Privacy Transformation - Issue 135
PRIVACY
Data Protection Commissioner has marked Government's card with PSC outcome
The dropping of the Department of Social Protection’s legal challenge to the DPC may indeed represent a seismic shift in the Government’s attitude to data protection, one of the key modern concerns for most western democracies.
RELATED:
DPC welcomes resolution of proceedings relating to the Public Services Card
Department drops appeal regarding legality of Public Services Card
'We've been totally vindicated': State admits rights of Mother & Baby Home survivors were breached
“It’s been such a battle but we’ve been totally vindicated, that’s the most important thing. This time our voices have been heard in terms of justice.”
Dixon defends data regulator from MEPs’ attack
Data protection chief Helen Dixon dismissed claims at the weekend that her organisation lobbied EU data protection authorities to ease rules for big tech companies.
RELATED:
Comment from Norwegian DPA on relationship with DPC
EDPB Statement : EDPB cooperation on the elaboration of guidelines
Third noyb "Advent Reading" from Facebook/DPC Documents
DPC needs an overhaul of funding, structure and leadership
MEPs to back new regime to rein in power and scale of US tech giants
MEPs want to halt tech giants like Google and Facebook from snapping up smaller rivals and set extra controls on targeted ads.
Human Rights Act: UK government unveils reform proposals
The UK government has launched what it says will be "common sense" reforms to the Human Rights Act that will "restore confidence" in the legal system. The proposals commit to staying within the European Convention on Human Rights, despite pressure from some Conservatives to leave the treaty.
Data Protection chiefs feared running out of space for staff after move to new HQ was delayed
The Data Protection Commission (DPC) warned it would be “disastrous” if its planned move to a new €1.4m-a-year rented headquarters was blocked.
SECURITY & TECH
Opening of email attachment led to HSE cyber attack, report finds
The opening of a malicious Microsoft Excel file attached to a phishing email led to the cyber attack that crippled the national health service earlier this year, according to a report on the incident published on Friday.
[See Resources Section for Cyber-Attack Report]
RELATED:
Irish health cyber-attack could have been even worse, report says
HSE hackers were in health service's computer system for eight weeks before cyber attack
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet
Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that's used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday.
RELATED: National body warns organisations of serious cyber security threat
Ransomware attack on Kronos could disrupt how companies pay, manage employees for weeks
A ransomware attack has hit HR management company Kronos, disrupting how major companies process payroll and manage employees.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
The new PPI? Claims firms turn their fire on data breaches
laims companies and law firms looking for the next bonanza in payouts are targeting people who have been the victim of a data breach, with some telling those affected they could be entitled to thousands of pounds in compensation.
ENFORCEMENT
Grindr Fined €6.5m for Selling User Data Without Explicit Consent
The penalty was issued for sharing users' special category data with third parties without their explicit consent.
Polish regulator to investigate Apple's privacy policy
Apple faces an investigation in Poland over whether its new rules on privacy and personal data processing for iOS devices violate competition law, Polish antimonopoly watchdog UOKiK said on Monday.
Tax Administration fined for discriminatory and unlawful data processing
The Dutch Data Protection Authority (DPA) has imposed a €2.75 million fine on the Dutch Tax Administration. The fine was imposed because for many years the Tax Administration processed data on the (dual) nationality of childcare benefit applicants in an unlawful, discriminatory and therefore improper manner.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Contribution to the European Commission’s evaluation of the Data Protection Law Enforcement Directive (LED) under Article 62
Contribution of the EDPB to the European Commission’s evaluation of the Data Protection Law Enforcement Directive (LED) under Article 62
RESOURCES
DPC publishes final version of Children’s “Fundamentals”
The Data Protection Commission (DPC) has today published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (the Fundamentals).
HSE publishes independent report on Conti cyber
The HSE is today publishing the report of the independent review into the ransomware cyber-attack on its IT systems which took place earlier this year.
[Read Post Incident Review Executive Summary]
EDPB response to MEP István Ujhelyi on the alleged use of the Pegasus spyware
EDPB response to MEP István Ujhelyi on the alleged use of the Pegasus spyware
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.