Privacy Transformation - Issue 149
PRIVACY
US eyes breakthrough on data dispute with EU as Biden visits Brussels
Political pressure from senior political leaders on both sides of the Atlantic, including European Commission President Ursula von der Leyen, is mounting to approve a new Privacy Shield pact as early as this week with technical details to be smoothed out over the coming weeks, according to three people briefed on the ongoing discussions. They spoke on the condition of anonymity because they were not authorized to speak publicly.
‘Tech superpower’ Ireland should take on social media giants, Frances Haugen says
Facebook whistleblower urges Data Protection Commission to be braver in taking on firms
Laois councillors told CCTV must be a last resource not a first resource
“CCTV must be a last resource not a first resource. Because you’re going onto a situation of intruding into people’s privacy. We live in a democracy and people have the right to go about their business without being spied upon by cameras.” - DPC at the recent Laois Joint Policing Committee.
Opinion: Data portability in the EU — An obscure data subject right
The EU General Data Protection Regulation aims to empower individuals and give them "control" over their personal data. To do this, data subjects have been granted various rights, including the right to data portability, which did not exist under the Data Protection Directive. Contrary to the well-known access right, data portability allows data subjects to obtain and reuse their personal data, at least in theory.
E.U. Takes Aim at Big Tech’s Power With Landmark Digital Act
The Digital Markets Act is the most sweeping legislation to regulate tech since a European privacy law was passed in 2018.
SECURITY & TECH
Irish charity Rehab Group targeted by cyberattack
Rehab Group said it deployed its full resources to bring affected systems back online and the attack appeared to be ‘contained’.
Google to make app changes after Irish study reveals 'concerning' amount of personal data collated
Company’s messages and Dialer apps, used by millions of Android phone users globally, currently send huge amounts of data to Google every time a text is sent or a phone call is made, Trinity College study found.
Authentication Giant Okta Breached Through Customer Support
The compromise shows an often vulnerable side of companies, even cybersecurity firms.
RELATED: Okta’s Investigation of the January 2022 Compromise
Microsoft Investigating Claim of Breach by Extortion Gang
The LAPSUS$ group has previously compromised Nvidia and Samsung. Over the weekend the group published a screenshot that appeared to show access to internal Microsoft systems.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
ENFORCEMENT
Irish SA fines Meta Platforms €17M for data breaches
The DPC found that Meta Platforms (formerly Facebook) infringed Articles 5(2) and 24(1) GDPR. While the DPC found that the information and supporting documentary evidence provided by Meta Platforms during the course of the inquiry could be considered analogous to industry best practice and the state of the art, Meta Platforms failed to have in place appropriate technical and organisational measures such as would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.
More on the latest GDPR enforcement news can be found on:
RESOURCES
ENISA Report: Taking Care of Health Data
A new report of the European Union Agency for Cybersecurity (ENISA) explores how pseudonymisation techniques can help increase the protection of health data.
ENISA Report: Data Protection Engineering
Data Protection Engineering can be perceived as part of data protection by Design and by Default. It aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data protection principles. This ENISA report took a broader look into data protection engineering with a view to support practitioners and organizations with practical implementation of technical aspects of data protection by design and by default.
ENISA: Risk Management Standards
The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.
UK NCSC: Vendor Security Assessments
This document provides guidance on how operators should assess the security of vendor’s security processes and vendor equipment and is referenced in the Telecom Security Act Code of Practice.
2022 SonicWall Cyber Threat Report
The SonicWall 2022 Cyber Threat Report provides the latest cybersecurity data and statistics, giving organizations the insights they need to defend against evolving cyberattacks.Get the free report now.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.