Privacy Transformation - Issue 142
PRIVACY
Explained: The Austrian data regulator’s issue with Google Analytics
In the latest in a long line of challenges to the transfer of personal data from Europe to the US, the Austrian data protection authority, DSB, has found that the use by an Austrian website of Google Analytics did not comply with EU data protection law.
Suicide hotline shares data with for-profit spinoff, raising ethical questions
The Crisis Text Line’s AI-driven chat service has gathered troves of data from its conversations with people suffering life’s toughest situations.
DPC: Regulators welcome National Digital Strategy
The Broadcasting Authority of Ireland, Competition and Consumer Protection Commission , Commission for Communications Regulation and the Data Protection Commission have welcomed the publication of the National Digital Strategy.
[Read the Strategy: Harnessing Digital-The Digital Ireland Framework]
SECURITY & TECH
Google is changing how it tracks us online – but who benefits?
Cookies are one of the many questionable pacts we have made online, where privacy is exchanged for convenience without being entirely sure about the consequences. As with so many arrangements involving our data, this deal is being rewritten under the gaze of regulators.
Director of National Cyber Security Centre appointed
The position of director of the National Cyber Security Centre (NCSC), which had been vacant for a protracted period, has been filled.
Cyber-attack on International Committee of the Red Cros: What we know
The ICRC determined on 18 January that servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement were compromised in a sophisticated cyber security attack.
UK NCSC: Weekly Threat Report
Read about the Mirai-based malware exploiting poor security, CISA updates and New Scanning Made Easy trial service from the NCSC.
DATA BREACH
Data breach probe launched into 'family photos' appearing across Council devices
Dublin City Council have launched an investigation into a potential GDPR breach after "family photos" and other materials appeared on devices issued by the local authority.
ENFORCEMENT
GDPR enforcer rules that IAB Europe’s consent popups are unlawful
EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.
French Court Upholds Google Privacy Fine; Video Game Sector Expected to Soar
A French court upholds a €100m fine against Google; the video game sector is estimated to reach a new high this year; and Brimore raise USD$25m.
German Court Rules Websites Embedding Google Fonts Violates GDPR
A German court has ruled that websites that embed fonts from Google servers violate GDPR, and must pay €100 in damages.
UK: Welsh company fined for making nuisance marketing calls
The Information Commissioner’s Office has fined a home improvement firm £200,000 for making more than half a million unsolicited marketing calls.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB adopts first opinion on certification criteria
The EDPB adopted its opinion on the GDPR-CARPA certification scheme submitted to the Board by the Luxembourg Supervisory Authority (SA). This is the first time that the EDPB adopts a consistency opinion on criteria for a nationwide certification scheme. The GDPR-CARPA certification scheme is a general scheme, which does not focus on a specific sector or type of processing. It includes requirements on data protection governance in the organisation surrounding the processing activities.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.