Privacy Transformation - Issue 140

PRIVACY

As its data flows woes grow, Google lobbies for quickie fix to EU-US transfers

As its data flows woes grow, Google lobbies for quickie fix to EU-US transfers

As the legal uncertainty in Europe clouding use of US cloud services cranks up, Google has responded by firing up its lobbying engines to call for US and European lawmakers to get a move on and come up a new rubberstamp to grease transatlantic data flows as usual as the bloc’s regulators finally start to find their banhammers.

RELATED:

Google: It’s time for a new EU-US data transfer framework

Europe’s Move Against Google Analytics Is Just the Beginning

UK Gov't Plans Publicity Blitz to Undermine Chat Privacy

UK Gov't Plans Publicity Blitz to Undermine Chat Privacy

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook's decision to encrypt its Messenger app.

DPC received almost 7,000 complaints from Irish last year

DPC received almost 7,000 complaints from Irish last year

Irish people lodged almost 7,000 complaints with data protection watchdogs last year, the sixth-highest number in Europe, lawyers say. A report from global law firm DLA Piper says European states fined businesses and other organisations €1.1 billion for data breaches in 2021, six times the €158.5 million in penalties imposed by authorities the previous year.

[See Resources Section for Report]

Faith in GDPR wanes as admin burden causes compliance anxiety

The findings in the 2022 joint McCann FitzGerald/Mazars GDPR-impact survey suggest a hardening of views towards the 2018 data-protection regulation, stemming from its knock-on effects during the pandemic.

[See Resources Section for Survey]

Bulgaria's surveillance laws breach European human rights convention-ECHR

Bulgaria's surveillance laws breach European human rights convention-ECHR

Bulgaria violates the European Convention of Human Rights when it comes to secret surveillance and retention and accessing of communication data, the European Court of Human Rights ruled on Tuesday.

[Read Case]

A data ‘black hole’: Europol ordered to delete vast store of personal data

A data ‘black hole’: Europol ordered to delete vast store of personal data

EU police body accused of unlawfully holding information and aspiring to become an NSA-style mass surveillance agency.

Analysis: The Irish DPC Publishes Final Version of its Children’s Fundamentals

Analysis: The Irish DPC Publishes Final Version of its Children’s Fundamentals

On 17 December 2021, the Irish Data Protection Commission (“DPC”) published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing”. The Fundamentals seek to enhance the level of protection afforded to children, both online and offline.

EDPB adopts Guidelines on Right of Access and letter on cookie consent

During its January plenary session, the EDPB adopted Guidelines on the Right of Access. The Guidelines aim to analyse the various aspects of the right of access and to provide more precise guidance on how the right of access has to be implemented in different situations.

SECURITY & TECH

REvil ransomware gang arrested in Russia

REvil ransomware gang arrested in Russia

Russian authorities dismantle the notorious cyber-crime gang at the request of the United States.

Encryption service ‘linked to cyber attacks’ taken down in international sting

Encryption service ‘linked to cyber attacks’ taken down in international sting

Encryption service ‘linked to cyber attacks’ taken down in international sting.

EU carriers want Apple's Private Relay blocked

EU carriers want Apple's Private Relay blocked

Four European carriers have written to the European Commission claiming that Apple's Private Relay in iOS 15 undermines "digital sovereignty," and that it should be stopped.

WhatsApp Ordered To Help U.S. Agents Spy On Chinese Phones—No Explanation Required

WhatsApp Ordered To Help U.S. Agents Spy On Chinese Phones—No Explanation Required

The U.S. doesn't need to know whom they're targeting or show probable cause when ordering Facebook, WhatsApp or any tech company to help agencies spy on users in secret, newly unsealed court documents show.

Covid tracker app used by few to identify close contacts

Covid tracker app used by few to identify close contacts

Only 4 per cent of people who tested positive for Covid-19 uploaded their close contact details to the Covid tracker app for tracing purposes, according to data published in the Irish Medical Journal.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Clare County Council Confirms Data Breach Involving Release Of Personal Information Of Former Tenants

Clare County Council Confirms Data Breach Involving Release Of Personal Information Of Former Tenants

Clare County Council has confirmed a data breach which involved the release of personal information of 72 people, as well as 13 who have passed away. The local authority says the data was released in error, as part of a response to a Freedom of Information request about vacant Council houses.

Goodwill discloses data breach on its ShopGoodwill platform

Goodwill discloses data breach on its ShopGoodwill platform

American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform.

ENFORCEMENT

Teaching Council fined after teacher data leaked in phishing scam

Teaching Council fined after teacher data leaked in phishing scam

Teaching Council fined €60,000 after teacher data leaked in phishing scam.

Austrian DSB: EU-US data transfers to Google Analytics illegal

Austrian DSB: EU-US data transfers to Google Analytics illegal

In a groundbreaking decision, the Austrian Data Protection Authority has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.

Lisbon’s mayor office fined for over $1.4 million for data protection breaches over protests

Lisbon’s mayor office fined for over $1.4 million for data protection breaches over protests

The mayor's office violated the General Data Protection Regulation 225 times, the national data protection commission ruled.

Polish DPA imposes a fine on Warsaw University of Technology

Polish DPA imposes a fine on Warsaw University of Technology

The proceedings against the Warsaw University of Technology was initiated after the Polish Data Protection Authority received a data breach notification. As it was indicated, an unauthorized person downloaded from the controller's IT network resources a database containing personal data of students and lecturers (over 5 thousand people).

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

DPC: Data Protection Considerations Relating to Multi-Unit Developments and Owners’ Management Companies

DPC: Data Protection Considerations Relating to Multi-Unit Developments and Owners’ Management Companies

An increasing proportion of Ireland’s population lives in apartments and houses situated in multi-unit developments (MUDs) and estates having shared spaces and services. In most cases these common areas and shared facilities are owned and controlled by an owners’ management company (OMC) which is typically a not-for-profit legal structure established for the management of multi-unit developments under the Multi-Unit Developments Act 2011 (the MUDs Act). This guidance sets out general advice on common data protection issues that may arise in the course of interaction between OMCs and concerned parties.

EDPS: Online targeting for political advertising: stricter rules are necessary

EDPS: Online targeting for political advertising: stricter rules are necessary

The EDPS has published today his Opinion on the EU legislators’ proposed Regulation on transparency and targeting for political advertising.

[Read EDPS Opinion]

RESOURCES

The present report is part of a study analysing the implications for the work of the European Union / European Economic Area data protection supervisory authorities in relation to transfers of personal data to third countries after the Court of Justice of the European Union (CJEU) judgment C-311/18 on Data Protection Commissioner v. Facebook Ireland Ltd, Maximilian Schrems (Schrems II).

Translation: Personal Information Protection Law of the People's Republic of China

On August 20, 2021, the top legislative body in the People's Republic of China, the Standing Committee of the National People's Congress, passed the Personal Information Protection Law. The law went into effect Nov. 1, 2021. This English translation of the law is published by the Stanford DigiChina Cyber Policy Center.

Paper: Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

In this paper, we present findings from a largescale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context.

Survey: Impact of GDPR and its effect on organisations in Ireland

Around two-thirds (64%) of organisations believe that employers should be permitted access to the vaccine status of their employees, while a majority (56%) said that the inability to process employees’ vaccine status data had impacted on a return to the office. The results come from this year’s edition of an annual survey on the impact of the GDPR on organisations in Ireland, jointly published today by leading law firm McCann FitzGerald LLP and Mazars.

Report: DLA Piper GDPR fines and data breach survey: January 2022

Report: DLA Piper GDPR fines and data breach survey: January 2022

Data protection supervisory authorities across Europe have issued a total of nearly EUR1.1 billion (USD1.2 / GBP0.9 billion) in fines since 28 January 2021, according to international law firm DLA Piper.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.