Privacy Transformation - Issue 158
PRIVACY
Graham Dwyer case: Supreme Court will dismiss State appeal against data ruling
The Supreme Court is to make orders upholding Graham Dwyer’s successful High Court challenge to Ireland’s data retention laws and dismissing an appeal by the State.
Data protection breach decision upheld in hospice worker's unauthorised breaks case
The disciplinary action arose as a result of an inquiry into graffiti which had been carved into a table saying: "Kill all whites, ISIS is my life"
RELATED: Court Decision
Washington sues Mark Zuckerberg over Cambridge Analytica privacy breach
The District of Columbia in the US has sued Meta chief Mark Zuckerberg, seeking to hold him personally liable for the Cambridge Analytica scandal, a privacy breach of millions of Facebook users’ personal data that became a major corporate and political scandal.
Deputy Data Protection Commissioner joins law firm Bird & Bird as partner in Dublin
International law firm Bird & Bird has appointed Anna Morgan, the former head of legal affairs at the Data Commission, as one of two partners at its new Dublin office alongside Deirdre Kilroy who joins from Matheson.
Noyb: Open Letter on the Future of EU-US Data Transfers
As more and more details emerge, Max Schrems wrote an Open Letter on the announcement of a new EU-US data transfer framework.
Council claims ‘inconsistency’ in State advice on recordings
Meath County Council ‘trying to rationalise’ instruction by Information Commissioner.
SECURITY & TECH
A year on: Inside the Defence Forces response against the HSE ransomware hack
We speak to an officer in the Irish Defence Forces’ Communications Information Services Corps about the HSE attack and future threats.
Doubts expressed on garda use of facial recognition tech
The Minister for Justice has denied that enabling garda use of facial recognition technology (FRT) in criminal investigations will bring about mass surveillance. GDPR safeguards will protect individual privacy, she told gardaí at their annual conference in Westport, Co Mayo this morning.
Facebook parent Meta updates privacy policy
Meta, the parent company of Facebook, has announced updates to its privacy policy. The social media giant says it is rewriting and redesigning the policy to make it easier to understand and to be clearer about how it uses people's information.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
ENFORCEMENT
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted
The ICO has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition. The ICO has also issued an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.
DPC Decision: Pre-Hospital Emergency Care Council May 2022
The DPC commenced an own-volition Inquiry as a result of a monitoring and enforcement exercise carried out pursuant to the tasks of a supervisory authority contained in Article 57 of the GDPR. The Pre-Hospital Emergency Care Council (PHECC) was one of many public sector organisations contacted during the monitoring and enforcement exercise. This Inquiry was commenced to establish whether the PHECC was required to designate a DPO pursuant to Article 37(1) of the GDPR.
Data protection issues arising in connection with the use of Artificial Intelligence
The Hungarian SA became aware of the fact that a data controller was performing automated analysis on the customer service phone calls. Due to the fact that this data processing was not clearly specified in the information provided to data subjects, the Hungarian SA started an ex officio investigation to review the general data processing practice of data controller regarding the automated analysis.
A look behind the EDPB's move to enhance enforcement cooperation
A look behind the European Data Protection Board's move to enhance enforcement cooperation after four years of the EU GDPR.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
DPC: Guidance on the Use of Drones
These guidelines have been developed for drone operators for purposes other than public law-related purposes and also to answer queries from the perspective of data subjects. Other drones aviation particulars such as security, safety and certification requirements remain outside the scope of these guidelines.
EDPS: Opinion on the Proposal for a Regulation regarding the collection, preservation and analysis of evidence relating to genocide, crimes against humanity and war crimes at Eurojust
Opinion on the Proposal for a Regulation, as regards the collection, preservation and analysis of evidence relating to genocide, crimes against humanity and war crimes at Eurojust.
Commission Q&A: Standard Contractual Clauses (SCCs)
The Commission developed Questions and Answers (Q&As) to provide practical guidance on the use of the SCCs and assist stakeholders in their compliance efforts under the General Data Protection Regulation (GDPR).
RESOURCES
EDPB letters to the European institutions on the protection of personal data in the AML-CFT legislative proposals
EDPB letters to the European institutions on the protection of personal data in the AML-CFT legislative proposals.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.