Privacy Transformation - Issue 122

PRIVACY

Irish data watchdog launches two inquiries into TikTok

Irish data watchdog launches two inquiries into TikTok

The Data Protection Commissioner has announced two inquiries into the social media platform TikTok looking at compliance with GDPR relating to the processing of children's personal data and transfers of data to China.

Data watchdogs fail to police Google, Facebook and Apple, says civil liberties group

Data watchdogs fail to police Google, Facebook and Apple, says civil liberties group

The Data Protection Commission is "failing" to enforce EU data privacy laws on major international tech companies, according to a new report by the Irish Council for Civil Liberties (ICCL).

See Resources Section for ICCL Report.

RELATED: Ireland is ‘worst bottleneck’ for enforcing EU data privacy law – ICCL

DPC: Overview of the upcoming new breach notification web-forms

DPC: Overview of the upcoming new breach notification web-forms

The DPC has carried out a review of the breach web-forms currently being used by data controllers to notify personal data breaches in accordance with Article 33 of the GDPR and Section 86 of the Data Protection Act 2018. On foot of this review, data controllers will be required in the coming weeks to use a revised web-form.

Case hearing legality of Graham Dwyer phone data use begins in EU court

Case hearing legality of Graham Dwyer phone data use begins in EU court

A European court will today hear arguments on key legal issues which could have a bearing on notorious killer Graham Dwyer’s bid to overturn his murder conviction.

RELATED:

EU states join Ireland in challenge to data law

Irish murder case entangled in EU data power struggle

WhatsApp’s record €225m fine was lower than it expected

WhatsApp’s record €225m fine was lower than it expected

Irish unit estimated it would be fined up to €250m by DPC for privacy breaches.

RELATED:

WhatsApp Ireland fights back against Data Protection Commissioner's €225 million fine

Discontent Simmers Over How to Police EU Privacy Rules

Analysis: UK GDPR and Privacy Law - 74 Reforms the Government is Considering

Analysis: UK GDPR and Privacy Law - 74 Reforms the Government is Considering

The UK government published its proposals for reforming data protection and privacy law on 10 September, 2021. If even a significant fraction of these reforms are passed, the UK’s data protection and privacy regime could radically change.

UK dials up the spin on data reform, claiming ‘simplified’ rules will drive ‘responsible’ data sharing

UK dials up the spin on data reform, claiming ‘simplified’ rules will drive ‘responsible’ data sharing

The U.K. government has announced a consultation on plans to shake up the national data protection regime, as it looks at how to diverge from European Union rules following Brexit. It’s also a year since the U.K. published a national data strategy in which said it wanted pandemic levels of data sharing to become Britain’s new normal.

RELATED:

Britain looks to loosen EU chains on data privacy

Automated decision-making ban could go in GDPR bonfire

Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes

Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes

Regional data-sharing rules are outdated and ineffective for international data flows, Elizabeth Denham says.

SECURITY & TECH

GSOC finds IT security 'vulnerability' following cyber warning

GSOC finds IT security 'vulnerability' following cyber warning

The Garda Síochána Ombudsman Commission (GSOC) has notified the Data Protection Commission following the discovery of an IT security “vulnerability”.

EU commissioner calls for urgent action against Pegasus spyware

EU commissioner calls for urgent action against Pegasus spyware

Didier Reynders condemns hacking of political opponents and journalists and says bloc closely watching Hungary investigation

Apple rushes to block 'zero-click' iPhone spyware

Apple rushes to block 'zero-click' iPhone spyware

The flaw allows hackers to access devices even if users do not click on a link or file.

Facebook Smart glasses: Italian DPA seeks clarifications from Facebook via Irish DPC

Facebook Smart glasses: Italian DPA seeks clarifications from Facebook via Irish DPC

The Italian SA (Garante per la protezione dei dati personali) requested the Irish Data Protection Commission (DPC) to urge Facebook to provide their replies to a set of questions prior to the marketing in Italy of smart glasses equipped with the ‘Facebook View’ feature.

Cookies: French data protection watchdog welcomes increased compliance

Cookies: French data protection watchdog welcomes increased compliance

Following on from its guidelines on the rules to be applied to cookies, the French data protection authority (CNIL) drew up on Tuesday (14 September) the results of its second campaign of formal notices sent to companies for non-compliance with the legislation on cookies.

Commission yearns for setting the global standard on artificial intelligence

Commission yearns for setting the global standard on artificial intelligence

The European Commission believes that its proposed Artificial Intelligence Act should become the global standard if it is to be fully effective. The upcoming AI treaty that is being drafted by the Council of Europe might help the EU achieve just that.

South Australia Deploys Facial Recognition Quarantine App

South Australia Deploys Facial Recognition Quarantine App

South Australia has deployed the Quarantine SA home quarantine enforcement app, which some have called "Orwellian" because of facial recognition and geolocation

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

ENFORCEMENT

DPC launches two inquiries into TikTok concerning compliance with GDPR requirements relating to the processing of childrens’ personal data and transfers of data to China

DPC launches two inquiries into TikTok concerning compliance with GDPR requirements relating to the processing of childrens’ personal data and transfers of data to China

We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.

Slovenian SA orders the controller to delete a collection of 88 photos according to Article 17 of the GDPR

Slovenian SA orders the controller to delete a collection of 88 photos according to Article 17 of the GDPR

The controller, a media content production agency specializing in journalistic and photographic work in the field of lifestyle, was processing a collection of 88 photos, taken during the last 7-15 years, representing the data subject attending different social events. The photos were published on a website and were also offered for online sale. The individual exercised her right to erasure (right to be forgotten) defined in Article 17 of the GDPR.

DPC welcomes outcome of prosecution proceedings taken against Three Ireland Ltd. and Vodafone Ireland Ltd.

DPC welcomes outcome of prosecution proceedings taken against Three Ireland Ltd. and Vodafone Ireland Ltd.

The Data Protection Commission welcomed the outcome of prosecution proceedings that were taken yesterday morning in the Dublin Metropolitan District Court against two prominent telecommunications companies in relation to marketing offences under S.I. 336 of 2011 in the Dublin Metropolitan District Court.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

ICO: Sharing personal data in an emergency – a guide for universities and colleges

To help universities and colleges feel confident they can share people’s information lawfully, the ICO offers this guidance post.

RESOURCES

ICCL’s 2021 report on the enforcement capacity of data protection authorities

ICCL has issued a report concluding that Ireland is the bottleneck of GDPR enforcement against Google, Facebook, and Big Tech for all of Europe. [Access Report]

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.