Privacy Transformation - Issue 121
PRIVACY
Central Bank took two months to inform credit unions of data breach
Credit union executives were not told by the Central Bank that their personal details had been wrongly handed over to a third party until more than two months after the mistake occurred, it has emerged.
German firms seek details of employees' vaccine status
The German government is looking into whether it could temporarily ease data privacy rules to allow companies to find out whether their employees are vaccinated against COVID-19, ministers said on Wednesday.
International Data Transfers Under China’s Personal Information Protection Law
China’s Personal Information Protection Law (PIPL) imposes strict rules for transferring personal information out of mainland China (“cross-border transfers”) that may be even more stringent than those contained in the EU’s General Data Protection Regulation (GDPR).
SECURITY & TECH
IT infrastructure of crime group 'significantly disrupted' by gardaí
Gardaí have said they have "significantly disrupted" the IT infrastructure of the cyber crime group which targeted the HSE earlier this year.
RELATED: HSE cyber-attack: Irish health service still recovering months after hack
Apple Backs Down on Its Controversial Photo-Scanning Plans
A sustained backlash against a new system to look for child sexual abuse materials on user devices has led the company to hit pause.
Cookie banners: ICO urges G7 to consider solution to pop-up notices
Information commissioner Elizabeth Denham believes the issue needs to be solved collectively.
RELATED: ICO Press Release - ICO to call on G7 countries to tackle cookie pop-ups challenge
Spyware on Your iPhone Is a Step Too Far
Without evidence of wrongdoing, neither public agents nor private companies should be rifling through the photos on your personal devices.
Twitter Plans New Privacy Tools to Get More People Tweeting
Twitter Inc. is planning to test new privacy-related features aimed at giving users greater control over their follower lists and who can see their posts and likes, an effort to make people more comfortable interacting and sharing on the social network.
Bosses turn to ‘tattleware’ to keep tabs on employees working from home
The pandemic prompted a surge in the use of workplace surveillance programs – and they’re not going away any time soon
Google Play could be used to track other people’s movements
A researcher from Malwarebytes discovered he was able to know his wife’s whereabouts without installing any stalkerware on her phone.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Credit unions demand assurances from Central Bank after data leak blunder
A LEADING credit union body is seeking assurances from the Central Bank that it can protect the personal data of people who have to register with it.
McDonald's leaks password for Monopoly VIP database to winners
A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners.
‘Biggest data breach ever recorded’: Researcher condemns ‘consent spam’
Dr Johnny Ryan of the ICCL said that ‘what the advertising industry calls consent is just a thin veneer of compliance theatre’.
ENFORCEMENT
French DPA: 1.75 million penalty against AG2R LA MONDIALE
CNIL found that the Mutual Insurance Group, responsible for coordinating the group’s provident, dependency, health, savings and supplementary pension insurance activities, was keeping data on millions of people for an excessive period of time and was not complying with its information obligations in the context of telephone canvassing campaigns.
After Dutch DPA, this Netherlands-based non-profit hits TikTok with €6B class action lawsuit
Stichting Massaschade & Consument hits TikTok with €6B class action lawsuit.
ICO fines Glasgow company for making half a million nuisance calls
The Information Commissioner’s Office has fined Glasgow-based company DialADeal Scotland Ltd (DDSL) £150,000 for making more than half a million nuisance marketing calls.
More on the latest GDPR enforcement news can be found on:
RESOURCES
DPC Decision in WhatsApp Inquiry
The DPC decision concerning which concerned the examination of whether WhatsApp discharged its GDPR transparency obligations to both users and non-users of WhatsApp’s service has been published.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.