Privacy Transformation - Issue 141
PRIVACY
Understanding why the first pieces fell in the transatlantic transfers domino
The Austrian DPA and the EDPS decided EU websites placing US cookies breach data transfers rules.
Report into 'unlawful' CCTV cameras in Limerick raised with Minister for Justice
Minister of State Patrick O’Donovan has raised Limerick City and County Council being fined €110,000 over its use of CCTV cameras with the Department of Justice.
RELATED:
Limerick's illegal use of CCTV is 'shocking' according to DPC
Call for increased CCTV in Kerry in a bid to curb crime
DPC Decision: Inquiry into Limerick City and County Council
UK launches international data transfer council
Businesses, academics and trade bodies convene to help the country seize data sharing opportunities.
European Commission: Joint Statement by Vice-President Jourová and Commissioner Reynders ahead of Data Protection Day
Ahead of Data Protection Day, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued the following statement.
European Commission puts forward declaration on digital rights and principles for everyone in the EU
The Commission is proposing to the European Parliament and Council to sign up to a declaration of rights and principles that will guide the digital transformation in the EU.
SECURITY & TECH
End-to-end encryption protects children, says UK information watchdog
The UK data watchdog has intervened in the debate over end-to-end encryption, warning that delaying its introduction puts “everyone at risk” including children.
Encryption: UK data watchdog criticises government campaign
Google abandons FLoC, introduces Topics API to replace tracking cookies
Google is replacing FLoC with a new concept designed to replace third-party cookies called the Topics API. Topics will assign users five categories per week based on web activity and will erase these topics after three weeks.
Ransomware gangs increase efforts to enlist insiders for attacks
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.
CISA urges US orgs to prepare for data-wiping cyberattacks
The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.
FBI warns of malicious QR codes used to steal your money
The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.
Federal investigators say they used encrypted Signal messages to charge Oath Keepers leader
It's unclear how investigators gained access to the messages, but encryption has been a point of tension between law enforcement and tech for years.
Using the NIST Cybersecurity Framework to address organizational risk
NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.
UK Government Announces New Cyber Strategy to Protect Public Sector
The initiative is designed to prevent essential public sector services from being shut down by hostile threat actors
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
'We're losing control of our data' as breaches reach an all-time high
The number of data breaches hit a record high last year, and experts are concerned explicitly with the increasing number of cyberattacks.
INM19: Mailboxes of four people rebuilt in data breach
The secret data breach in 2014 at newspaper publisher Independent News & Media (now Mediahuis Ireland) that targeted the communications of the so-called INM19 – 19 people said to be relevant to the business interests of Denis O’Brien – homed in on just four former INM employees who had their entire email accounts reconstructed, the company has disclosed.
ENFORCEMENT
More than €1bn in fines issued to tech giants by EU data regulators last year
Irish DPC Deputy Commissioner said a record fine against WhatsApp in 2021 was just the beginning and that many other investigations would come to fruition in 2022.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
German DSK Expert Opinion on Current State of U.S. Surveillance Law and Authorities
This expert opinion was prepared under the auspices of the Berlin Commissioner for Data Protection and Freedom of Information on behalf of the Conference of Independent Data Protection Supervisors of the Federal Government and the Länder (Data Protection Conference).
EDPB adopts Guidelines on Right of Access and letter on cookie consent
During its January plenary session, the EDPB adopted Guidelines on the Right of Access. In addition, the EDPB adopted a letter in reply to letters calling for a consistent interpretation of cookie consent.
EDPS Opinion on the Proposal for Regulation on the transparency and targeting of political advertising
EDPS Opinion on the Proposal for Regulation on the transparency and targeting of political advertising
RESOURCES
Global Privacy Law and DPA Directory
Data protection laws exist across the globe. This tool has an interactive map identifying those countries with data protection laws.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.