Privacy Transformation - Issue 141

PRIVACY

Understanding why the first pieces fell in the transatlantic transfers domino

Understanding why the first pieces fell in the transatlantic transfers domino

The Austrian DPA and the EDPS decided EU websites placing US cookies breach data transfers rules.

Report into 'unlawful' CCTV cameras in Limerick raised with Minister for Justice

Report into 'unlawful' CCTV cameras in Limerick raised with Minister for Justice

Minister of State Patrick O’Donovan has raised Limerick City and County Council being fined €110,000 over its use of CCTV cameras with the Department of Justice.

RELATED:

Limerick's illegal use of CCTV is 'shocking' according to DPC

Call for increased CCTV in Kerry in a bid to curb crime

DPC Decision: Inquiry into Limerick City and County Council

UK launches international data transfer council

UK launches international data transfer council

Businesses, academics and trade bodies convene to help the country seize data sharing opportunities.

European Commission: Joint Statement by Vice-President Jourová and Commissioner Reynders ahead of Data Protection Day

European Commission: Joint Statement by Vice-President Jourová and Commissioner Reynders ahead of Data Protection Day

Ahead of Data Protection Day, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued the following statement.

European Commission puts forward declaration on digital rights and principles for everyone in the EU

European Commission puts forward declaration on digital rights and principles for everyone in the EU

The Commission is proposing to the European Parliament and Council to sign up to a declaration of rights and principles that will guide the digital transformation in the EU.

SECURITY & TECH

End-to-end encryption protects children, says UK information watchdog

End-to-end encryption protects children, says UK information watchdog

The UK data watchdog has intervened in the debate over end-to-end encryption, warning that delaying its introduction puts “everyone at risk” including children.

RELATED: ICO - #NoPlaceToHide - Home Office backed campaign on end to end encryption (E2EE) involving tech companies

Encryption: UK data watchdog criticises government campaign

Google abandons FLoC, introduces Topics API to replace tracking cookies

Google abandons FLoC, introduces Topics API to replace tracking cookies

Google is replacing FLoC with a new concept designed to replace third-party cookies called the Topics API. Topics will assign users five categories per week based on web activity and will erase these topics after three weeks.

Ransomware gangs increase efforts to enlist insiders for attacks

Ransomware gangs increase efforts to enlist insiders for attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

CISA urges US orgs to prepare for data-wiping cyberattacks

CISA urges US orgs to prepare for data-wiping cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.

FBI warns of malicious QR codes used to steal your money

FBI warns of malicious QR codes used to steal your money

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.

Federal investigators say they used encrypted Signal messages to charge Oath Keepers leader

It's unclear how investigators gained access to the messages, but encryption has been a point of tension between law enforcement and tech for years.

Using the NIST Cybersecurity Framework to address organizational risk

Using the NIST Cybersecurity Framework to address organizational risk

NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.

UK Government Announces New Cyber Strategy to Protect Public Sector

UK Government Announces New Cyber Strategy to Protect Public Sector

The initiative is designed to prevent essential public sector services from being shut down by hostile threat actors

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

'We're losing control of our data' as breaches reach an all-time high

'We're losing control of our data' as breaches reach an all-time high

The number of data breaches hit a record high last year, and experts are concerned explicitly with the increasing number of cyberattacks.

INM19: Mailboxes of four people rebuilt in data breach

INM19: Mailboxes of four people rebuilt in data breach

The secret data breach in 2014 at newspaper publisher Independent News & Media (now Mediahuis Ireland) that targeted the communications of the so-called INM19 – 19 people said to be relevant to the business interests of Denis O’Brien – homed in on just four former INM employees who had their entire email accounts reconstructed, the company has disclosed.

ENFORCEMENT

More than €1bn in fines issued to tech giants by EU data regulators last year

More than €1bn in fines issued to tech giants by EU data regulators last year

Irish DPC Deputy Commissioner said a record fine against WhatsApp in 2021 was just the beginning and that many other investigations would come to fruition in 2022.

RELATED: GDPR Fines Way Up, But Distribution is Uneven; Data Regulators Target Big Tech, EU Nations Differ in Approach

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

German DSK Expert Opinion on Current State of U.S. Surveillance Law and Authorities

This expert opinion was prepared under the auspices of the Berlin Commissioner for Data Protection and Freedom of Information on behalf of the Conference of Independent Data Protection Supervisors of the Federal Government and the Länder (Data Protection Conference).

EDPB adopts Guidelines on Right of Access and letter on cookie consent

During its January plenary session, the EDPB adopted Guidelines on the Right of Access. In addition, the EDPB adopted a letter in reply to letters calling for a consistent interpretation of cookie consent.

EDPS Opinion on the Proposal for Regulation on the transparency and targeting of political advertising

EDPS Opinion on the Proposal for Regulation on the transparency and targeting of political advertising

EDPS Opinion on the Proposal for Regulation on the transparency and targeting of political advertising

RESOURCES

Global Privacy Law and DPA Directory

Global Privacy Law and DPA Directory

Data protection laws exist across the globe. This tool has an interactive map identifying those countries with data protection laws.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.