Privacy Transformation - Issue 126
PRIVACY
DPC proposes €36m fine for Facebook over data complaint
The Data Protection Commission has proposed fining Facebook up to €36m in one of more than a dozen probes it has opened into the social media giant, according to a draft decision published by the complainant.
RELATED:
DPC greenlights Facebook's "GDPR bypass". Shrems: “Decision undermines key element of GDPR.”
Data Protection Commission Statement on Budget 2022
Commissioner Helen Dixon welcomes the increased funding of €4.1 million, as the Data Protection Commission ramps up enforcement of EU data protection law
UK Ex-minister predicts ‘huge battleground’ over UK’s plan to set internet content rules
The former U.K. minster of state for what is now the digital and culture department, DCMS, has warned of the looming battle in parliament over the exact shape of incoming online safety legislation.
UK startup blasts government plan to downgrade data protection
The U.K. government’s post-Brexit appetite to “reform” domestic privacy rules by reducing the level of protections wrapping people’s data is already having wider ramifications for the country’s tech ecosystem. Last month the Department of Digital, Culture, Media and Sport announced a consultation on reducing privacy standards — claiming “simplified” rules would be a boon for business innovation.
SECURITY & TECH
EU lawmaker gets backing for tougher EU tech rules
A key EU lawmaker at the European Parliament steering the debate on tough new rules aimed at Facebook, Google and other large online platforms, secured backing to beef up Europeans' fundamental rights in the draft rules.
'Wake up call': Trinity College study shows true extent of data sharing on Android phones
Many apps and OS installed on mobile Android phones had no opt out for data collection.
Report available in Resources section.
European Parliament calls for a ban on facial recognition
The European Parliament today called for a ban on police use of facial recognition technology in public places, and on predictive policing, a controversial practice that involves using AI tools in hopes of profiling potential criminals before a crime is even committed.
Microsoft says it mitigated one of the largest DDoS attacks ever recorded
Microsoft says it has mitigated one of the largest DDoS attack ever recorded. The 2.4Tbps attack occurred in August, targeting an Azure customer in Europe.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Electrician doing work in garda station leaked photos of garda intelligence board, court hears
An electrician leaked pictures of Garda intelligence containing the personal information of 108 people, a court has heard.
Gardaí launch probe after earlier cyberattack on HSE left 1,000 users exposed
Gardaí have launched a criminal investigation into the hacking of a Health Service Executive (HSE) contractor that resulted in the contact details of more than 1,000 service users being compromised.
Israeli hospital hit with ransomware attack
Hillel Yaffe Medical Center says it is able to keep operating, aside from non-urgent elective procedures, by switching to alternate computer systems
ENFORCEMENT
Italian SA reprimands a real estate agency and fines it because used LinkedIn to offer its services to a prospective client via the platform
The decision clarified that LinkedIn is intended to enable exchanges of contact information to provide job opportunities; it is not envisaged that users may rely on it to send messages in order to sell products or services to other users regardless of whether this is what their core business consists in.
Hamburg DPA: Penalty against electricity company for using tax data for another purpose
In order to determine whether customers signing up to receive electricity had previously been customer sin the past, the company carried out comparisons with customer data from previous years, which had been stored according to tax and commercial law. This check was intended to prevent customers from receiving a new customer bonus so regularly that the offer to attract new customers was no longer profitable for the company.
The Norwegian Data Protection Authority: Ferde AS fined
Through a news report on the Norwegian national broadcaster, NRK, the Norwegian Data Protection Authority learned that Ferde AS transfers data related to vehicles passing through toll collection points to a data processor in China. On this basis, the Data Protection Authority initiated an investigation into whether Ferde has established routines and measures to ensure satisfactory information security for the data transferred to China.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
ICO consultation on the draft journalism code of practice
The draft code provides practical guidance to help individuals understand data protection law and comply effectively with its requirements. The code does not concern press conduct or standards in general.
RESOURCES
TCD Study reveals scale of data-sharing from Android mobile phones
These vendor-customised Android variants transmit substantial amounts of information to the OS developer and to third parties such as Google, Microsoft, LinkedIn, and Facebook that have pre-installed system apps.
Cisco 2021 Consumer Privacy Survey
Cisco 2021 Consumer Privacy Survey, drawing on 2600 anonymous responses across 12 countries.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.