Privacy Transformation - Issue 155
PRIVACY
Alleged Excessive Data Gathering by Department of Social Protection Being Examined
A database that stored information on when and where free travel passes were used was in place at the Department of Social Protection up to 2020 — when it was then deleted in its entirety.
An Post accused of selling economic and marital information of householders to private entities
Subsidiary selling data revealing details on socioeconomic status of the residents of an address, with typical records being 'affluent city singles', 'struggling older families', and 'deprived urban families'
RELATED: An Post declines to reveal nature or source of personal information sales
Austrian DPA rejects “risk based approach” for data transfers to third countries
While some DPAs thoroughly investigated noyb's 101 cases on EU-US Data Transfers, others just started dismissing cases for questionalbe reason. Is the coordinated effort promoted by the EDPB failing?
Commission wants GDPR+ protection to facilitate health data revolution
Data protection, citizen rights, and digitalisation are at the forefront of the revolutionary European Health Data Space (EHDS) presented by the EU executive on Tuesday (3 May), according to involved stakeholders. The proposal intends to address the limited use of digital health data in the EU because of different standards among member states and the limited interoperability.
French EU presidency wants ‘proportionate’ fines, extended deadlines in AI Act
The French presidency of the EU Council has made a series of proposals regarding the enforcement of the EU's Artificial Intelligence Act.
State’s data watchdog criticised with ‘Big Brother’ award
German privacy groups claim Irish regulator behind ‘sabotage’ of EU data privacy laws
Opinion: I built a life on oversharing – until I saw its costs, and learned the quiet thrill of privacy
From social media to journalism, I shared in order to be heard. Now, I am beginning to listen to myself.
SECURITY & TECH
Google now lets you request the removal of personal contact information from search results
Google announced this week that it’s expanding the types of personal information that users can request to be removed from search results. Under the new policy expansion, people can request the removal of personal contact information, such as a phone number, email address or physical address.
FTC Enforcement Highlights the Importance of Preserving Privacy in AI Development
The success of artificial intelligence algorithms depend on trust, yet many AI technologies function opaquely. AI trust is built with transparency, reliability, explainability. An AI application must be trained on data of sufficient variety, volume and verifiability.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Political data breach in Malta: C-Planet refuses right to access and information
IT-company C-planet leaked personal data of almost the whole Maltese voting population. A new complaint by noyb aims to reveal the source of the data that C-Planet has, as of now, kept silent about.
ENFORCEMENT
Health data breach: Dedalus Biologie fined 1.5 million euros
On February 23, 2021, a massive data breach regarding nearly 500,000 people was revealed. Dedalus Biologie processed data beyond the instructions given by the data controllers and had failed to comply with Article 29 GDPR. Second, the company had not ensured security of personal data within the meaning of Article 32 GDPR.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them
The European Data Protection Board welcomes comments on the "Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them".
EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) | European Data Protection Board
The European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) published their Joint Opinion on the proposed Data Act.
RELATED: The EU’s Data Act: data protection must prevail to empower data subjects
RESOURCES
Paper: Dark Patterns in Personal Data Collection: Definition, Taxonomy and Lawfulness
Dark patterns (DP) consist of user interface design choices that manipulate the data subject’s decision-making process in a way detrimental to his or her privacy and beneficial to the service provider. An important part of the study of DP is understanding the cognitive biases they exploit.
UK NCSC Report: Threat Report on App Stores
This report outlines the risks associated with the use of official and third party app stores.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.