Privacy Transformation - Issue 151

PRIVACY

EU court rules in favour of Graham Dwyer in privacy case, paving way for murder conviction appeal

EU court rules in favour of Graham Dwyer in privacy case, paving way for murder conviction appeal

The Court of Justice of the EU (CJEU) has ruled that EU law does not support holding data of electronic communications indiscriminately for the purpose of combating serious crime in a case taken by convicted murderer Graham Dwyer.

RELATED: Top EU court says phone data cannot be held 'indiscriminately'

EU-US data transfer deal faces same privacy issues that floored previous accords

EU-US data transfer deal faces same privacy issues that floored previous accords

A major US-EU announcement last Friday was drowned out by the noise of a thousand opinion pieces being hastily typed, after US president Joe Biden’s off the cuff comments on Saturday about Russian leader Vladimir Putin.

RELATED: EDPB adopts statement on the new Trans-Atlantic Data Privacy Framework

Brussels airports fined over temperature checks

Brussels airports fined over temperature checks

The Belgian privacy authority has fined the Brussels airports in Zaventem and Charleroi for carrying out temperature checks on passengers. The airports began screening passengers' temperatures in 2020 in a bid to root out individuals with coronavirus.

SECURITY & TECH

One in five Irish businesses do not have a cyber security policy

One in five Irish businesses do not have a cyber security policy

One in five businesses in Ireland, the equivalent of 50,000 companies, do not have a cyber security policy in place, according to a new survey.

TikTok delays opening of first European data center again

TikTok delays opening of first European data center again

TikTok has once again delayed the timeline for opening its first data center in the European Union, in Dublin, Ireland — saying the facility is now not expected to be fully operational until next year. The video-sharing social network has been trailing plans to store the data of EU, EEA and U.K. users in the region since 2020.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Globant admits to data breach after Lapsus$ releases source code

Globant admits to data breach after Lapsus$ releases source code

Globant has admitted to a data breach after notorious hacking group Lapsus$ allegedly leaked the firm's source code.

Data leak from Russian delivery app shows dining habits of the secret police

Data leak from Russian delivery app shows dining habits of the secret police

A data leak from Russian food delivery service Yandex Food has revealed the names, phone numbers, delivery addresses, and delivery instructions of individuals associated with the Russian secret police.

ENFORCEMENT

Bank of Ireland fined for data breaches

Bank of Ireland fined for data breaches

Bank of Ireland has been fined €463,000 by the Data Protection Commission for data breaches affecting more than 50,000 customers.

RELATED: DPC Decision - Bank of Ireland Group

Danske Bank fined $1.5M for data processing failures under GDPR

Danske Bank fined $1.5M for data processing failures under GDPR

The Danish Data Protection Agency has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) over its failure to erase customers’ personal data in its systems in violation of the General Data Protection Regulation.

Another fine for over-retention of data

Another fine for over-retention of data

A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data

Swedish SA issues fine against Bank after investigation

Swedish SA issues fine against Bank after investigation

Klarna Bank did not provide information on the purpose and the legal basis for which personal data was processed in one of the company's services. The company also provided incomplete and misleading information about who were the recipients of different categories of personal data when data was shared with Swedish and foreign credit information companies. The bank was issued with a EUR 728K fine.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

NIST Seeks Comments on Draft AI Risk Management Framework, Offers Guidance on AI Bias

NIST Seeks Comments on Draft AI Risk Management Framework, Offers Guidance on AI Bias

Seeking to promote the development and use of artificial intelligence (AI) technologies and systems that are trustworthy and responsible, NIST has released for public comment an initial draft of the AI Risk Management Framework (AI RMF).

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.