Privacy Transformation - Issue 133
PRIVACY
Facebook sets aside €1bn for new Irish data fines as profits soar
Facebook has set aside over €1bn for data privacy fines it thinks are likely to come from Ireland’s Data Protection Commission, new accounts show. The increased sum reflects the likelihood of more decisions on existing Irish DPC investigations against the social media giant in the coming year. Helen Dixon’s office has over 10 probes underway against Facebook, Whatsapp and Instagram.
'Time to revisit' structure of watchdog as plans for two more data commissioners reported
A leading Irish privacy advocacy group has “welcomed” reports that the Department of Justice is seeking to expand the number of Data Protection Commissioners from one to three.
RELATED:
Ireland's the Wrong Privacy Watchdog for Europe
Court of Justice of the EU Finds that Advertising Shown in Email Inbox is Subject to Rules on Direct Marketing
On November 26, 2021, the Court of Justice of the EU (“CJEU”) held in Case C-102/20 that the display of advertising messages in an electronic inbox in a form similar to that of an actual email constitutes direct marketing, and therefore is subject to EU Member States’ rules on direct marketing.
Bill to regulate online harmful content ‘damages’ constitutional rights
A proposed Bill aimed at tackling the spread of harmful online content is so “vague and arbitrary” that it “seriously damages” users’ constitutional rights, a committee has been told.
Public services card cost soars to €98m
The Department of Social Protection (DSP) has said a €30m hike in the cost of the public services card framework is attributable to a number of factors, including the prior exclusion of Vat.
DPC: DPO enforcement programme – an additional 170 organisations brought into compliance
The Data Protection Commission has successfully completed the most recent stage in its Data Protection Officer (DPO) enforcement programme, aimed at improving compliance with Article 37 of the GDPR.
Consumer groups can sue tech firms on citizens’ behalf
Consumer groups can take privacy cases against tech giants on behalf of citizens, the advocate general at the Court of Justice of the EU has said.
HIQA: Public asked to give feedback on a consent model for the collection, use and sharing of health information
The Health Information and Quality Authority (HIQA) is asking the public for their feedback on its Draft recommendations on a consent model for the collection, use and sharing of health information in Ireland which will be submitted to the Minister for Health.
Video: First noyb "Advent Reading" from Facebook/DPC Documents
Our First "Advent Reading" focuses on the right to access to documents and Facebook’s attempts to suppress documents and undermined the right to be heard of others.
John Edwards is off on a ‘late-life OE’ as UK privacy watchdog, and he’s not done with Facebook yet
He called Facebook 'morally bankrupt', 'pathological liars', saying 'they #DontGiveAZuck'. And that seems to have helped, rather than hindered, in getting a big new gig.
SECURITY & TECH
UK privacy watchdog warns adtech the end of tracking is nigh
It’s been well over two years since the UK’s data protection watchdog warned the behavioural advertising industry it’s wildly out of control. The UK’s (outgoing) information commissioner, Elizabeth Denham, published an opinion — in which she warns the industry that its old unlawful tricks simply won’t do in the future.
IKEA email systems hit by ongoing cyberattack
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails.
Notorious Pegasus spyware faces its day of reckoning
The infamous hacking tool is now at the centre of international lawsuits thanks to a courageous research lab.
UK watchdog orders Facebook owner Meta to sell Giphy
Facebook owner Meta has been told by the UK competition watchdog to sell popular animated images platform Giphy in Britain’s first such move against so-called Big Tech in its efforts to bolster regulation of the sector.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
INM refused stay on case over alleged data breach
INM said a stay should be granted until two inspectors, appointed by the High Court, have completed their investigation into the alleged data breach.
Panasonic confirms cyberattack and data breach
Tech manufacturing giant Panasonic has confirmed that its network was accessed illegally this month during a cyberattack. In a statement released on Friday, the Japanese company said it was attacked on November 11 and determined that "some data on a file server had been accessed during the intrusion."
Planned Parenthood LA discloses data breach after ransomware attack
Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients.
ENFORCEMENT
UK Cabinet Office fined over New Year honours list data breach
The Cabinet Office has been fined £500,000 by the UK’s data watchdog after the postal addresses of the 2020 New Year honours recipients were disclosed online.
ICO issues provisional view to fine Clearview AI Inc over £17 million
The Information Commissioner’s Office has announced its provisional intent to impose a potential fine of just over £17 million on Clearview AI Inc – a company that describes itself as the ‘World’s Largest Facial Network’.
ICO issues its largest fine to tackle illegal pension cold calls
The Information Commissioner’s Office (ICO) has fined EB Associates Group Limited £140,000 for instigating over 107,000 illegal cold calls to people about pensions.
Icelandic DPA issues fine to the Ministry of Industries and Innovation and YAY ehf. for data processing through a digital gift card app
The Icelandic government contracted a company that issued a digital gift card app based on an already existing app developed by the same company. After the app was first published, the Icelandic DPA received tips from data subjects on the amount of personal data the app was using and the extensive access rights it claimed in the user’s mobile device. The Icelandic DPA subsequently decided to examine on its own initiative whether the project complied with the GDPR.
More on the latest GDPR enforcement news can be found on:
RESOURCES
Irish Public Sector Cyber Security Baseline Standards
The National Cyber Security Centre, in conjunction with the Office of the Government Chief Information Officer, have developed the Standards which are intended to create an acceptable security standard and form a broad framework for a set of measures which can be revised over time.
[Read Cyber Security Baseline Standards]
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.