Privacy Transformation - Issue 161
PRIVACY
What’s wrong with the GDPR?
European Data Protection Supervisor Wojciech Wiewiórowski wants Brussels to break the silence on flawed enforcement of the bloc’s flagship privacy rulebook.
Max Schrems on the EU-US Data Transfer Saga, ‘Hate Mail’, and His Next Court Case
In a presentation and interview at PrivSec World Forum in London, Schrems discussed the origins of the “data transfer saga”, his plans to challenge the Trans Atlantic Data Privacy Framework as soon as it takes effect, and the “hate mail” he’d received following recent enforcement action involving Google.
Data Protection Authority Launches GDPR Certification
Long criticised for not adopting any financial sanctions, the National Commission for Data Protection (CNPD) is taking a step forward. In a press release, the data protection watchdog announced that it has introduced a certification system--a first in Europe for a regulator--which will enable all operators, associations, institutions and companies to prove that they comply with GDPR and that they have put in place all the necessary measures.
ICO Funding Update: Fine Income Retention Agreement
To make sure we are able to continue to take action when needed, the Department for Digital, Culture, Media & Sport (DCMS), our sponsor department, and the Treasury (HMT) have agreed that we are now able to retain some of the funds paid as a result of our civil monetary penalties.
Analysis: Data Scraping vs GDPR
Data scraping: Wait, what? Data scraping: it envolves downloading data (personal or not) in bulk from the internet with dedicated tools, or by tuning the use of your everyday browser. Rating: easy, useful, many do it, relatively simple.
SECURITY & TECH
Russia Is Taking Over Ukraine’s Internet
In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.
Ransomware Group Debuts Searchable Victim Data
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form.
Microsoft: Exchange servers hacked to deploy BlackCat ransomware
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.
Google engineer put on leave after saying AI chatbot has become sentient
Blake Lemoine says system has perception of, and ability to express thoughts and feelings equivalent to a human child
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
ENFORCEMENT
Whistle-blowing without privacy: the Italian SA fines hospital and IT service provider
The case originated from a set of inspections on the processing of data acquired via whistle-blowing management systems, with particular regard to those most used by Italian employers.
Data breach: the Italian SA fines INAIL EUR 50,000
The “Virtual Desk” managed by INAIL enabled a few users to access other workers’ files relating to occupational accidents and diseases. In one case the incident occurred following execution of an obsolete release of the “Virtual Desk” on account of a human error. The investigations found that INAIL was liable for unauthorised accesses to third parties’ (i.e., other users’) personal data including health data.
More on the latest GDPR enforcement news can be found on:
RESOURCES
FPF New Resource Takes the Guesswork out of Buying Privacy Tech
A new FPF resource helps buyers determine which privacy tools are the most appropriate for their business needs. The Privacy Tech Buyer Framework is a step-by-step tool that provides guidance on buying the best privacy technology through three phases that include simplified steps and case studies.
ECHR - Updated Case Law Factsheet
The European Court of Human Rights has published an updated version of its Data Protection Case-Law Factsheet.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.