Privacy Transformation - Issue 138
PRIVACY
European Commission defends Ireland tech watchdog amid criticism of privacy record
The Dublin-based privacy regulator has faced criticism that it’s failing to uphold EU privacy rights.
China harvests masses of data on Western targets, documents show
Hundreds of projects launched since 2020 show that Chinese police, state media and the military are gathering data from sites including Twitter and Facebook to track perceived threats.
John Edwards begins term as UK Information Commissioner
New UK Information Commissioner John Edwards today begins his five-year term in office, succeeding Elizabeth Denham CBE.
RELATED: ICO Press Release: New UK Information Commissioner begins term
SECURITY & TECH
Big Tech's biggest weaknesses were on display in 2021
While 2020 was a year when tech's greatest strengths were on display, it was its weaknesses that came to the fore in 2021.
Garda body cams should not use facial recognition technology, committee warns
Garda body-worn cameras should not use facial recognition technology and should not be used to racially profile people, according to recommendations from the Oireachtas justice committee.
Cyber attack on UK's Defence Academy had 'significant' impact, officer in charge at the time reveals
Air Marshal Edward Stringer, who has since retired, says the "sophisticated" hack on the MOD's Defence Academy in March 2021 had "consequences for operations". He spoke to Sky News for his first television interview since leaving the military.
European Data Protection Supervisor Urges Increased Data Protection in Card Payments
The European Union’s independent data protection authority has identified how data collected during card-based transactions can be used to profile customers.
Missouri vows to prosecute journalist who found security flaw in state website
The St. Louis Post-Dispatch says it alerted officials to a security flaw on a state website. Gov. Mike Parson described it as a hack that be investigated and could cost taxpayers $50 million.
DATA BREACH
Fears over health staff’s bank records as HSE trawls stolen cyber-attack files
The HSE has been urged to tell staff how many of them had their data stolen in a major cyber attack last year.
Data breach: Broward Health warns 1.3 million patients, staff of 'medical identity theft'
The hospital system says they waited months to notify victims of the breach because the Justice Department asked them to.
Have I Been Pwned warns of DatPiff data breach impacting millions
The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service.
ENFORCEMENT
France spanks Google $170M, Facebook $68M over cookie consent dark patterns
Chalk another one up for decentralized enforcement: France’s data protection watchdog has slapped headline-grabbing fines on Facebook and Google for failing to respect local (and pan-EU) cookie consent rules.
The CNIL said it’s fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.
Finland DPA: Administrative fine imposed on psychotherapy centre
A psychotherapy centre notified the Data Protection Ombudsman about an attack against its patient record database in September 2020. The outcome of an investigation has resulted in the imposition of an administrative financial sanction of EUR 608 000 for GDPR violations.
SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years
SlimPay, a Paris-based subscription payment services company, has been fined €180,000 by the French CNIL regulatory body after it was found to have held sensitive customer data on a publicly accessible server for five years.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
This document is intended to complement the Guidelines WP 250 and it reflects the common experiences of the SAs of the EEA since the GDPR became applicable. Its aim is to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.