Privacy Transformation - Issue 148

PRIVACY

Facebook fined €17m by Data Protection Commission

Facebook fined €17m by Data Protection Commission

The Irish Data Protection Commission is imposing a fine of €17m on Facebook parent company Meta. The decision followed an inquiry by the commission into a series of 12 data breach notifications it received in the six-month period between 7 June 2018 and 4 December 2018.

Data Protection Commission sued over Google investigation

Data Protection Commission sued over Google investigation

The Irish Council for Civil Liberties is taking legal action against the Data Protection Commission accusing it of failing to properly investigate Google.

EDPS: It is time to target online advertising

EDPS: It is time to target online advertising

I can still remember how the internet was once presented to me. A space where everyone could express themselves freely, find and share information, a global force for democracy. But the dream of that great agora was never fully realised.

Disclosing information on behavioral profiles: the Polish cookie case

In October 2021, Poland’s data protection authority, the Urząd Ochrony Danych Osobowych, issued its first-ever view related to cookies in a decision (reference number ZSPR.440.331.2019. PR PAM) following a complaint from a data subject. Before this, neither rulings nor guidelines were published on the matter. Thus, every decision concerning this issue is eagerly anticipated in Poland.

SECURITY & TECH

Rehab Group victim of cyber attack 'on some of its systems'

Rehab Group victim of cyber attack 'on some of its systems'

The charity, which provides services and supports for people with disabilities, said it has informed the Data Protection Commissioner of the attack.

Exclusive: Ukraine has started using Clearview AI’s facial recognition during war

Exclusive: Ukraine has started using Clearview AI’s facial recognition during war

Ukraine's defense ministry on Saturday began using Clearview AI’s facial recognition technology, the company's chief executive told Reuters, after the U.S. startup offered to uncover Russian assailants, combat misinformation and identify the dead.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

SEC wants public companies to report breaches within four days

SEC wants public companies to report breaches within four days

The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident.

ENFORCEMENT

Data Protection Commission announces decision in Meta inquiry

Data Protection Commission announces decision in Meta inquiry

The DPC has adopted a decision, imposing a fine of €17m on Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (“Meta Platforms”).

ICO takes action against companies over predatory marketing calls targeting elderly, vulnerable people

ICO takes action against companies over predatory marketing calls targeting elderly, vulnerable people

The Information Commissioner’s Office (ICO) announced fines totalling £405,000 to five companies responsible for over 750,000 unwanted marketing calls targeted at older, vulnerable people.

Finnish SA: Administrative fine imposed on medical clinic for shortcomings in implementing rights of a data subject

Finnish SA: Administrative fine imposed on medical clinic for shortcomings in implementing rights of a data subject

The customer of the medical clinic who complained to the Office of the Data Protection Ombudsman stated that they had not received their patient records from the clinic.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB & EDPS adopt joint opinion on the extension of the EU Digital COVID Certificate Regulation

EDPB & EDPS adopt joint opinion on the extension of the EU Digital COVID Certificate Regulation

The EDPB and EDPS have adopted a joint opinion on the European Commission’s proposals to extend the current Regulations on the EU Digital COVID Certificate (EUDCC) .

EDPB adopts Guidelines on Art. 60 GDPR, Guidelines on dark patterns in social media platform interfaces, toolbox on essential data protection safeguards for enforcement cooperation between EEA and third country SAs

EDPB adopts Guidelines on Art. 60 GDPR, Guidelines on dark patterns in social media platform interfaces, toolbox on essential data protection safeguards for enforcement cooperation between EEA and third country SAs

The EDPB adopted Guidelines on Art. 60 GDPR. The drafting of such guidance is part of the EDPB Strategy and Work Programme 2021-2022 to support effective enforcement and efficient cooperation between national supervisory authorities (SAs).

RESOURCES

CNIL Publishes Guidance for DPO Function and Supports

CNIL Publishes Guidance for DPO Function and Supports

France's Data Protection Authority (CNIL) has published a guide with the objective to support organisations both in setting up the function of Data Protection Officer (DPO) and supporting DPOs in the exercise of their work.

DPC publishes statistical report on handling of cross-border complaints under GDPR's One-Stop-Shop

DPC publishes statistical report on handling of cross-border complaints under GDPR's One-Stop-Shop

The Data Protection Commission (DPC) has published a statistical report on the DPC’s handling of cross-border complaints under the GDPR’s One-Stop-Shop (OSS) mechanism.

Data Protection Commission publish independent audit report into resource allocation

Data Protection Commission publish independent audit report into resource allocation

The Data Protection Commission (DPC) has published the final report of the independent KOSI audit of resource allocation at the DPC.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.