Privacy Transformation - Issue 162
PRIVACY
The UK is getting closer to its own GDPR, and it’s quite different
The UK government claims the Data Reform Bill will create more than £1bn in business savings over 10 years, but many are sceptical.
RELATED: Pop-ups are dead, long live pop-ups: or, the bait-and-switch hidden in today’s cookie announcement
Data: a new direction - government response to consultation
EU privacy chief bashes lack of GDPR enforcement against Big Tech
The European Data Protection Supervisor hinted at needing a more centralized enforcement model.
Analysis - Distilling the essence of the American Data Privacy and Protection Act
IAPP Senior Westin Research Fellow Müge Fazlioglu analyzes the major points in the bipartisan, draft American Data Privacy and Protection Act.
EU court limits air travel surveillance to the ‘strictly necessary’
The European Court of Justice ruled on Tuesday (21 June) that the EU’s Passenger Name Record directive must be curtailed to be compatible with fundamental rights.
Canada introduces new federal privacy and AI legislation
Canada took a step toward updating its privacy landscape, introducing the Digital Charter Implementation Act of 2022 on June 16.
SECURITY & TECH
After EU child safety complaints, TikTok tweaks ad disclosures but profiling concerns remain
A long-running EU engagement with TikTok — initiated following a series of complaints over child safety and consumer protection complaints filed back in February 2021 — has ended, for now, with the video sharing platform offering a series of commitments to improve user reporting and disclosure requirements around ads/sponsored content; and also to boost transparency around its digital coins and virtual gifts.
Can your medical records be used for marketing? Yes, if you agree to this
There’s a burgeoning business in harvesting our patient data to target us with ultra-personalized ads. Patients who think medical information should come from a doctor — rather than a pharmaceutical marketing department — might not like that.
A consent form from one vendor that facilitates medical appointment scheduling gives it permission to use your data for marketing.
Ransomware gang creates site for employees to search for their stolen data
The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack
Opinion - Big tech, Western intel and Ukrainian hackers beat Russia at cyberwar
Big Tech, Western intelligence and a homegrown army of Ukrainian hackers pull off one of the biggest surprises of the war.
Facebook Is Receiving Sensitive Medical Information from Hospital Websites
Experts say some hospitals’ use of an ad tracking tool may violate a federal law protecting health information
Strava app flaw revealed runs of Israeli officials at secret bases
A vulnerability in the fitness app allowed Israeli officials' movements to be tracked, a group says.
DATA BREACH
Ex-Amazon employee convicted of hacking Capital One and stealing data of over 100 million people, including social security numbers and banking info
A former Amazon Web Services engineer has been found guilty of hacking into Capital One and stealing millions of customers' data.
GUIDANCE & OPINIONS
EDPB adopts guidelines on certification as a tool for transfers
The EDPB adopted guidelines on certification as a tool for transfers. Art. 46(2)(f) GDPR introduces approved certification mechanisms as a new tool to transfer personal data to third countries in the absence of an adequacy agreement.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.