Privacy Transformation - Issue 153

PRIVACY

DMA: EU legislators resist pressure to change data provisions in the final text

DMA: EU legislators resist pressure to change data provisions in the final text

Despite insistence from stakeholders, the final text of the Digital Markets Act (DMA), containing significant changes to a key data-related measure, will not be revised.

EU to unveil landmark law to force Big Tech to police illegal content

EU to unveil landmark law to force Big Tech to police illegal content

The EU is poised to unveil a landmark law on Friday that will force Big Tech to police their platforms more aggressively over illegal content, marking the latest move by regulators to curb the power of large technology groups.

RELATED: DSA: EU institutions approach agreement on online advertising clampdown

Privacy fears over possible Garda use of Alexa to collect evidence

Privacy fears over possible Garda use of Alexa to collect evidence

The State’s human rights commissioner has expressed concern about the potential use by the Garda of voice-controlled technologies, such as Amazon’s Alexa, to gather criminal evidence.

RELATED:

Irish debate on biometric surveillance intensifies

Human rights experts concerned that Gardaí may use smart speakers to covertly record people

SECURITY & TECH

Intel calls its AI that detects student emotions a teaching tool. Others call it 'morally reprehensible.'

Intel calls its AI that detects student emotions a teaching tool. Others call it 'morally reprehensible.'

Virtual school software startup Classroom Technologies will test the controversial “emotion AI” technology.

Conti’s Ransomware Toll on the Healthcare Industry

Conti’s Ransomware Toll on the Healthcare Industry

Conti - one of the most ruthless and successful Russian ransomware groups, publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie.

No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’

No 10 suspected of being target of NSO spyware attack, Boris Johnson ‘told’

No 10 subjected to UAE-linked spyware attack, says report, but Israeli firm suggests allegations are false.

RELATED: Catalonia calls for EU ‘protection’ from Pegasus cyber snooping

Covid tracker apps being scaled down worldwide

Covid tracker apps being scaled down worldwide

Ireland joins numerous other countries globally that have switched off their Covid-19 tracker service in recent months.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Analysis: DPC Widens the Definition of “Personal Data Breach,” as Well as the Approach to Timely Notification

Analysis: DPC Widens the Definition of “Personal Data Breach,” as Well as the Approach to Timely Notification

On 14 March 2022 the Irish Data Protection Commission handed down a decision in respect of 22 personal data breach notifications made by the Bank of Ireland. Points of note in this decision relate to the scope of the definition of a personal data breach, as well as the approach to timely notification.

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

Email marketing service Mailchimp was hacked and users' accounts were accessed to conduct phishing attacks.

Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers

Okta said it concluded its investigation into the breach of a third-party vendor by the LAPSUS$ extortionist gang in late January 2022.

ENFORCEMENT

Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence

Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence

The Hungarian Data Protection Authorityhas recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 . The case involved the personal data processing of a bank which automatically analysed the recorded audio of customer service calls.

Consent: the turn of Google's "reCAPTCHA" to be pinned by the CNIL

The reCAPTCHA, Google’s anti-robot system found on many sites, suffers from a breach of the collection of user consent, according to the CNIL.

Danske Bank Fined for GDPR Violations, Customer Data Held for Longer Than Legally Allowed

Danske Bank Fined for GDPR Violations, Customer Data Held for Longer Than Legally Allowed

A statement from Danske Bank indicates that the GDPR violations are tied to an inability to build data deletion functionality into its complex interlocked IT systems despite beginning efforts in 2016.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

EDPS Annual Report 2021: an efficient administration respects the rule of law

EDPS Annual Report 2021: an efficient administration respects the rule of law

The EDPS has published its Annual Report 2021. The report highlights the EDPS’ achievements regarding European Union institutions’ (EU institutions) compliance with the data protection framework. The Report also underscores the EDPS’ increasing role in advocating for the respect of privacy and data protection in EU legislation.

[Read Report]

Podcast: Why data protection and privacy are not the same, and why that matters

Podcast: Why data protection and privacy are not the same, and why that matters

This week on Lock and Code, we speak with Gabriela Zanfir-Fortuna about the differences between data protection and privacy.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.