Privacy Transformation - Issue 130
PRIVACY
WhatsApp Ireland given permission to challenge DPC’s €225m fine
The European arm of WhatsApp has secured permission from a High Court judge to challenge the Data Protection Commission’s decision to fine it €225 million.
‘Right to be forgotten’ should be reviewed by Data Protection Commission say civil and digital rights campaigners
The “right to be forgotten” is not an absolute right and the current procedure for determining what content can be ‘erased’ from search engines is inherently unfair, according to a leading data privacy campaigner.
RELATED: Google ‘delists’ Irish Times articles and images about Seán Quinn and his family
Lloyd v Google – Supreme Court Judgment – report and impacts on data protection and mass claims in the UK
UK Supreme Court allowed Google's appeal against the Court of Appeal decision which had previously granted Mr Lloyd permission to serve his representative claim on Google in the United States. The judgment brings to an end to one of the most significant issues to come before the UK Courts concerning class actions and data protection regimes.
SECURITY & TECH
IAB Europe says it’s expecting to be found in breach of GDPR
Is this the beginning of the end for the hated tracking cookie consent pop-up? A flagship framework used by Google and scores of other advertisers for gathering claimed consent from web users for creepy ad targeting looks set to be found in breach of Europe’s General Data Protection Regulation (GDPR).
RELATED:
Facebook plans to remove thousands of sensitive ad-targeting options
Here's how to stop facial recognition systems in their tracks
Researchers have developed adversarial image generators to fool facial recognition software and protect privacy rights
‘Our notion of privacy will be useless’: what happens if technology learns to read our minds?
The promise of neurotechnology to make lives better is growing. But do we need a new set of rights to protect the integrity of our minds?
Clearview AI Forced to Cease Data Scraping Operations in Australia
Australia's national privacy regulator determined Clearview AI breached users' privacy and violated the Australian Privacy Act 1988.
A stalker's wishlist: PhoneSpy malware destroys Android privacy
To date, 23 malicious apps harboring the spyware have been found, but none of the samples were discovered in the official Google Play Store -- suggesting that PhoneSpy is being distributed via third-party platforms.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Robinhood says a hacker who tried to extort the company got access to data for 7 million customers
Personal information for more than 7 million customers was accessed during a data breach on November 3rd, Robinhood said, but it doesn’t appear anyone lost any money. The company said it is investigating.
1.8 TB of Police Helicopter Surveillance Footage Leaks Online
DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.
Booking.com was reportedly hacked by a US intel agency but never told customers
Data involving Middle Eastern countries stolen by man working for unknown US agency.
ENFORCEMENT
DPC Issues Decision Against MOVE Ireland
The DPC has issued an intention to fine MOVE Ireland €1,500 over the loss of SD Cards that may have contained recording of group sessions where participants discuss their behaviour and attitudes with regard to domestic violence with a facilitator.
Dutch DPA fines Transavia for poor personal data security
Due to poor security of personal data, a hacker was able to break into Transavia’s systems, in which he could have potentially had access to the data of 25 million passengers. It has been determined that the hacker actually downloaded the personal data of 83,000 people. The Dutch DPA has fined Transavia €400,000.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
DPC: Vaccine Certificate Check Guidance
The DPC has updated its guidance note on Vaccine Certificate Checks
DPC: Processing COVID 19 Vaccination Data in the context of Employment and the Work Safely Protocol
The DPC has updated its guidance note on the processing of vaccination data in the context of employment.
RESOURCES
DPC: Summary of Breach Notification Form Changes
The Irish Data Protection Commission has made changes to its data breach notification form. This provides a summary of those changes.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.