Privacy Transformation - Issue 127
PRIVACY
Ireland’s Facebook decision triggers argument over limits of GDPR
EU officials are gearing up for a fight over how much leeway companies should have to process personal data after a decision targeting Facebook from Ireland’s privacy regulator prompted pushback from campaigners.
DPC asks NOYB to remove draft decision on Facebook from website
Ireland’s Data Protection Commission (DPC) has written to Max Schrems’s NOYB organisation asking it to remove a draft decision that it had published on its website.
The commission was investigating a complaint by NOYB that Facebook has “bypassed the GDPR” by changing terms and conditions for users so that it no longer needs consent to process personal data. It is alleged it has done this by relabelling agreements on data use as a “contract”.
RELATED:
DPC sent "take down request" to noyb
Looks Like Facebook Found a Way to Bypass Europe’s Privacy Rules
Facebook Should Clarify Terms of Service, Irish Privacy Regulator Says
EDPB launches first coordinated action
Following the EDPB’s decision to set up a Coordinated Enforcement Framework in October 2020, the EDPB has now decided to launch the proposal for its first coordinated action on the use of Cloud based services by the public sector.
Slovenian Administrative Court upholds the decision of the Slovenian SA: right of erasure does not enable an individual to have his personal data erased from Baptismal Register
A parish of the Roman Catholic Church was processing the application of an individual on the right of erasure. The individual requested his personal data to be erased from the Baptismal Register, because he was no longer a member of the church. In his opinion, the collected data are no longer necessary in relation to the purposes for which they were collected.
SECURITY & TECH
German Pirate Party member claims EU plans for a GDPR-compliant Whois v2 will lead to 'doxxing and death lists'
The European Union has drawn the ire of privacy activists for proposals to put real names and contact details back into Whois lookups, as part of its Network and Information Systems (NIS) Directive.
Neighbour wins privacy row over smart doorbell and cameras
A judge has ruled that security cameras and a Ring doorbell installed in a house in Oxfordshire "unjustifiably invaded" the privacy of a neighbour. Dr Mary Fairhurst claimed that the devices installed on the house of neighbour Jon Woodard broke data laws and contributed to harassment.
Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find
AI voice cloning is used in a huge heist in the U.A.E., according to Dubai investigators, amidst warnings about cybercriminal use of the new technology.
Gartner predicts privacy law changes, consolidation of cybersecurity services and ransomware laws for next 4 years
Gartner analysts released their list of cybersecurity and privacy predictions for the next few years, floating a number of potential ideas about how the world will respond to certain problems over the next decade.
Moscow adds facial recognition payment system to more than 240 metro stations
Moscow introduced a new facial recognition payment system called Face Pay to 240 metro stations on Friday. The new system is designed to shorten lines and wait times, but could be a vulnerable hacking target and a privacy risk.
Imagine if Your Therapist Could Access Data From Your Smartphone
Researchers are studying tools that could give therapists a stream of patient information between sessions—and intervene if necessary.
Brave is launching its own search engine with the help of ex-Cliqz devs and tech
Brave, the privacy-focused browser co-founded by ex-Mozilla CEO Brendan Eich, is getting ready to launch an own-brand search engine for desktop and mobile.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Twitch says passwords weren’t exposed in massive data breach
Twitch has definitively stated that passwords weren’t exposed in last week’s major data breach. It also confirmed that the data primarily consisted of documents from its source code repository.
3D printing site Thingiverse suffers breach of 228,000 email addresses amid sluggish disclosure
So says Have I Been Pwned's maintainer - but site claims breach only impacted 'handful of users'
Centre for Computing History apologises to customers for 'embarrassing' breach
The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.
ENFORCEMENT
DPC: Confirmation of Fine – Twitter International
The Irish Data Protection Commission (DPC) today had the decision to impose an administrative fine on Twitter International Company confirmed in the Dublin Circuit Court. The application to confirm the decision to impose an administrative fine of €450,000 was made pursuant to Section 143 of the Data Protection Act 2018.
RELATED: Dublin Circuit Court confirms €450,000 fine for Twitter delay in reporting data breach
Amazon Fights Record $865 Million EU Data-Protection Fine
Amazon.com Inc. appealed a record 746 million-euro ($865 million) penalty for allegedly violating the European Union’s tough data-protection rules.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB adopts Guidelines on restrictions of data subject rights under Article 23 GDPR
During its October plenary, the EDPB adopted a final version of the Guidelines on restrictions of data subject rights under Art. 23 GDPR following public consultation.
EDPS Opinion on the European Comission’s draft internal rules on digital verification of Covid-19 certificates
EDPS Opinion on the European Comission’s draft internal rules on digital verification of Covid-19 certificates
RESOURCES
White Paper: Building a Comprehensive Health Care Privacy Program
This paper provides a comprehensive framework for building and managing a health care privacy program.
Podcast: The EU's Failure to Protect Our Online Privacy and Data Rights, with Dr. Johnny Ryan
Stream The EU's Failure to Protect Our Online Privacy and Data Rights, with Dr. Johnny Ryan by Martens Centre.
Podcast: EDPS on the future of privacy
We have asked the European Data Protection Supervisor Wojciech Wiewiorowski about its recent proposal to organise a conference to review the enforcement of GDPR, the EU privacy law.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.