Privacy Transformation - Issue 120
PRIVACY
Record €225m fine for WhatsApp Ireland over data protection breaches
The Data Protection Commission has fined WhatsApp Ireland €225m for infringements of data protection rules.
RELATED: WhatsApp fine offers pause for thought
EU warns over post-Brexit data agreement with UK
Decision sustaining cross-border trade and services could terminate if personal data risked.
RELATED:
UK to overhaul privacy rules in post-Brexit departure from GDPR
The UK thinks it can fix GDPR. It’s wrong
UK’s new data chief inherits Matt Hancock probe, Silicon Valley remit
A New Zealander who once called Facebook "morally bankrupt" is now the U.K.'s new data regulator. As the Information Commissioner, John Edwards will be in charge of everything from probing Silicon Valley giants to handling sensitive political probes at home. He brings a record of enforcement to the job having ruled against Facebook in his previous role as New Zealand's top privacy watchdog.
EU privacy watchdog calls for stricter data use to guarantee fair access to credit
The European Data Protection Supervisor (EDPS) has invited the European Commission to clarify its proposal for a directive on consumer credit to ensure the limited and appropriate use of consumers' personal data and guarantee fair access to credit for all Europeans.
Swiss DPA approves use of European Commission's SCCs
The Swiss Data Protection Authority recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with the GDPR as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.
Graham Dwyer phone data ruling due before European court
The Court of Justice of the EU will hear arguments next month on key legal issues concerning the retention of mobile phone data which could impact on Graham Dwyer’s bid to overturn his conviction for the murder of Elaine O’Hara.
Opinion: The journey has just begun: China passes its Personal Information Protection Law
On 20 August 2021, China’s National People’s Congress passed the Personal Information Protection Law. The PIPL has a rapid timeframe for implementation, taking effect on 1 November 2021. The brief transition period will clearly be a challenge for organizations subject to the PIPL.
SECURITY & TECH
Revealed: Ireland ranks sixth worst cybersecurity State in Europe, study shows
Ireland is the sixth-least cybersecure nation in Europe, according to a new study. The research analysed and ranked countries on factors such as: cybercrime exposure, commitment to cybersecurity, malicious software, social media and email hacks, online banking fraud, identity theft and cybersecurity legislations.
Britain tamed Big Tech and nobody noticed
The Age Appropriate Design Code – now the Children’s Code – has caused huge global changes. Not that tech platforms want to admit it.
US giants top tech industry’s $100M+ a year lobbying blitz in EU
The scale of the tech industry’s spending to influence the European Union’s tech policy agenda has been laid out in a report published by Corporate Europe Observatory and LobbyControl which found hundreds of companies, groups and business associations shelling out a total of €97 million annually lobbying EU institutions.
This is the real story of the Afghan biometric databases abandoned to the Taliban
As the Taliban swept through Afghanistan in mid-August, declaring the end of two decades of war, reports quickly circulated that they had also captured US military biometric devices used to collect data such as iris scans, fingerprints, and facial images. Some feared that the machines, known as HIIDE, could be used to help identify Afghans.
RELATED: The Taliban Now Controls a U.S.-Made Super-Surveillance System
ChaosDB: How we hacked thousands of Azure customers’ databases
Nearly everything we do online these days runs through applications and databases in the cloud. While leaky storage buckets get a lot of attention, database exposure is the bigger risk for most companies because each one can contain millions or even billions of sensitive records. Every CISO’s nightmare is someone getting their access keys and exfiltrating gigabytes of data in one fell swoop.
Apple cares about privacy, unless you work at Apple
Apple gives itself extensive rights to search through employee devices used for work. Now, some Apple employees are pushing back, saying the company hasn’t done enough to safeguard their personal data.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Hacker takes credit for 54 million T-Mobile data breach, calls security ‘awful’
A 21-year-old American living abroad claimed credit for the massive T-Mobile data breach that's affected at least 54 million people and said the company's 'security is awful.'
RELATED: T-Mobile CEO opens up on recent breach
Ransomware attack at Singapore eye clinic potentially breaches 73,000 patients’ data
A ransomware attack at a Singapore eye clinic has potentially exposed the personal data of more than 73,000 patients.
ENFORCEMENT
Data Protection Commission announces decision in WhatsApp inquiry
We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.
RELATED: Binding decision 1/2021
New record for UK data watchdog as it handed out £42m in fines last year
The value of ICO fines issued in the past year was the highest on record at £42m, up 1,580% from the £2.5m in fines issued the previous year.
South Korea Issues Fines to Facebook, Netflix Over Privacy Violations
Facebook, Google and Netflix are facing fines and actions for privacy violations, with Facebook assessed the second-largest amount in the country's history for its treatment of facial recognition templates.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
DPC: Redacting Documents and Records
The DPC has released a guidance note on redaction considerations in the context of Data Subject Access Requests under Article 15 of the GDPR.
RESOURCES
CNIL: Data protection around the world — interactive data protection level map
This map allows you to see the level of data protection in each country.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.