Privacy Transformation - Issue 139

PRIVACY

France flexes muscles with fines against Facebook, Google over cookie banners

By announcing fines of €150 million for Google and €60 million for Facebook, the French privacy watchdog CNIL went much further than other EU watchdogs have gone to rein in the trackers, which allow advertisers to target people with tailored ads as they move around the internet.

RELATED: Google fined €150m by French data privacy watchdog for cookie breaches

CNIL's ePrivacy fines reveal potential enforcement trend

CNIL's ePrivacy fines reveal potential enforcement trend

The new year for EU data protection enforcement has rung in with an early bang courtesy of the France's data protection authority, the Commission nationale de l'informatique et des libertés. The CNIL fined Google and Facebook up to a combined 210 million euros for alleged cookie violations under the ePrivacy Directive.

Opinion: EECC Creates Loophole for Encryption Backdoors

Opinion: EECC Creates Loophole for Encryption Backdoors

Back in 2019/2020 I made several warnings of the risks associated with the European Electronic Communications Code (EECC) to end to end encryption and wrote to all the major providers of encrypted messenger services about my concerns.

Age verification and data protection: Far more difficult than it looks

Age verification and data protection: Far more difficult than it looks

The French government published Decree No. 2021-1306 Oct. 7, 2021, concerning the implementation of measures to protect minors from accessing sites broadcasting adult content. This allows us to take a closer look at the implementation of technical processes to check the age of users online.

SECURITY & TECH

UK data watchdog seeks talks with Meta over child protection concern

UK data watchdog seeks talks with Meta over child protection concern

Campaigners say lack of parental controls on Oculus Quest 2 virtual reality headset could breach children’s safety code

Solicitor’s clients sent cash to fraudster’s account after cyberattack

Solicitor’s clients sent cash to fraudster’s account after cyberattack

Law Society calls on solicitors to ensure safeguards are in place to deter hackers.

WhatsApp co-founder Acton named Signal's interim CEO

WhatsApp co-founder Acton named Signal's interim CEO

Messaging app Signal's founder and Chief Executive Officer Moxie Marlinspike will step down and WhatsApp co-founder Brian Acton will become the interim CEO, Marlinspike said in a blog post on Monday.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

FlexBooker discloses data breach, over 3.7 million accounts impacted

FlexBooker discloses data breach, over 3.7 million accounts impacted

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.

ENFORCEMENT

DPC: Inquiry into the Teaching Council

DPC: Inquiry into the Teaching Council

This inquiry was commenced in respect of a personal data breach that the Teaching Council (the Council) notified to the DPC. The  breach occured on foot of a phishing email being accessed by staff.

The decision imposed an administrative fine on the Council in the amount of €60,000 in respect of the infringements.

Limerick City and County Council fined over 'unlawful' use of CCTV

Limerick City and County Council fined over 'unlawful' use of CCTV

The Data Protection Commission (DPC) has fined Limerick City and County Council €110,000 after it identified multiple breaches of GDPR and data protection.

Related: DPC Inquiry into Limerick City and County Council December 2021

EDPS orders Europol to erase data concerning individuals with no established link to a criminal activity

On 3 January 2022, the EDPS notified Europol of an order to delete data concerning individuals with no established link to a criminal activity (Data Subject Categorisation). This Decision concludes the EDPS’ inquiry launched in 2019.

[Read EDPS Decision]

European parliament found to have broken EU rules on data transfers and cookie consents

The European Union’s chief data protection supervisor has sanctioned the European Parliament for a series of breaches of the bloc’s data protection rules.

RELATED: EDPS sanctions the European Parliament for illegal EU-US data transfers - among other violations

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB: Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.