Privacy Transformation - Issue 115

PRIVACY

Civil rights ‘in peril’ unless data protection watchdog is reformed, says committee

Civil rights ‘in peril’ unless data protection watchdog is reformed, says committee

The Data Protection Commission (DPC) should adopt a culture of enforcement rather than “emphasising guidance” in its efforts to get businesses and organisations to comply with data privacy regulations, the Joint Oireachtas Committee on Justice has recommended.

[Access Oireachtas Report here]

'Facebook-hating' NZ Privacy Commissioner John Edwards tipped to be UK's privacy tsar

'Facebook-hating' NZ Privacy Commissioner John Edwards tipped to be UK's privacy tsar

New Zealand's front-foot Privacy Commissioner John Edwards has been tipped to fill a top watchdog role in the UK, leading a war on big tech on behalf of No 10.

German court rules on the right to access under the GDPR

German court rules on the right to access under the GDPR

The German Court of Justice (Bundesgerichtshof/BGH) has ruled on the content and scope of the right to access your own personal data under Article 15 of the General Data Protection Regulation (GDPR).

Latest trends in data subject access requests in pending litigation

As individuals become more aware of their rights under data protection law, data subject access requests (DSARs) are an increasingly frequent concern for organisations both large and small.

EDPB adopts Art. 65 decision regarding WhatsApp Ireland

EDPB adopts Art. 65 decision regarding WhatsApp Ireland

During its latest plenary session, the EDPB adopted a dispute resolution decision on the basis of Art. 65 GDPR. The binding decision seeks to address the lack of consensus on certain aspects of a draft decision issued by the Irish (IE) SA as lead supervisory authority (LSA) regarding WhatsApp Ireland Ltd. (WhatsApp IE) and the subsequent objections expressed by a number of concerned supervisory authorities (CSAs).

SECURITY & TECH

Pegasus Project exposes menace of surveillance

Pegasus Project exposes menace of surveillance

Forget China, or the worst excesses of the most sophisticated surveillance agencies such as the US’s Central Intelligence Agency and National Security Agency or the UK’s Government Communications Headquarters. What we’ve learned this week from the collective global investigative journalism initiative called the Pegasus Project is that we have vastly underestimated the breathtakingly invasive scope already available to a surveillance-intent government, agency, or private surveillance client with the money to buy Pegasus spyware from the controversial Israeli software company NSO.

Ireland sees biggest rise in cybersecurity attacks

Ireland sees biggest rise in cybersecurity attacks

Workplace security and compliance specialist CWSI has found that Irish businesses are seeing bigger increases in cybersecurity attacks than their European counterparts.

Why remote working leaves us vulnerable to cyber-attacks

Why remote working leaves us vulnerable to cyber-attacks

Experts warn working from home has led to complacency over security protocols

WhatsApp privacy case must be decided in a month, EU watchdog says

WhatsApp privacy case must be decided in a month, EU watchdog says

EU privacy watchdog EDPB gave the Data Protection Commission a month to issue a long-delayed decision on compliance by Facebook's WhatsApp, siding with national enforcers which had objected to a draft ruling.

Cookies are Back on the Menu and Data Protection Authorities are Taking Enforcement Action

Cookies are Back on the Menu and Data Protection Authorities are Taking Enforcement Action

The French data protection authority, the CNIL has continued to focus on the lawfulness of the use of cookies to collect and process personal data. They have made clear that cookie compliance is one of its enforcement priorities, as well as the security of websites and the security of health data.

How the Alleged Outing of a Catholic Priest Shows the Sorry State of Data Privacy in America

How the Alleged Outing of a Catholic Priest Shows the Sorry State of Data Privacy in America

A newsletter reported a powerful Catholic priest regularly used Grindr. Their source? “Commercially available app signal data.”

More than 5,000 handed criminal convictions in error after IT flaw goes unnoticed

More than 5,000 handed criminal convictions in error after IT flaw goes unnoticed

More than 5,000 defendants were wrongly given criminal convictions thanks to an IT flaw which went unnoticed for six months.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Clubhouse Data Allegedly Hacked, 3.8 Billion Phone Numbers Up For Sale On Darknet

Clubhouse Data Allegedly Hacked, 3.8 Billion Phone Numbers Up For Sale On Darknet

Live voice chatting app Clubhouse has allegedly been hacked, with user data (including 3.8 billion phone numbers) up for sale on darknet.

ENFORCEMENT

Dutch data protection authority fines TikTok €750,000 over privacy flaw

Dutch data protection authority fines TikTok €750,000 over privacy flaw

The authority said #TikTok had failed to explain how the app collects, processes and uses personal data in the Netherlands.

Related: English privacy notice leads to Dutch data protection fine

DPC Audits Leading Political Parties

DPC Audits Leading Political Parties

The three government parties and Sinn Féin have been visited in their offices by the data watchdog as part of its audit of political parties.

€ 2.6M GDPR fine for privacy breaches performed through the algorithm of a food delivery company

€ 2.6M GDPR fine for privacy breaches performed through the algorithm of a food delivery company

The Italian data protection authority issued a € 2.6 million GDPR fine against, Foodinho, the Italian company of the Glovo group, for privacy violations committed through the algorithm of the rider management App.

Mercadona gets €2.5 million fine for installing facial-recognition cameras in their supermarkets in Spain

Mercadona gets €2.5 million fine for installing facial-recognition cameras in their supermarkets in Spain

Mercadona has been fined €2.5 million by Spain's data protection agency over a 'facial recognition' system trial. The aim was to spot supermarket customers that had restraining orders against them for attacker Mercadona staff.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPS: Opinion on the proposal for a Council Regulation on the establishment and operation of an evaluation and monitoring mechanism to verify the application of the Schengen acquis

EDPS Opinion on the proposal for a Council Regulation on the establishment and operation of an evaluation and monitoring mechanism to verify the application of the Schengen acquis. See Press Release.

RESOURCES

DuckDuckGo launches new Email Protection service to remove trackers

DuckDuckGo launches new Email Protection service to remove trackers

DuckDuckGo’s Email Protection will delete trackers from emails before forwarding the messages to your inbox, striking a blow against tracking cookies embedded in email newsletters.

Paper: Dark Patterns and the Legal Requirements of Consent Banners - An Interaction Criticism Perspective

User engagement with data privacy and security through consent banners has become a ubiquitous part of interacting with internet services. While previous work has addressed consent banners from either interaction design, legal, and ethics-focused perspectives, little research addresses the connections among multiple disciplinary approaches, including tensions and opportunities that transcend disciplinary boundaries.

NIST Proposes Approach for Reducing Risk of Bias in Artificial Intelligence

NIST Proposes Approach for Reducing Risk of Bias in Artificial Intelligence

In an effort to counter the often pernicious effect of biases in artificial intelligence (AI) that can damage people’s lives and public trust in AI, the Nati

Automatic Proofs of Differential Privacy

Automatic Proofs of Differential Privacy

Automatic proof tools for differential privacy analyze the program and attempt to build a proof that the program satisfies differential privacy.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.