Privacy Transformation - Issue 124

PRIVACY

Ireland is a ‘GDPR bottleneck’ that lets big tech off the hook

Ireland is a ‘GDPR bottleneck’ that lets big tech off the hook

The architect of the EU law believes a centralised regulator with real teeth is required

Parents warned spreading Covid misinformation on WhatsApp could breach data protection laws

Parents warned spreading Covid misinformation on WhatsApp could breach data protection laws

Parents found to be spreading misinformation or personal data in Whatsapp groups, could be in breach of data protection laws and may be sued.

Data-Privacy Impasse Hangs Over U.S.-EU Trade and Technology Summit

Data-Privacy Impasse Hangs Over U.S.-EU Trade and Technology Summit

Companies including Google urge officials to strike a new deal to ease trans-Atlantic data flows.

RELATED: The US government requests — and is granted — the most user data from tech companies compared to countries like the UK, France, and Japan: report

French privacy watchdog takes action on government fingerprint database issues

French privacy watchdog takes action on government fingerprint database issues

The National Commission for Information Technology and Civil Liberties (CNIL) has decided to call the Ministry of the Interior to order after observing several failures in the proper maintenance of the automated fingerprint file (FAED).

Italian DPA investigates the apps that listen using device microphone

Italian DPA investigates the apps that listen using device microphone

The Privacy Guarantor has opened a formal investigation into apps that record from the microphones.

Irish DPC WhatsApp decision: What do you need to know?

Irish DPC WhatsApp decision: What do you need to know?

On Sept. 2, the Irish Data Protection Commission announced a decision to fine WhatsApp 225 million euros.

EDPB adopts opinion on draft South Korea Adequacy Decision

EDPB adopts opinion on draft South Korea Adequacy Decision

The EDPB adopted its opinion on the European Commission’s draft adequacy decision for the Republic of Korea.

RELATED: EU privacy watchdogs’ important caveats for data transfers with South Korea

Privacy Myth - It’s Merely Metadata

Traditionally a distinction is made between data and metadata, separating the actual content of a communication (e.g., a letter, a phone conversation) from the technical data necessary to establish the connection between the sender and the recipient (e.g., an address, or a phone number). Unlike its metadata, the data itself is often considered private and offered stronger protection: the secrecy of correspondence is enshrined in the constitution of many countries. But shouldn’t metadata be given similar protections? Is it really ‘merely’ metadata?

SECURITY & TECH

Instagram for kids paused after backlash

Instagram for kids paused after backlash

Facebook delays its child-friendly Instagram version to do more work with concerned parents.

FBI decision to withhold Kaseya ransomware decryption keys stirs debate

FBI decision to withhold Kaseya ransomware decryption keys stirs debate

Many security experts defended the FBI's decision to leave Kaseya victims struggling with ransomware infections for weeks.

Facebook tweaks cookie consent controls in Europe to comply with GDPR, ePrivacy Directive

The company has also created a new settings menu on FB and Instagram, where people can revisit and manage their cookie consent decisions at any time.

London's Met Police Buying Retrospective Facial Recognition Technology

London's Met Police Buying Retrospective Facial Recognition Technology

The UK's Metropolitan Police Service has been authorised to buy and use retrospective facial recognition technology.

EDPB establishes cookie banner taskforce

During its latest plenary, the EDPB decided to set up a taskforce to coordinate the response to complaints concerning cookie banners filed with several EEA SAs by NOYB.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Thousands of online gaming accounts hit in major cyberattack

Thousands of online gaming accounts hit in major cyberattack

BloodyStealer malware-as-a-service is sold on the dark web and used to harvest data from gamers online.

ENFORCEMENT

Norwegian DPA: Reprimanded after accessing e-mail account

Norwegian DPA: Reprimanded after accessing e-mail account

The background for this case is a complaint from a former board director, who discovered that the company accessed a personal e-mail account associated with the enterprise.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.