Privacy Transformation - Issue 14

PRIVACY

Europe’s top data protection regulator, Giovanni Buttarelli, has passed away

Europe’s top data protection regulator, Giovanni Buttarelli, has passed away

Europe’s data protection supervisor, Giovanni Buttarelli, has died. His passing at age 62 was announced by his office. He is a great loss to the privacy world, having been appointed as European Data Protection Supervisor in 2014 and overseen the introduction and implementation of the GDPR. A man of great vision and integrity, held in great admiration by many - he will be missed in the privacy sphere and beyond.

The EDPS statement on his passing can be found here.

Facebook launches 'clear history' tool – but it won't delete anything

The new feature, part of a wider set of tools covering “off-Facebook activity”, will not delete anything from Facebook’s servers, instead simply “disconnecting” data from an individual user’s account.

World's first global privacy management standard hits the mainstream Related reading: ISO publishes first International Standards for privacy information management

When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information ...

Johnny Ryan on the new IAB Consent Framework

The IAB releases the new version of its consent framework . Like the previous version, it presents users and publishers with choices about who receives data from them, but without the technical measures necessary to enforce their choices.

Facial recognition is now rampant. The implications for our freedom are chilling

This new technology is being secretly used on streets and in shopping centres across Britain, making potential suspects of us all.

PUBLIC SERVICES CARD

When a topic earns its own section it's because it has entered into the privacy lexicon either for good or ill. In the case of the ongoing PSC Card controversy it's fair to say that it has likely only ever been seen for the former in the eyes of its creators and the latter by most everyone else. Here's a round-up of this weeks stories regarding the card.

The Irish Times view on the Public Services Card: overstepping the mark

The Irish Times view on the Public Services Card: overstepping the mark

To avoid conflict with civil liberties groups, politicians opted instead for a gradual amalgamation of departmental databases, but without underpinning such a development in law.

Pressure mounts on minister as State bodies act over botched €60m Public Services Card

Pressure mounts on minister as State bodies act over botched €60m Public Services Card

State agencies have begun removing the requirement for individuals to obtain a Public Services Card (PSC) in order to access services following a damning report from the Data Protection Commissioner.

Issues over Public Services Card ‘certainly’ require change - Varadkar

Issues over Public Services Card ‘certainly’ require change - Varadkar

Taoiseach foresees further work on retention of data, transparency and legal basis of PSC.

'There's no get out jail free card on this': What next for the Public Services Card?

'There's no get out jail free card on this': What next for the Public Services Card?

The findings by the Data Protection Commissioner open up the possibility of legal action from PSC holders, solicitors say.

Fianna Fáil rules out backing legislation to extend uses of Public Services Card

Fianna Fáil rules out backing legislation to extend uses of Public Services Card

Fianna Fáil rules out backing legislation to extend uses of Public Services Card.

Varadkar says legal basis for PSCs needs to be examined

The Taoiseach has said the Government will examine if it can change the law to allow the Public Services Card to be a requirement for purposes other than accessing social welfare services.

State will not learn from Public Services Card fiasco

State will not learn from Public Services Card fiasco

Net Results: Apart from data abuse, card cost €60m but detected just €2m in welfare fraud.

Department of Employment Affairs and Social Protection Confirms Intention to Publish Public Services Card Report Once Full Consideration of Findings is Complete

Following receipt of the Data Protection Commission’s Report on the Public Services Card Thursday last (15 August 2019), the Department of Employment Affairs and Social Protection today confirmed to the Commission that it is the Department’s intention to publish the report on its website, together with its own response, once a full consideration of the report is complete.

POSTSCRIPT

It's worth wrapping up this section by noting that the DPC engaged in talks with the Department of Social and Family Affairs nearly ten years ago expressing their concerns regarding its implementation. As we can see from this weeks fallout and beyond ⁠— few if any of those concerns seem to have been addressed.

DATA BREACHES

Data Protection Commission notified over 2018 breach by State Examinations Commission

Data Protection Commission notified over 2018 breach by State Examinations Commission

The breach, which occurred last year, affected 64 medical card holders.

Adult content-sharing website breach affects 1.19M

Adult content-sharing website breach affects 1.19M

Adult content-sharing website Luscious was subject to a data breach that affected 1.195 million user accounts.

GUIDELINES

DPC Guidance - Options for app security

DPC Guidance - Options for app security

Data Protection Commission guidance on options for app security.

Timescales for responding to a Subject Access Request

The ICO has updated their guidance on timelines related to dealing with Data Subject Access Requests.

RESOURCES

Privacy engineering: The what, why and how Related reading: NIST Privacy Framework nearing completion

Privacy engineering will be central to the privacy profession going forward, but what exactly is Privacy Engineering? - a look at this evolving discipline.

Privacy researchers devise a noise-exploitation attack that defeats dynamic anonymity

Privacy researchers devise a noise-exploitation attack that defeats dynamic anonymity

Privacy researchers in Europe believe they have the first proof that a long-theorised vulnerability in systems designed to protect privacy by aggregating and adding noise to data to mask individual identities is no longer just a theory. The research has implications for the immediate field of differential privacy and beyond.