Privacy Transformation - Issue 162

PRIVACY

The UK is getting closer to its own GDPR, and it’s quite different

The UK is getting closer to its own GDPR, and it’s quite different

The UK government claims the Data Reform Bill will create more than £1bn in business savings over 10 years, but many are sceptical.

RELATED: Pop-ups are dead, long live pop-ups: or, the bait-and-switch hidden in today’s cookie announcement

Data: a new direction - government response to consultation

EU privacy chief bashes lack of GDPR enforcement against Big Tech

EU privacy chief bashes lack of GDPR enforcement against Big Tech

The European Data Protection Supervisor hinted at needing a more centralized enforcement model.

Analysis - Distilling the essence of the American Data Privacy and Protection Act

Analysis - Distilling the essence of the American Data Privacy and Protection Act

IAPP Senior Westin Research Fellow Müge Fazlioglu analyzes the major points in the bipartisan, draft American Data Privacy and Protection Act.

EU court limits air travel surveillance to the ‘strictly necessary’

EU court limits air travel surveillance to the ‘strictly necessary’

The European Court of Justice ruled on Tuesday (21 June) that the EU’s Passenger Name Record directive must be curtailed to be compatible with fundamental rights.

Canada introduces new federal privacy and AI legislation

Canada introduces new federal privacy and AI legislation

Canada took a step toward updating its privacy landscape, introducing the Digital Charter Implementation Act of 2022 on June 16.

SECURITY & TECH

After EU child safety complaints, TikTok tweaks ad disclosures but profiling concerns remain

After EU child safety complaints, TikTok tweaks ad disclosures but profiling concerns remain

A long-running EU engagement with TikTok — initiated following a series of complaints over child safety and consumer protection complaints filed back in February 2021 — has ended, for now, with the video sharing platform offering a series of commitments to improve user reporting and disclosure requirements around ads/sponsored content; and also to boost transparency around its digital coins and virtual gifts.

Can your medical records be used for marketing? Yes, if you agree to this

Can your medical records be used for marketing? Yes, if you agree to this

There’s a burgeoning business in harvesting our patient data to target us with ultra-personalized ads. Patients who think medical information should come from a doctor — rather than a pharmaceutical marketing department — might not like that.

A consent form from one vendor that facilitates medical appointment scheduling gives it permission to use your data for marketing.

Ransomware gang creates site for employees to search for their stolen data

Ransomware gang creates site for employees to search for their stolen data

The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack

Opinion - Big tech, Western intel and Ukrainian hackers beat Russia at cyberwar

Opinion - Big tech, Western intel and Ukrainian hackers beat Russia at cyberwar

Big Tech, Western intelligence and a homegrown army of Ukrainian hackers pull off one of the biggest surprises of the war.

Facebook Is Receiving Sensitive Medical Information from Hospital Websites

Facebook Is Receiving Sensitive Medical Information from Hospital Websites

Experts say some hospitals’ use of an ad tracking tool may violate a federal law protecting health information

Strava app flaw revealed runs of Israeli officials at secret bases

Strava app flaw revealed runs of Israeli officials at secret bases

A vulnerability in the fitness app allowed Israeli officials' movements to be tracked, a group says.

DATA BREACH

Ex-Amazon employee convicted of hacking Capital One and stealing data of over 100 million people, including social security numbers and banking info

Ex-Amazon employee convicted of hacking Capital One and stealing data of over 100 million people, including social security numbers and banking info

A former Amazon Web Services engineer has been found guilty of hacking into Capital One and stealing millions of customers' data.

GUIDANCE & OPINIONS

EDPB adopts guidelines on certification as a tool for transfers

EDPB adopts guidelines on certification as a tool for transfers

The EDPB adopted guidelines on certification as a tool for transfers. Art. 46(2)(f) GDPR introduces approved certification mechanisms as a new tool to transfer personal data to third countries in the absence of an adequacy agreement.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.