Privacy Transformation - Issue 115
PRIVACY
Civil rights ‘in peril’ unless data protection watchdog is reformed, says committee
The Data Protection Commission (DPC) should adopt a culture of enforcement rather than “emphasising guidance” in its efforts to get businesses and organisations to comply with data privacy regulations, the Joint Oireachtas Committee on Justice has recommended.
[Access Oireachtas Report here]
'Facebook-hating' NZ Privacy Commissioner John Edwards tipped to be UK's privacy tsar
New Zealand's front-foot Privacy Commissioner John Edwards has been tipped to fill a top watchdog role in the UK, leading a war on big tech on behalf of No 10.
German court rules on the right to access under the GDPR
The German Court of Justice (Bundesgerichtshof/BGH) has ruled on the content and scope of the right to access your own personal data under Article 15 of the General Data Protection Regulation (GDPR).
Latest trends in data subject access requests in pending litigation
As individuals become more aware of their rights under data protection law, data subject access requests (DSARs) are an increasingly frequent concern for organisations both large and small.
EDPB adopts Art. 65 decision regarding WhatsApp Ireland
During its latest plenary session, the EDPB adopted a dispute resolution decision on the basis of Art. 65 GDPR. The binding decision seeks to address the lack of consensus on certain aspects of a draft decision issued by the Irish (IE) SA as lead supervisory authority (LSA) regarding WhatsApp Ireland Ltd. (WhatsApp IE) and the subsequent objections expressed by a number of concerned supervisory authorities (CSAs).
SECURITY & TECH
Pegasus Project exposes menace of surveillance
Forget China, or the worst excesses of the most sophisticated surveillance agencies such as the US’s Central Intelligence Agency and National Security Agency or the UK’s Government Communications Headquarters. What we’ve learned this week from the collective global investigative journalism initiative called the Pegasus Project is that we have vastly underestimated the breathtakingly invasive scope already available to a surveillance-intent government, agency, or private surveillance client with the money to buy Pegasus spyware from the controversial Israeli software company NSO.
Ireland sees biggest rise in cybersecurity attacks
Workplace security and compliance specialist CWSI has found that Irish businesses are seeing bigger increases in cybersecurity attacks than their European counterparts.
Why remote working leaves us vulnerable to cyber-attacks
Experts warn working from home has led to complacency over security protocols
WhatsApp privacy case must be decided in a month, EU watchdog says
EU privacy watchdog EDPB gave the Data Protection Commission a month to issue a long-delayed decision on compliance by Facebook's WhatsApp, siding with national enforcers which had objected to a draft ruling.
Cookies are Back on the Menu and Data Protection Authorities are Taking Enforcement Action
The French data protection authority, the CNIL has continued to focus on the lawfulness of the use of cookies to collect and process personal data. They have made clear that cookie compliance is one of its enforcement priorities, as well as the security of websites and the security of health data.
How the Alleged Outing of a Catholic Priest Shows the Sorry State of Data Privacy in America
A newsletter reported a powerful Catholic priest regularly used Grindr. Their source? “Commercially available app signal data.”
More than 5,000 handed criminal convictions in error after IT flaw goes unnoticed
More than 5,000 defendants were wrongly given criminal convictions thanks to an IT flaw which went unnoticed for six months.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Clubhouse Data Allegedly Hacked, 3.8 Billion Phone Numbers Up For Sale On Darknet
Live voice chatting app Clubhouse has allegedly been hacked, with user data (including 3.8 billion phone numbers) up for sale on darknet.
ENFORCEMENT
Dutch data protection authority fines TikTok €750,000 over privacy flaw
The authority said #TikTok had failed to explain how the app collects, processes and uses personal data in the Netherlands.
Related: English privacy notice leads to Dutch data protection fine
DPC Audits Leading Political Parties
The three government parties and Sinn Féin have been visited in their offices by the data watchdog as part of its audit of political parties.
€ 2.6M GDPR fine for privacy breaches performed through the algorithm of a food delivery company
The Italian data protection authority issued a € 2.6 million GDPR fine against, Foodinho, the Italian company of the Glovo group, for privacy violations committed through the algorithm of the rider management App.
Mercadona gets €2.5 million fine for installing facial-recognition cameras in their supermarkets in Spain
Mercadona has been fined €2.5 million by Spain's data protection agency over a 'facial recognition' system trial. The aim was to spot supermarket customers that had restraining orders against them for attacker Mercadona staff.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPS: Opinion on the proposal for a Council Regulation on the establishment and operation of an evaluation and monitoring mechanism to verify the application of the Schengen acquis
EDPS Opinion on the proposal for a Council Regulation on the establishment and operation of an evaluation and monitoring mechanism to verify the application of the Schengen acquis. See Press Release.
RESOURCES
DuckDuckGo launches new Email Protection service to remove trackers
DuckDuckGo’s Email Protection will delete trackers from emails before forwarding the messages to your inbox, striking a blow against tracking cookies embedded in email newsletters.
Paper: Dark Patterns and the Legal Requirements of Consent Banners - An Interaction Criticism Perspective
User engagement with data privacy and security through consent banners has become a ubiquitous part of interacting with internet services. While previous work has addressed consent banners from either interaction design, legal, and ethics-focused perspectives, little research addresses the connections among multiple disciplinary approaches, including tensions and opportunities that transcend disciplinary boundaries.
NIST Proposes Approach for Reducing Risk of Bias in Artificial Intelligence
In an effort to counter the often pernicious effect of biases in artificial intelligence (AI) that can damage people’s lives and public trust in AI, the Nati
Automatic Proofs of Differential Privacy
Automatic proof tools for differential privacy analyze the program and attempt to build a proof that the program satisfies differential privacy.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.