Privacy Transformation - Issue 149

PRIVACY

US eyes breakthrough on data dispute with EU as Biden visits Brussels

US eyes breakthrough on data dispute with EU as Biden visits Brussels

Political pressure from senior political leaders on both sides of the Atlantic, including European Commission President Ursula von der Leyen, is mounting to approve a new Privacy Shield pact as early as this week with technical details to be smoothed out over the coming weeks, according to three people briefed on the ongoing discussions. They spoke on the condition of anonymity because they were not authorized to speak publicly.

‘Tech superpower’ Ireland should take on social media giants, Frances Haugen says

‘Tech superpower’ Ireland should take on social media giants, Frances Haugen says

Facebook whistleblower urges Data Protection Commission to be braver in taking on firms

Laois councillors told CCTV must be a last resource not a first resource

Laois councillors told CCTV must be a last resource not a first resource

“CCTV must be a last resource not a first resource. Because you’re going onto a situation of intruding into people’s privacy. We live in a democracy and people have the right to go about their business without being spied upon by cameras.” - DPC at the recent Laois Joint Policing Committee.

Opinion: Data portability in the EU — An obscure data subject right

Opinion: Data portability in the EU — An obscure data subject right

The EU General Data Protection Regulation aims to empower individuals and give them "control" over their personal data. To do this, data subjects have been granted various rights, including the right to data portability, which did not exist under the Data Protection Directive. Contrary to the well-known access right, data portability allows data subjects to obtain and reuse their personal data, at least in theory.

E.U. Takes Aim at Big Tech’s Power With Landmark Digital Act

E.U. Takes Aim at Big Tech’s Power With Landmark Digital Act

The Digital Markets Act is the most sweeping legislation to regulate tech since a European privacy law was passed in 2018.

SECURITY & TECH

Irish charity Rehab Group targeted by cyberattack

Irish charity Rehab Group targeted by cyberattack

Rehab Group said it deployed its full resources to bring affected systems back online and the attack appeared to be ‘contained’.

Google to make app changes after Irish study reveals 'concerning' amount of personal data collated 

Google to make app changes after Irish study reveals 'concerning' amount of personal data collated

Company’s messages and Dialer apps, used by millions of Android phone users globally, currently send huge amounts of data to Google every time a text is sent or a phone call is made, Trinity College study found.

Authentication Giant Okta Breached Through Customer Support

Authentication Giant Okta Breached Through Customer Support

The compromise shows an often vulnerable side of companies, even cybersecurity firms.

RELATED: Okta’s Investigation of the January 2022 Compromise

Microsoft Investigating Claim of Breach by Extortion Gang

Microsoft Investigating Claim of Breach by Extortion Gang

The LAPSUS$ group has previously compromised Nvidia and Samsung. Over the weekend the group published a screenshot that appeared to show access to internal Microsoft systems.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

ENFORCEMENT

Irish SA fines Meta Platforms €17M for data breaches

Irish SA fines Meta Platforms €17M for data breaches

The DPC found that Meta Platforms (formerly Facebook) infringed Articles 5(2) and 24(1) GDPR. While the DPC found that the information and supporting documentary evidence provided by Meta Platforms during the course of the inquiry could be considered analogous to industry best practice and the state of the art, Meta Platforms failed to have in place appropriate technical and organisational measures such as would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

ENISA Report: Taking Care of Health Data

ENISA Report: Taking Care of Health Data

A new report of the European Union Agency for Cybersecurity (ENISA) explores how pseudonymisation techniques can help increase the protection of health data.

[Read Report]

ENISA Report: Data Protection Engineering

ENISA Report: Data Protection Engineering

Data Protection Engineering can be perceived as part of data protection by Design and by Default. It aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data protection principles. This ENISA report took a broader look into data protection engineering with a view to support practitioners and organizations with practical implementation of technical aspects of data protection by design and by default.

[Read Report]

ENISA: Risk Management Standards

ENISA: Risk Management Standards

The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.

UK NCSC: Vendor Security Assessments

UK NCSC: Vendor Security Assessments

This document provides guidance on how operators should assess the security of vendor’s security processes and vendor equipment and is referenced in the Telecom Security Act Code of Practice.

2022 SonicWall Cyber Threat Report

2022 SonicWall Cyber Threat Report

The SonicWall 2022 Cyber Threat Report provides the latest cybersecurity data and statistics, giving organizations the insights they need to defend against evolving cyberattacks.Get the free report now.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.