Privacy Transformation - Issue 148
PRIVACY
Facebook fined €17m by Data Protection Commission
The Irish Data Protection Commission is imposing a fine of €17m on Facebook parent company Meta. The decision followed an inquiry by the commission into a series of 12 data breach notifications it received in the six-month period between 7 June 2018 and 4 December 2018.
Data Protection Commission sued over Google investigation
The Irish Council for Civil Liberties is taking legal action against the Data Protection Commission accusing it of failing to properly investigate Google.
EDPS: It is time to target online advertising
I can still remember how the internet was once presented to me. A space where everyone could express themselves freely, find and share information, a global force for democracy. But the dream of that great agora was never fully realised.
Disclosing information on behavioral profiles: the Polish cookie case
In October 2021, Poland’s data protection authority, the Urząd Ochrony Danych Osobowych, issued its first-ever view related to cookies in a decision (reference number ZSPR.440.331.2019. PR PAM) following a complaint from a data subject. Before this, neither rulings nor guidelines were published on the matter. Thus, every decision concerning this issue is eagerly anticipated in Poland.
SECURITY & TECH
Rehab Group victim of cyber attack 'on some of its systems'
The charity, which provides services and supports for people with disabilities, said it has informed the Data Protection Commissioner of the attack.
Exclusive: Ukraine has started using Clearview AI’s facial recognition during war
Ukraine's defense ministry on Saturday began using Clearview AI’s facial recognition technology, the company's chief executive told Reuters, after the U.S. startup offered to uncover Russian assailants, combat misinformation and identify the dead.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
SEC wants public companies to report breaches within four days
The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident.
ENFORCEMENT
Data Protection Commission announces decision in Meta inquiry
The DPC has adopted a decision, imposing a fine of €17m on Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (“Meta Platforms”).
ICO takes action against companies over predatory marketing calls targeting elderly, vulnerable people
The Information Commissioner’s Office (ICO) announced fines totalling £405,000 to five companies responsible for over 750,000 unwanted marketing calls targeted at older, vulnerable people.
Finnish SA: Administrative fine imposed on medical clinic for shortcomings in implementing rights of a data subject
The customer of the medical clinic who complained to the Office of the Data Protection Ombudsman stated that they had not received their patient records from the clinic.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB & EDPS adopt joint opinion on the extension of the EU Digital COVID Certificate Regulation
The EDPB and EDPS have adopted a joint opinion on the European Commission’s proposals to extend the current Regulations on the EU Digital COVID Certificate (EUDCC) .
EDPB adopts Guidelines on Art. 60 GDPR, Guidelines on dark patterns in social media platform interfaces, toolbox on essential data protection safeguards for enforcement cooperation between EEA and third country SAs
The EDPB adopted Guidelines on Art. 60 GDPR. The drafting of such guidance is part of the EDPB Strategy and Work Programme 2021-2022 to support effective enforcement and efficient cooperation between national supervisory authorities (SAs).
RESOURCES
CNIL Publishes Guidance for DPO Function and Supports
France's Data Protection Authority (CNIL) has published a guide with the objective to support organisations both in setting up the function of Data Protection Officer (DPO) and supporting DPOs in the exercise of their work.
DPC publishes statistical report on handling of cross-border complaints under GDPR's One-Stop-Shop
The Data Protection Commission (DPC) has published a statistical report on the DPC’s handling of cross-border complaints under the GDPR’s One-Stop-Shop (OSS) mechanism.
Data Protection Commission publish independent audit report into resource allocation
The Data Protection Commission (DPC) has published the final report of the independent KOSI audit of resource allocation at the DPC.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.