Privacy Transformation - Issue 132
PRIVACY
Schrems accuses DPC of trying to stop publication of Facebook complaint documents
Privacy campaigner Max Schrems accused Ireland’s data protection commissioner (DPC) of attempting to prohibit him from publishing documents related to a long-running complaint against Facebook.
RELATED:
Irish DPC removes noyb from GDPR procedure - Criminal report filed
Facebook’s lead EU privacy supervisor hit with corruption complaint
WhatsApp refines privacy to comply with Irish watchdog’s order
Messaging platform WhatsApp has updated its privacy policy for European users after the record €225 million fine by the Irish privacy watchdog over transparency breaches under EU law.
Graham Dwyer case: State knew of data law problems for years, expert says
The State’s failure to reform its data retention laws is the reason why it is “even possible” that Graham Dwyer could overturn his murder conviction, a data privacy expert has said.
DPC warns about use of CCTV outside private homes after over 150 complaints in past year
Most complaints are mainly about neighbours who operate either a CCTV system or smart doorbell.
RELATED: Is your video doorbell breaching data protection laws?
See updated DPC guidance on this topic in the Resources section.
How Cellphone Data Collected for Advertising Landed at U.S. Government Agencies
Mobilewalla was the source of some of the advertising data used by government entities to track mobile phones without warrants, shedding new light on how device location data is harvested and sold in a secretive multibillion-dollar industry.
ICO calls on Google and other companies to eliminate existing privacy risks posed by adtech industry
The Information Commissioner’s Office (ICO) has today set out clear data protection standards that companies must meet to safeguard people’s privacy online when developing new advertising technologies (adtech). The privacy standards published in a Commissioner’s Opinion come as a warning to companies that are designing new methods of online advertising, that they must comply with data protection law and stop the excessive collection and use of people’s data.
Podcast Clip: Is the EU Right? Ireland’s Data Commission “understaffed and needs more capacity”
Helen Dixon, Irish Data Protection Commissioner speaking to Claire Byrne about critisims levelled at the Commission and its ongoing investigations.
SECURITY & TECH
HSE spend to remedy cyberattack harm tops €37m, says Minister
Impact on patient services ‘on a scale not seen before’, Frank Feighan tells Seanad.
RELATED: Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims
German coalition backs ban on facial recognition in public places
Government-in-waiting’s stance on AI may nudge other EU countries in same direction.
Why you and I will pay the price for the next big cybersecurity crisis
As a former top civil servant has pointed out, private firms seem happy to let governments pick up the pieces when hackers strike
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Hundreds of sensitive health files found in desk bought at charity shop
Personal details of the top executive team at the Belfast Health and Social Care Trust, along with the home addresses of job applicants, were among hundreds of documents discovered abandoned in a charity shop.
GoDaddy hack causes data breach affecting 1.2 million customers
GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment.
ENFORCEMENT
Polish DPA: Bank Millennium fined for failure to notify the breach and the data subjects about the incident
The complaint concerned the loss by a courier company of correspondence containing personal data, such as: name, surname, personal identification number, registered address, bank account numbers, identification number assigned to the bank’s customers. The complainants were informed about this fact by the bank, but the information was not sufficient — it did not meet the requirements set out in the GDPR. A fine of 80,000 EUR has been imposed.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB adopts Guidelines on the interplay between Art. 3 and Chapter V GDPR
During its plenary session, the EDPB adopted Guidelines on the interplay between Art. 3 and Chapter V GDPR. By clarifying the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers in Chapter V, the Guidelines aim to assist controllers and processors in the EU in identifying whether a processing operation constitutes an international transfer, and to provide a common understanding of the concept of international transfers.
ICO: Data protection and privacy expectations for online advertising proposals
The privacy standards published in a Commissioner’s Opinion come as a warning to companies that are designing new methods of online advertising, that they must comply with data protection law and stop the excessive collection and use of people’s data.
DPC: Updated Guidance on the Use of Domestic CCTV
The Irish Data Protection Commission has updated their guidance on the domestic use of CCTV systems.
RESOURCES
Paper: What is Privacy? That's the Wrong Question
Privacy has never had a precise meaning. But in the early 1900s, the concept took on new life as a term of art in legal frameworks. The result has been a bit of a mess, as no singular definition has been adequate for all purposes. Daniel Solove, perhaps the most influential privacy scholar of our day, wrote at the turn of the millennium that privacy was “a concept in disarray.”
Paper: Bugs in our Pockets: The Risks of Client-Side Scanning
Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear.
Video: Johnny Ryan speaks at the European Parliament IMCO committee
Johnny Ryan speaks at the European Parliament IMCO committee on tracking-based ads, outlining for the committee how such ads work.
DPC: "Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” — Report on Public Consultation
The DPC ran a public consultation on the draft version of “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” to give stakeholders a final opportunity to present their views. Following on from this consultation, the DPC has published this report.
Lecture: End-to-end encryption: the (fruitless?) search for a compromise
This new research publication by Ciaran Martin, Professor of Practice in the Management of Public Organisations and former head of the UK NCSC, focuses on the use of end-to-end encryption to fight terrorism, online child abuse and other digital harms.
EDPB letter to ENISA regarding the European Cybersecurity Certification Scheme for Cloud Services (EUCS)
EDPB letter to ENISA regarding the European Cybersecurity Certification Scheme for Cloud Services (EUCS)
Report: UK NCSC Annual Review 2021
Annual Review Report of the UK's National Cyber Security Centre.