Privacy Transformation - Issue 130

PRIVACY

WhatsApp Ireland given permission to challenge DPC’s €225m fine

WhatsApp Ireland given permission to challenge DPC’s €225m fine

The European arm of WhatsApp has secured permission from a High Court judge to challenge the Data Protection Commission’s decision to fine it €225 million.

‘Right to be forgotten’ should be reviewed by Data Protection Commission say civil and digital rights campaigners

‘Right to be forgotten’ should be reviewed by Data Protection Commission say civil and digital rights campaigners

The “right to be forgotten” is not an absolute right and the current procedure for determining what content can be ‘erased’ from search engines is inherently unfair, according to a leading data privacy campaigner.

RELATED: Google ‘delists’ Irish Times articles and images about Seán Quinn and his family

Lloyd v Google – Supreme Court Judgment – report and impacts on data protection and mass claims in the UK

Lloyd v Google – Supreme Court Judgment – report and impacts on data protection and mass claims in the UK

UK Supreme Court allowed Google's appeal against the Court of Appeal decision which had previously granted Mr Lloyd permission to serve his representative claim on Google in the United States. The judgment brings to an end to one of the most significant issues to come before the UK Courts concerning class actions and data protection regimes.

SECURITY & TECH

IAB Europe says it’s expecting to be found in breach of GDPR

IAB Europe says it’s expecting to be found in breach of GDPR

Is this the beginning of the end for the hated tracking cookie consent pop-up? A flagship framework used by Google and scores of other advertisers for gathering claimed consent from web users for creepy ad targeting looks set to be found in breach of Europe’s General Data Protection Regulation (GDPR).

RELATED:

Tracking-industry body IAB Europe told that it has infringed the GDPR, and its “consent” pop-ups used by Google and other tech firms are unlawful

Facebook plans to remove thousands of sensitive ad-targeting options

Here's how to stop facial recognition systems in their tracks

Here's how to stop facial recognition systems in their tracks

Researchers have developed adversarial image generators to fool facial recognition software and protect privacy rights

‘Our notion of privacy will be useless’: what happens if technology learns to read our minds?

‘Our notion of privacy will be useless’: what happens if technology learns to read our minds?

The promise of neurotechnology to make lives better is growing. But do we need a new set of rights to protect the integrity of our minds?

Clearview AI Forced to Cease Data Scraping Operations in Australia

Clearview AI Forced to Cease Data Scraping Operations in Australia

Australia's national privacy regulator determined Clearview AI breached users' privacy and violated the Australian Privacy Act 1988.

A stalker's wishlist: PhoneSpy malware destroys Android privacy

A stalker's wishlist: PhoneSpy malware destroys Android privacy

To date, 23 malicious apps harboring the spyware have been found, but none of the samples were discovered in the official Google Play Store -- suggesting that PhoneSpy is being distributed via third-party platforms.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Robinhood says a hacker who tried to extort the company got access to data for 7 million customers

Robinhood says a hacker who tried to extort the company got access to data for 7 million customers

Personal information for more than 7 million customers was accessed during a data breach on November 3rd, Robinhood said, but it doesn’t appear anyone lost any money. The company said it is investigating.

1.8 TB of Police Helicopter Surveillance Footage Leaks Online

1.8 TB of Police Helicopter Surveillance Footage Leaks Online

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Booking.com was reportedly hacked by a US intel agency but never told customers

Booking.com was reportedly hacked by a US intel agency but never told customers

Data involving Middle Eastern countries stolen by man working for unknown US agency.

ENFORCEMENT

DPC Issues Decision Against MOVE Ireland

DPC Issues Decision Against MOVE Ireland

The DPC has issued an intention to fine MOVE Ireland €1,500 over the loss of SD Cards that may have contained recording of group sessions where participants discuss their behaviour and attitudes with regard to domestic violence with a facilitator.

Dutch DPA fines Transavia for poor personal data security

Dutch DPA fines Transavia for poor personal data security

Due to poor security of personal data, a hacker was able to break into Transavia’s systems, in which he could have potentially had access to the data of 25 million passengers. It has been determined that the hacker actually downloaded the personal data of 83,000 people. The Dutch DPA has fined Transavia €400,000.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

DPC: Vaccine Certificate Check Guidance

The DPC has updated its guidance note on Vaccine Certificate Checks

DPC: Processing COVID 19 Vaccination Data in the context of Employment and the Work Safely Protocol

The DPC has updated its guidance note on the processing of vaccination data in the context of employment.

RESOURCES

DPC: Summary of Breach Notification Form Changes

DPC: Summary of Breach Notification Form Changes

The Irish Data Protection Commission has made changes to its data breach notification form. This provides a summary of those changes.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.