Privacy Transformation - Issue 153
PRIVACY
DMA: EU legislators resist pressure to change data provisions in the final text
Despite insistence from stakeholders, the final text of the Digital Markets Act (DMA), containing significant changes to a key data-related measure, will not be revised.
EU to unveil landmark law to force Big Tech to police illegal content
The EU is poised to unveil a landmark law on Friday that will force Big Tech to police their platforms more aggressively over illegal content, marking the latest move by regulators to curb the power of large technology groups.
RELATED: DSA: EU institutions approach agreement on online advertising clampdown
Privacy fears over possible Garda use of Alexa to collect evidence
The State’s human rights commissioner has expressed concern about the potential use by the Garda of voice-controlled technologies, such as Amazon’s Alexa, to gather criminal evidence.
RELATED:
Irish debate on biometric surveillance intensifies
Human rights experts concerned that Gardaí may use smart speakers to covertly record people
SECURITY & TECH
Intel calls its AI that detects student emotions a teaching tool. Others call it 'morally reprehensible.'
Virtual school software startup Classroom Technologies will test the controversial “emotion AI” technology.
Conti’s Ransomware Toll on the Healthcare Industry
Conti - one of the most ruthless and successful Russian ransomware groups, publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie.
No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’
No 10 subjected to UAE-linked spyware attack, says report, but Israeli firm suggests allegations are false.
RELATED: Catalonia calls for EU ‘protection’ from Pegasus cyber snooping
Covid tracker apps being scaled down worldwide
Ireland joins numerous other countries globally that have switched off their Covid-19 tracker service in recent months.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Analysis: DPC Widens the Definition of “Personal Data Breach,” as Well as the Approach to Timely Notification
On 14 March 2022 the Irish Data Protection Commission handed down a decision in respect of 22 personal data breach notifications made by the Bank of Ireland. Points of note in this decision relate to the scope of the definition of a personal data breach, as well as the approach to timely notification.
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp was hacked and users' accounts were accessed to conduct phishing attacks.
Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers
Okta said it concluded its investigation into the breach of a third-party vendor by the LAPSUS$ extortionist gang in late January 2022.
ENFORCEMENT
Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence
The Hungarian Data Protection Authorityhas recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 . The case involved the personal data processing of a bank which automatically analysed the recorded audio of customer service calls.
Consent: the turn of Google's "reCAPTCHA" to be pinned by the CNIL
The reCAPTCHA, Google’s anti-robot system found on many sites, suffers from a breach of the collection of user consent, according to the CNIL.
Danske Bank Fined for GDPR Violations, Customer Data Held for Longer Than Legally Allowed
A statement from Danske Bank indicates that the GDPR violations are tied to an inability to build data deletion functionality into its complex interlocked IT systems despite beginning efforts in 2016.
More on the latest GDPR enforcement news can be found on:
RESOURCES
EDPS Annual Report 2021: an efficient administration respects the rule of law
The EDPS has published its Annual Report 2021. The report highlights the EDPS’ achievements regarding European Union institutions’ (EU institutions) compliance with the data protection framework. The Report also underscores the EDPS’ increasing role in advocating for the respect of privacy and data protection in EU legislation.
Podcast: Why data protection and privacy are not the same, and why that matters
This week on Lock and Code, we speak with Gabriela Zanfir-Fortuna about the differences between data protection and privacy.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.