Privacy Transformation - Issue 139
PRIVACY
France flexes muscles with fines against Facebook, Google over cookie banners
By announcing fines of €150 million for Google and €60 million for Facebook, the French privacy watchdog CNIL went much further than other EU watchdogs have gone to rein in the trackers, which allow advertisers to target people with tailored ads as they move around the internet.
RELATED: Google fined €150m by French data privacy watchdog for cookie breaches
CNIL's ePrivacy fines reveal potential enforcement trend
The new year for EU data protection enforcement has rung in with an early bang courtesy of the France's data protection authority, the Commission nationale de l'informatique et des libertés. The CNIL fined Google and Facebook up to a combined 210 million euros for alleged cookie violations under the ePrivacy Directive.
Opinion: EECC Creates Loophole for Encryption Backdoors
Back in 2019/2020 I made several warnings of the risks associated with the European Electronic Communications Code (EECC) to end to end encryption and wrote to all the major providers of encrypted messenger services about my concerns.
Age verification and data protection: Far more difficult than it looks
The French government published Decree No. 2021-1306 Oct. 7, 2021, concerning the implementation of measures to protect minors from accessing sites broadcasting adult content. This allows us to take a closer look at the implementation of technical processes to check the age of users online.
SECURITY & TECH
UK data watchdog seeks talks with Meta over child protection concern
Campaigners say lack of parental controls on Oculus Quest 2 virtual reality headset could breach children’s safety code
Solicitor’s clients sent cash to fraudster’s account after cyberattack
Law Society calls on solicitors to ensure safeguards are in place to deter hackers.
WhatsApp co-founder Acton named Signal's interim CEO
Messaging app Signal's founder and Chief Executive Officer Moxie Marlinspike will step down and WhatsApp co-founder Brian Acton will become the interim CEO, Marlinspike said in a blog post on Monday.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
FlexBooker discloses data breach, over 3.7 million accounts impacted
Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.
ENFORCEMENT
DPC: Inquiry into the Teaching Council
This inquiry was commenced in respect of a personal data breach that the Teaching Council (the Council) notified to the DPC. The breach occured on foot of a phishing email being accessed by staff.
The decision imposed an administrative fine on the Council in the amount of €60,000 in respect of the infringements.
Limerick City and County Council fined over 'unlawful' use of CCTV
The Data Protection Commission (DPC) has fined Limerick City and County Council €110,000 after it identified multiple breaches of GDPR and data protection.
Related: DPC Inquiry into Limerick City and County Council December 2021
EDPS orders Europol to erase data concerning individuals with no established link to a criminal activity
On 3 January 2022, the EDPS notified Europol of an order to delete data concerning individuals with no established link to a criminal activity (Data Subject Categorisation). This Decision concludes the EDPS’ inquiry launched in 2019.
European parliament found to have broken EU rules on data transfers and cookie consents
The European Union’s chief data protection supervisor has sanctioned the European Parliament for a series of breaches of the bloc’s data protection rules.
RELATED: EDPS sanctions the European Parliament for illegal EU-US data transfers - among other violations
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data
Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.