Privacy Transformation - Issue 117

PRIVACY

Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life

Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life

Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system.

RELATED:

Apple reveals new efforts to fight child abuse imagery

WhatsApp head criticises Apple’s plan to scan photos for child abuse: ‘Setback for people’s privacy’

Considering the new Standard Contractual Clauses under the GDPR

Considering the new Standard Contractual Clauses under the GDPR

The European Commission issued two new sets of Standard Contractual Clauses: one for processing personal information between data controllers and data processors who are subject to the GDPR, and one for the transfer of personal information outside of the European Union.

[See Resources Section for new SCC resources]

ICO consults on how organisations can continue to protect people’s personal data when it’s transferred outside of the UK

ICO consults on how organisations can continue to protect people’s personal data when it’s transferred outside of the UK

The Information Commissioner’s Office has launched a public consultation on its draft international data transfer agreement (IDTA) and guidance.

SECURITY & TECH

Google restricts ad targeting of under-18s

Google restricts ad targeting of under-18s

Google announced it is blocking targeted advertising for anyone under 18 years old. The technology company is also turning off its "location history" for young users and is introducing a policy for users to request the removal of children's images from Google Image search results.

Opinion: Considering EU's draft AI regulation

Opinion: Considering EU's draft AI regulation

Hogan Lovells has submitted its response to the European Commission’s public consultation on its proposed AI Regulation. Their view is that the Draft Regulation is an ambitious and comprehensive framework.

Hundreds of AI tools have been built to catch Covid. None of them helped.

Hundreds of AI tools have been built to catch Covid. None of them helped.

Some have been used in hospitals, despite not being properly tested. But Covid could help make AI better.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

ENFORCEMENT

Amazon's Massive GDPR Fine Shows the Law's Power

Amazon's Massive GDPR Fine Shows the Law's Power

It's the first significant GDPR ruling against Big Tech. But secrecy around the decision exposes the regulation’s flaws.

NOYB files 422 formal GDPR complaints on “Cookie Banners”

NOYB files 422 formal GDPR complaints on “Cookie Banners”

NOYB has filed over 422 regarding "cookie banners" with ten European Data Protection Authorities.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPS: Return to the Workplace and EUIs’ screening of COVID immunity or infection status

Read the EDPS Guidance on Return to the Workplace and EUIs’ screening of COVID immunity or infection status.

RESOURCES

SCC Toolkit: EU Standard Contractual Clauses - Scenario Documents

SCC Toolkit: EU Standard Contractual Clauses - Scenario Documents

The IAPP’s Research Team has created four separate Word documents, one for each SCC transfer scenario accommodated by the new SCCs, incorporating only the modules relevant to that scenario into each document.

Data Protection Impact Assessment: Google Workspace

In May the Dutch Data Protection Authority instructed schools to stop using Google Workspace unless several identified issues were addressed. These issues (i.e. privacy risks to children) were identified in a DPIA conducted at the behest of the Dutch government. An updated DPIA from indicates how Google plans to address these issues.

EDPB Report: DPA resourcing, enforcement actions

Following a request from the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, the European Data Protection Board published an overview of 2021 funding for EU data protection authorities by member states and enforcement actions carried out by DPAs.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.