Privacy Transformation - Issue 138

PRIVACY

European Commission defends Ireland tech watchdog amid criticism of privacy record

European Commission defends Ireland tech watchdog amid criticism of privacy record

The Dublin-based privacy regulator has faced criticism that it’s failing to uphold EU privacy rights.

China harvests masses of data on Western targets, documents show

China harvests masses of data on Western targets, documents show

Hundreds of projects launched since 2020 show that Chinese police, state media and the military are gathering data from sites including Twitter and Facebook to track perceived threats.

John Edwards begins term as UK Information Commissioner

John Edwards begins term as UK Information Commissioner

New UK Information Commissioner John Edwards today begins his five-year term in office, succeeding Elizabeth Denham CBE.

RELATED: ICO Press Release: New UK Information Commissioner begins term

SECURITY & TECH

Big Tech's biggest weaknesses were on display in 2021

Big Tech's biggest weaknesses were on display in 2021

While 2020 was a year when tech's greatest strengths were on display, it was its weaknesses that came to the fore in 2021.

Garda body cams should not use facial recognition technology, committee warns

Garda body cams should not use facial recognition technology, committee warns

Garda body-worn cameras should not use facial recognition technology and should not be used to racially profile people, according to recommendations from the Oireachtas justice committee.

Cyber attack on UK's Defence Academy had 'significant' impact, officer in charge at the time reveals

Cyber attack on UK's Defence Academy had 'significant' impact, officer in charge at the time reveals

Air Marshal Edward Stringer, who has since retired, says the "sophisticated" hack on the MOD's Defence Academy in March 2021 had "consequences for operations". He spoke to Sky News for his first television interview since leaving the military.

European Data Protection Supervisor Urges Increased Data Protection in Card Payments 

European Data Protection Supervisor Urges Increased Data Protection in Card Payments

The European Union’s independent data protection authority has identified how data collected during card-based transactions can be used to profile customers.

Missouri vows to prosecute journalist who found security flaw in state website

Missouri vows to prosecute journalist who found security flaw in state website

The St. Louis Post-Dispatch says it alerted officials to a security flaw on a state website. Gov. Mike Parson described it as a hack that be investigated and could cost taxpayers $50 million.

DATA BREACH

Fears over health staff’s bank records as HSE trawls stolen cyber-attack files

Fears over health staff’s bank records as HSE trawls stolen cyber-attack files

The HSE has been urged to tell staff how many of them had their data stolen in a major cyber attack last year.

Data breach: Broward Health warns 1.3 million patients, staff of 'medical identity theft'

Data breach: Broward Health warns 1.3 million patients, staff of 'medical identity theft'

The hospital system says they waited months to notify victims of the breach because the Justice Department asked them to.

Have I Been Pwned warns of DatPiff data breach impacting millions

Have I Been Pwned warns of DatPiff data breach impacting millions

The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service.

ENFORCEMENT

France spanks Google $170M, Facebook $68M over cookie consent dark patterns

Chalk another one up for decentralized enforcement: France’s data protection watchdog has slapped headline-grabbing fines on Facebook and Google for failing to respect local (and pan-EU) cookie consent rules.

The CNIL said it’s fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.

Finland DPA: Administrative fine imposed on psychotherapy centre

Finland DPA: Administrative fine imposed on psychotherapy centre

A psychotherapy centre notified the Data Protection Ombudsman about an attack against its patient record database in September 2020. The outcome of an investigation has resulted in the imposition of an administrative financial sanction of EUR 608 000 for GDPR violations.

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

SlimPay, a Paris-based subscription payment services company, has been fined €180,000 by the French CNIL regulatory body after it was found to have held sensitive customer data on a publicly accessible server for five years.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB: Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

This document is intended to complement the Guidelines WP 250 and it reflects the common experiences of the SAs of the EEA since the GDPR became applicable. Its aim is to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.