Privacy Transformation - Issue 150
PRIVACY
EU and US agree outline of new data transfer pact
The European Union and the US announced a preliminary data transfer deal on Friday, seeking to end the limbo in which thousands of companies found themselves after Europe’s top court threw out two previous such pacts due to concerns about US surveillance.
RELATED:
Reading the Signs: the Political Agreement on the New Transatlantic Data Privacy Framework
"Privacy Shield 2.0"? - First Reaction by Max Schrems
US - Bill To Create New Transparency of Court-Ordered Surveillance
Mother & Baby Homes: GPs no longer have to sign off on requests by survivors to get health records
New regulations have come into force after months of uncertainty and threats of legal action.
UK data chief rejects claims country is ditching privacy rights as ‘bullshit’
The head of the U.K.’s data protection agency, John Edwards, said leaving the EU gave Britain a “competitive advantage” in tackling privacy abuses. Following Brexit, the U.K. government has embarked on reforming its data protection rulebook, which has privacy activists worried the country is jettisoning privacy rights in a quest to boost business.
Governmentt announces new law for 'mass harm' of consumers
The Government has announced plans for a new law that will make it easier for consumers to group together and seek redress if they have been affected by a breach of their rights, either in Ireland or in another EU country.
County council will be permitted to use CCTV to catch illegal dumping
Legislation proposed by Gorey Senator Malcolm Byrne that will allow CCTV and other technologies to be used by Wexford County Council and other local authorities to catch illegal dumpers, will be enacted by government before the summer as part of a forthcoming bill.
RELATED: CCTV cameras are to be erected in Mountmellick
SECURITY & TECH
Rehab Group victim of 'plain vanilla ransomware criminal attack'
The Rehab Group has said that data has been accessed externally from some of its IT systems following a recent cyber attack.
When Nokia Pulled Out of Russia, a Vast Surveillance System Remained - The New York Times
The Finnish company played a key role in enabling Russia’s cyberspying, documents show, raising questions of corporate responsibility.
I Want You Back: Getting My Personal Data From Amazon Was Weeks of Confusion and Tedium
I asked Amazon to provide the data it had collected on me. The process was a labyrinthine endurance test.
Meta says its Anonymous Credentials Service (ACS) will help reduce data collection activities
Meta’s ACS is designed to enable it to authenticate users in a “de-identified manner,” permitting access to services without gathering any data that could be used to identify the subject’s identity.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Apple, Meta Gave User Data to Hackers With Forged Legal Requests
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter.
Shutterfly discloses data breach after Conti ransomware attack
Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack.
ENFORCEMENT
Meta pondering appeal over €17m fine for GDPR breaches
Meta says it has yet to decide whether to appeal the €17m fine imposed by Ireland’s Data Protection Commissioner for mishandling it s reporting of 12 breach notifications.
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
A teacher (employee) complained that the controller-owner of a foreign languages private school constantly monitored his/her online courses, taught via “Zoom” platform, despite his/her objections.
Dutch SA fines DPG Media Magazines for unnecessarily requesting copies of identity documents
The Dutch Supervisory Authority (SA) received various complaints regarding how Sanoma Media Netherlands B.V. (before Sanoma was taken over by DPG Media in April 2020) handled requests from people to view their data or have their data deleted. These complaints were submitted by people who, for example, had a magazine subscription or had received advertisements from Sanoma.
More on the latest GDPR enforcement news can be found on:
RESOURCES
Paper: Privacy and/or Trade
This Article uncovers the forgotten and fateful history of the international regulation of privacy and trade that led to our current crisis and evaluates possible solutions to the current conflict. It proposes a Global Agreement on Privacy enforced within the trade order, but with external data privacy experts developing the treaty’s substantive norms.
Paper: Privacy and security aspects of 5G technology
This study describes two main dimensions of 5G technology, i.e. privacy and security. This research paper focuses on the analysis of cybersecurity risks and threats, privacy challenges and 5G technology opportunities at EU level and worldwide, as well as the relationship between cybersecurity risks and privacy issues.
Report: ENISA - Deployment of the European Cybersecurity Month (ECSM) for 2021
The deployment report of the European Cybersecurity Month (ECSM) for 2021, summarises the activities introduced towards reducing cyber incidents. It evaluates the campaign of last year and provides insights for the future.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.