Privacy Transformation - Issue 122
PRIVACY
Irish data watchdog launches two inquiries into TikTok
The Data Protection Commissioner has announced two inquiries into the social media platform TikTok looking at compliance with GDPR relating to the processing of children's personal data and transfers of data to China.
Data watchdogs fail to police Google, Facebook and Apple, says civil liberties group
The Data Protection Commission is "failing" to enforce EU data privacy laws on major international tech companies, according to a new report by the Irish Council for Civil Liberties (ICCL).
See Resources Section for ICCL Report.
RELATED: Ireland is ‘worst bottleneck’ for enforcing EU data privacy law – ICCL
DPC: Overview of the upcoming new breach notification web-forms
The DPC has carried out a review of the breach web-forms currently being used by data controllers to notify personal data breaches in accordance with Article 33 of the GDPR and Section 86 of the Data Protection Act 2018. On foot of this review, data controllers will be required in the coming weeks to use a revised web-form.
Case hearing legality of Graham Dwyer phone data use begins in EU court
A European court will today hear arguments on key legal issues which could have a bearing on notorious killer Graham Dwyer’s bid to overturn his murder conviction.
RELATED:
EU states join Ireland in challenge to data law
Irish murder case entangled in EU data power struggle
WhatsApp’s record €225m fine was lower than it expected
Irish unit estimated it would be fined up to €250m by DPC for privacy breaches.
RELATED:
WhatsApp Ireland fights back against Data Protection Commissioner's €225 million fine
Discontent Simmers Over How to Police EU Privacy Rules
Analysis: UK GDPR and Privacy Law - 74 Reforms the Government is Considering
The UK government published its proposals for reforming data protection and privacy law on 10 September, 2021. If even a significant fraction of these reforms are passed, the UK’s data protection and privacy regime could radically change.
UK dials up the spin on data reform, claiming ‘simplified’ rules will drive ‘responsible’ data sharing
The U.K. government has announced a consultation on plans to shake up the national data protection regime, as it looks at how to diverge from European Union rules following Brexit. It’s also a year since the U.K. published a national data strategy in which said it wanted pandemic levels of data sharing to become Britain’s new normal.
RELATED:
Britain looks to loosen EU chains on data privacy
Automated decision-making ban could go in GDPR bonfire
Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes
Regional data-sharing rules are outdated and ineffective for international data flows, Elizabeth Denham says.
SECURITY & TECH
GSOC finds IT security 'vulnerability' following cyber warning
The Garda Síochána Ombudsman Commission (GSOC) has notified the Data Protection Commission following the discovery of an IT security “vulnerability”.
EU commissioner calls for urgent action against Pegasus spyware
Didier Reynders condemns hacking of political opponents and journalists and says bloc closely watching Hungary investigation
Apple rushes to block 'zero-click' iPhone spyware
The flaw allows hackers to access devices even if users do not click on a link or file.
Facebook Smart glasses: Italian DPA seeks clarifications from Facebook via Irish DPC
The Italian SA (Garante per la protezione dei dati personali) requested the Irish Data Protection Commission (DPC) to urge Facebook to provide their replies to a set of questions prior to the marketing in Italy of smart glasses equipped with the ‘Facebook View’ feature.
Cookies: French data protection watchdog welcomes increased compliance
Following on from its guidelines on the rules to be applied to cookies, the French data protection authority (CNIL) drew up on Tuesday (14 September) the results of its second campaign of formal notices sent to companies for non-compliance with the legislation on cookies.
Commission yearns for setting the global standard on artificial intelligence
The European Commission believes that its proposed Artificial Intelligence Act should become the global standard if it is to be fully effective. The upcoming AI treaty that is being drafted by the Council of Europe might help the EU achieve just that.
South Australia Deploys Facial Recognition Quarantine App
South Australia has deployed the Quarantine SA home quarantine enforcement app, which some have called "Orwellian" because of facial recognition and geolocation
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
ENFORCEMENT
DPC launches two inquiries into TikTok concerning compliance with GDPR requirements relating to the processing of childrens’ personal data and transfers of data to China
We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.
Slovenian SA orders the controller to delete a collection of 88 photos according to Article 17 of the GDPR
The controller, a media content production agency specializing in journalistic and photographic work in the field of lifestyle, was processing a collection of 88 photos, taken during the last 7-15 years, representing the data subject attending different social events. The photos were published on a website and were also offered for online sale. The individual exercised her right to erasure (right to be forgotten) defined in Article 17 of the GDPR.
DPC welcomes outcome of prosecution proceedings taken against Three Ireland Ltd. and Vodafone Ireland Ltd.
The Data Protection Commission welcomed the outcome of prosecution proceedings that were taken yesterday morning in the Dublin Metropolitan District Court against two prominent telecommunications companies in relation to marketing offences under S.I. 336 of 2011 in the Dublin Metropolitan District Court.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
ICO: Sharing personal data in an emergency – a guide for universities and colleges
To help universities and colleges feel confident they can share people’s information lawfully, the ICO offers this guidance post.
RESOURCES
ICCL’s 2021 report on the enforcement capacity of data protection authorities
ICCL has issued a report concluding that Ireland is the bottleneck of GDPR enforcement against Google, Facebook, and Big Tech for all of Europe. [Access Report]
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.