Privacy Transformation - Issue 121

PRIVACY

Central Bank took two months to inform credit unions of data breach

Central Bank took two months to inform credit unions of data breach

Credit union executives were not told by the Central Bank that their personal details had been wrongly handed over to a third party until more than two months after the mistake occurred, it has emerged.

German firms seek details of employees' vaccine status

German firms seek details of employees' vaccine status

The German government is looking into whether it could temporarily ease data privacy rules to allow companies to find out whether their employees are vaccinated against COVID-19, ministers said on Wednesday.

International Data Transfers Under China’s Personal Information Protection Law

International Data Transfers Under China’s Personal Information Protection Law

China’s Personal Information Protection Law (PIPL) imposes strict rules for transferring personal information out of mainland China (“cross-border transfers”) that may be even more stringent than those contained in the EU’s General Data Protection Regulation (GDPR).

SECURITY & TECH

IT infrastructure of crime group 'significantly disrupted' by gardaí

IT infrastructure of crime group 'significantly disrupted' by gardaí

Gardaí have said they have "significantly disrupted" the IT infrastructure of the cyber crime group which targeted the HSE earlier this year.

RELATED: HSE cyber-attack: Irish health service still recovering months after hack

Apple Backs Down on Its Controversial Photo-Scanning Plans

Apple Backs Down on Its Controversial Photo-Scanning Plans

A sustained backlash against a new system to look for child sexual abuse materials on user devices has led the company to hit pause.

Cookie banners: ICO urges G7 to consider solution to pop-up notices

Information commissioner Elizabeth Denham believes the issue needs to be solved collectively.

RELATED: ICO Press Release - ICO to call on G7 countries to tackle cookie pop-ups challenge

Spyware on Your iPhone Is a Step Too Far

Spyware on Your iPhone Is a Step Too Far

Without evidence of wrongdoing, neither public agents nor private companies should be rifling through the photos on your personal devices.

Twitter Plans New Privacy Tools to Get More People Tweeting

Twitter Plans New Privacy Tools to Get More People Tweeting

Twitter Inc. is planning to test new privacy-related features aimed at giving users greater control over their follower lists and who can see their posts and likes, an effort to make people more comfortable interacting and sharing on the social network.

Bosses turn to ‘tattleware’ to keep tabs on employees working from home

Bosses turn to ‘tattleware’ to keep tabs on employees working from home

The pandemic prompted a surge in the use of workplace surveillance programs – and they’re not going away any time soon

Google Play could be used to track other people’s movements

Google Play could be used to track other people’s movements

A researcher from Malwarebytes discovered he was able to know his wife’s whereabouts without installing any stalkerware on her phone.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Credit unions demand assurances from Central Bank after data leak blunder

Credit unions demand assurances from Central Bank after data leak blunder

A LEADING credit union body is seeking assurances from the Central Bank that it can protect the personal data of people who have to register with it.

McDonald's leaks password for Monopoly VIP database to winners

McDonald's leaks password for Monopoly VIP database to winners

A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners.

‘Biggest data breach ever recorded’: Researcher condemns ‘consent spam’

‘Biggest data breach ever recorded’: Researcher condemns ‘consent spam’

Dr Johnny Ryan of the ICCL said that ‘what the advertising industry calls consent is just a thin veneer of compliance theatre’.

ENFORCEMENT

French DPA: 1.75 million penalty against AG2R LA MONDIALE

French DPA: 1.75 million penalty against AG2R LA MONDIALE

CNIL found that the Mutual Insurance Group, responsible for coordinating the group’s provident, dependency, health, savings and supplementary pension insurance activities, was keeping data on millions of people for an excessive period of time and was not complying with its information obligations in the context of telephone canvassing campaigns.

After Dutch DPA, this Netherlands-based non-profit hits TikTok with €6B class action lawsuit

After Dutch DPA, this Netherlands-based non-profit hits TikTok with €6B class action lawsuit

Stichting Massaschade & Consument hits TikTok with €6B class action lawsuit.

ICO fines Glasgow company for making half a million nuisance calls

ICO fines Glasgow company for making half a million nuisance calls

The Information Commissioner’s Office has fined Glasgow-based company DialADeal Scotland Ltd (DDSL) £150,000 for making more than half a million nuisance marketing calls.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

DPC Decision in WhatsApp Inquiry

The DPC decision concerning which concerned the examination of whether WhatsApp discharged its GDPR transparency obligations to both users and non-users of WhatsApp’s service has been published.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.