WhatsApp customer data is set to undergo further scrutiny by the Data Protection Commission after EU regulators raised doubts about the social media giant’s updated policy.
Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks
The condemnation stops short of punishing the country for its alleged actions, exposing the challenge of an alliance with deep business ties to China trying to confront the world’s second-largest economy.
Clearview AI raises $30 million from investors despite legal troubles
The facial-recognition start-up closed a Series B financing round. It faces multiple lawsuits challenging its business model.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
ICO confirms investigation of data breach converning CCTV footage at Department of Health and Social Care
EMCOR Group (UK) plc, which provides facilities management and CCTV services for the Department of Health and Social Care (DHSC), has submitted a breach report as a processor of personal data, alleging images were taken from the DHSC CCTV system without consent from either EMCOR Group (UK) plc or the DHSC.
ENFORCEMENT
Italian DPA: Transmission of treatment reports to family doctors contrary to the patients' will
In two separate enforcement notices, the Italian DPA issued fines amounting to 120,000 EUR and 150,000 EUR respectively to healthcare organisations who released treatment reports in full to family doctors where patients had expressed their wish for certain information to be redacted in any such releases.
Fine notices can be found here and here (in Italian).
Danish DPA: Fine for unauthorised access to childrens healthcare records
The Region of Southern Denmark had for a period of more than 1.5 years had a database for research and clinical purposes, where the region had not sufficiently secured itself against unauthorized access to PDF documents in the database by simply changing a URL resulting in the records of 30,000 children being accessible. The Danish DPA issued a fine of 67,227 EUR due to non-compliance with Article 32 of the GDPR.
[Note: Fine notice is in Danish]
First Administrative Fines Imposed By The Luxembourg Data Protection Supervisory Authority
The Luxembourg National Data Protection Commission (CNPD) has published 18 decisions:
- in nine decisions, the CNPD found that controllers (Luxembourg-based companies) did not breach any of the provisions of the GDPR and decided therefore to close the ongoing investigation;
- in six decisions, the CNPD issued a formal warning or an injunction to comply to companies due to breaches of the GDPR (sometimes associated with a fine);
- finally, in six cases, the CNPD decided to impose administrative fines on the entities concerned due to more significant violations of the GDPR.
Amazon Avoids Further Fines as French Data Watchdog Closes Case
French data protection watchdog CNIL closed an injunction procedure against Amazon.com after the company met a three-month ultimatum to provide changes to the way it manages cookies.
More on the latest GDPR enforcement news can be found on:
RESOURCES
DPC Case Studies
The DPC has published a list of case studies, which have not been featured in the DPC's Annual Reports.
ICO: Toolkit launched to help organisations using AI to process personal data in compliance with data protection requirements
The ICO has introduced a new beta version of their AI and Data Protection Risk Toolkit, explaining how it can assist in ensuring that organisations using AI to process personal data do so in line with the law.
Phishing Report Q2 2021: Microsoft Continues Reign
Check Point Research issues Q2 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up personal data.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.