Privacy Transformation - Issue 151
PRIVACY
EU court rules in favour of Graham Dwyer in privacy case, paving way for murder conviction appeal
The Court of Justice of the EU (CJEU) has ruled that EU law does not support holding data of electronic communications indiscriminately for the purpose of combating serious crime in a case taken by convicted murderer Graham Dwyer.
RELATED: Top EU court says phone data cannot be held 'indiscriminately'
EU-US data transfer deal faces same privacy issues that floored previous accords
A major US-EU announcement last Friday was drowned out by the noise of a thousand opinion pieces being hastily typed, after US president Joe Biden’s off the cuff comments on Saturday about Russian leader Vladimir Putin.
RELATED: EDPB adopts statement on the new Trans-Atlantic Data Privacy Framework
Brussels airports fined over temperature checks
The Belgian privacy authority has fined the Brussels airports in Zaventem and Charleroi for carrying out temperature checks on passengers. The airports began screening passengers' temperatures in 2020 in a bid to root out individuals with coronavirus.
SECURITY & TECH
One in five Irish businesses do not have a cyber security policy
One in five businesses in Ireland, the equivalent of 50,000 companies, do not have a cyber security policy in place, according to a new survey.
TikTok delays opening of first European data center again
TikTok has once again delayed the timeline for opening its first data center in the European Union, in Dublin, Ireland — saying the facility is now not expected to be fully operational until next year. The video-sharing social network has been trailing plans to store the data of EU, EEA and U.K. users in the region since 2020.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Globant admits to data breach after Lapsus$ releases source code
Globant has admitted to a data breach after notorious hacking group Lapsus$ allegedly leaked the firm's source code.
Data leak from Russian delivery app shows dining habits of the secret police
A data leak from Russian food delivery service Yandex Food has revealed the names, phone numbers, delivery addresses, and delivery instructions of individuals associated with the Russian secret police.
ENFORCEMENT
Bank of Ireland fined for data breaches
Bank of Ireland has been fined €463,000 by the Data Protection Commission for data breaches affecting more than 50,000 customers.
RELATED: DPC Decision - Bank of Ireland Group
Danske Bank fined $1.5M for data processing failures under GDPR
The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.
Another fine for over-retention of data
A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data
Swedish SA issues fine against Bank after investigation
Klarna Bank did not provide information on the purpose and the legal basis for which personal data was processed in one of the company's services. The company also provided incomplete and misleading information about who were the recipients of different categories of personal data when data was shared with Swedish and foreign credit information companies. The bank was issued with a EUR 728K fine.
More on the latest GDPR enforcement news can be found on:
RESOURCES
NIST Seeks Comments on Draft AI Risk Management Framework, Offers Guidance on AI Bias
Seeking to promote the development and use of artificial intelligence (AI) technologies and systems that are trustworthy and responsible, NIST has released for public comment an initial draft of the AI Risk Management Framework (AI RMF).
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.