Privacy Transformation - Issue 114

PRIVACY

Austrian activist Schrems' Facebook complaint referred to EU court

Austrian activist Schrems' Facebook complaint referred to EU court

Austria's Supreme Court has questioned the legal basis on which Facebook collects user data and referred key issues for a ruling by Europe's top court, after awarding symbolic damages to activist Max Schrems in his privacy case against the company.

RELATED:

NOYB: Statement by Max Schrems on the "Schrems II" Anniversary

Concerns over transparency around horse racing chief’s salary

Concerns over transparency around horse racing chief’s salary

Concerns have been raised over the lack of transparency around the salary paid to the chief executive of the Irish Horseracing Regulatory Board (IHRB).

Opinion: From 1984 to Miss Minutes - the surveillance state is watching you, and there is little or nothing at law you can do about it

Opinion: From 1984 to Miss Minutes - the surveillance state is watching you, and there is little or nothing at law you can do about it

One of the many pities about Nineteen Eighty-Four being too familiar a book is that one can overlook the care with the author of the story constructs the world of an intrusive surveillance state.

SECURITY & TECH

Leak uncovers global abuse of cyber-surveillance weapon

Leak uncovers global abuse of cyber-surveillance weapon

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests.

RELATED:

Private Israeli spyware used to hack cellphones of journalists, activists worldwide

Pegasus: Spyware sold to governments 'targets activists'

Takeaways from the Pegasus Project

Investigation sought on GDPR compliance of Covid app

Investigation sought on GDPR compliance of Covid app

The Irish Council for Civil Liberties and Digital Rights Ireland have written to the Data Protection Commission, seeking an investigation into the use of the Covid-19 Tracker App to store a person's EU Digital Covid Certificate.

Defence Forces deployed 'ethical hackers' to fight back against massive HSE cyber attack

Defence Forces deployed 'ethical hackers' to fight back against massive HSE cyber attack

The CIS Corps deployed experts trained to think like cyber criminals to tackle the threat.

Should we trust big tech with our health data?

Should we trust big tech with our health data?

Our medical records are in demand by tech firms who want to use the data to help tackle illnesses.

Amazon wants to use radar so Alexa can watch as you sleep

Amazon wants to use radar so Alexa can watch as you sleep

Amazon has received approval to develop devices that will use radar sensors to monitor your sleep.

We tested AI interview tools. Here’s what we found.

We tested AI interview tools. Here’s what we found.

After more than a year of the covid-19 pandemic, millions of people are searching for employment in the United States. AI-powered interview software claims to help employers sift through applications to find the best people for the job. Companies specialising in this technology reported a surge in business during the pandemic.

Analysis: Encryption in the UK Online Safety Bill

Analysis: Encryption in the UK Online Safety Bill

Let’s look at how the Online Safety Bill brings the contents of your private communications into scope for scanning, monitoring, and censorship.

Facebook’s controversial use of WhatsApp customer data faces fresh scrutiny

Facebook’s controversial use of WhatsApp customer data faces fresh scrutiny

Facebook’s controversial use of WhatsApp customer data is set to undergo further scrutiny by the Data Protection Commission after EU regulators raised doubts about the social media giant’s updated policy.

Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks

Mircrosoft hack: U.S., allies accuse China of Exchange breach and condoning other cyberattacks

The condemnation stops short of punishing the country for its alleged actions, exposing the challenge of an alliance with deep business ties to China trying to confront the world’s second-largest economy.

Clearview AI raises $30 million from investors despite legal troubles

The facial-recognition start-up closed a Series B financing round. It faces multiple lawsuits challenging its business model.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

ICO confirms investigation of data breach converning CCTV footage at Department of Health and Social Care

EMCOR Group (UK) plc, which provides facilities management and CCTV services for the Department of Health and Social Care (DHSC), has submitted a breach report as a processor of personal data, alleging images were taken from the DHSC CCTV system without consent from either EMCOR Group (UK) plc or the DHSC.

ENFORCEMENT

Italian DPA: Transmission of treatment reports to family doctors contrary to the patients' will

Italian DPA: Transmission of treatment reports to family doctors contrary to the patients' will

In two separate enforcement notices, the Italian DPA issued fines amounting to 120,000 EUR and 150,000 EUR respectively to healthcare organisations who released treatment reports in full to family doctors where patients had expressed their wish for certain information to be redacted in any such releases.

Fine notices can be found here and here (in Italian).

Danish DPA: Fine for unauthorised access to childrens healthcare records

Danish DPA: Fine for unauthorised access to childrens healthcare records

The Region of Southern Denmark had for a period of more than 1.5 years had a database for research and clinical purposes, where the region had not sufficiently secured itself against unauthorized access to PDF documents in the database by simply changing a URL resulting in the records of 30,000 children being accessible. The Danish DPA issued a fine of 67,227 EUR due to non-compliance with Article 32 of the GDPR.

[Note: Fine notice is in Danish]

First Administrative Fines Imposed By The Luxembourg Data Protection Supervisory Authority

First Administrative Fines Imposed By The Luxembourg Data Protection Supervisory Authority

The Luxembourg National Data Protection Commission (CNPD) has published 18 decisions:

  • in nine decisions, the CNPD found that controllers (Luxembourg-based companies) did not breach any of the provisions of the GDPR and decided therefore to close the ongoing investigation;
  • in six decisions, the CNPD issued a formal warning or an injunction to comply to companies due to breaches of the GDPR (sometimes associated with a fine);
  • finally, in six cases, the CNPD decided to impose administrative fines on the entities concerned due to more significant violations of the GDPR.
Amazon Avoids Further Fines as French Data Watchdog Closes Case

Amazon Avoids Further Fines as French Data Watchdog Closes Case

French data protection watchdog CNIL closed an injunction procedure against Amazon.com after the company met a three-month ultimatum to provide changes to the way it manages cookies.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

DPC Case Studies

DPC Case Studies

The DPC has published a list of case studies, which have not been featured in the DPC's Annual Reports.

ICO: Toolkit launched to help organisations using AI to process personal data in compliance with data protection requirements

ICO: Toolkit launched to help organisations using AI to process personal data in compliance with data protection requirements

The ICO has introduced a new beta version of their AI and Data Protection Risk Toolkit, explaining how it can assist in ensuring that organisations using AI to process personal data do so in line with the law.

Phishing Report Q2 2021: Microsoft Continues Reign

Phishing Report Q2 2021: Microsoft Continues Reign

Check Point Research issues Q2 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up personal data.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.