Privacy Transformation - Issue 15
PRIVACY
IAB Europe Is Updating Its EU Privacy Guidelines, But Skeptics Say It's Not Enough
The online advertising trade group IAB Europe is making changes to how it suggests publishers and ad-tech companies comply with Europe’s data privacy laws, but some say the updates might not properly protect user data—or protect companies from regulatory scrutiny.
Company Violates Privacy Shield, FTC Imposes No Penalty
The FTC entered into an enforcement agreement against background screening company SecurTest for falsely claiming to offer privacy protections to EU citizens.
Facebook learned about Cambridge Analytica as early as September 2015, new documents show
Newly released documents suggest that Facebook was aware that Cambridge Analytica may have been gathering user profile data three months before a newspaper revealed that the political research firm was using the information to profile and target voters in the 2016 U.S. election.
Tech firms must give up their awkward secret: Humans
Among the thousands upon thousands of words that make up the privacy policies of the tech giants, one you rarely find is “human”.
IN MEMORIAM: GIOVANNI BUTTARELLI, 1957–2019
Giovanni Buttarelli, who passed away earlier this week, was a colossus in our field. As European Data Protection Supervisor, he spearheaded data protection law and policy in Brussels institutions, including the European Commission, the Council of Ministers, the European Parliament and the Court of Justice of the European Union. But much more than that, he was a beloved and much-admired member of the privacy and data protection community, acquiring numerous devotees at all ranks of the profession all over the world.
Wojciech Wiewiórowski is now acting European Data Protection Supervisor
In accordance with article 100(4) of the Regulation (EU) 2018/1725, Wojciech Wiewiórowski, Assistant Supervisor, is acting as a replacement for European Data Protection Supervisor Giovanni Buttarelli until the end of the current Assistant Supervisor’s term of office on 5 December 2019.
EU-US launch talks on e-evidence access Related reading: Cross-Border Data Forum report focuses on proposed EU E-Evidence bill
EU member states have approved a mandate for the European Commission to launch international negotiations with the U.S. to speed and streamline cross-border access to electronic evidence in criminal investigations.
PSC training manuals for civil servants: Facial image matching, 'voice biometrics' and identity tokens
Facial recognition is highlighted a number of times across the circulars issued to civil servants on the PSC.
The DPO must be independent, but how? Related reading: Organization's interference with DPO could lead to GDPR fine
Due to the critical role that a DPO plays, the GDPR requires that the he or she is allowed to exercise their functions independently. So, what exactly is the role of a DPO, and why is it necessary that they be independent?
EU data caught in Facebook audio transcribing
The social networking giant initially said no local users were affected, but 48 EU citizens had their information collected without their knowledge.
Deconstructing Google’s excuses on tracking protection
Blocking cookies is bad for privacy. That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight.
DATA BREACHES
Dutch regulator sees potential privacy breach in Microsoft Windows
Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said on Tuesday.
ENFORCEMENT
Facial recognition in school renders Sweden’s first GDPR fine
The Swedish DPA has fined a municipality 200 000 SEK (approximately 20 000 euros) for using facial recognition technology to monitor the attendance of students in school.
Bulgarian DPA issued BGN 5.1M fine to revenue agency for GDPR violations Related reading
Bulgaria's data protection authority, the Commission for Personal Data Protection, issued a BGN 5.1 million fine to the country's National Revenue Agency for violations of the EU General Data Protection Regulation.
RESOURCES
Does Facebook Use Sensitive Data for Advertising Purposes?
This research paper quantifies the portion of Facebook users, across 197 countries, who are labeled with advertising interests linked to potentially sensitive personal data. The study reveals that Facebook labels 67% of users with potential sensitive interests. This corresponds to 22% of the population in the referred 197 countries.
Daily Dashboard | Bulgarian DPA issued BGN 5.1M fine to revenue agency for GDPR violations Related reading: Notes from the IAPP Europe Managing Director, 30 Aug. 2019
Bulgaria's data protection authority, the Commission for Personal Data Protection, issued a BGN 5.1 million fine to the country's National Revenue Agency for...