Privacy Transformation - Issue 163

PRIVACY

Plans to fast-track law to deal with fallout from Dwyer appeal hits hurdle

Plans to fast-track law to deal with fallout from Dwyer appeal hits hurdle

Oireachtas Justice Committee has refused request from Minister to waive pre-legislative scrutiny of the legislation as part of efforts to have it passed before summer recess.

Sovereignty requirements remain in cloud certification scheme despite backlash

Sovereignty requirements remain in cloud certification scheme despite backlash

The draft Cybersecurity Certification Scheme for Cloud Services (EUCS), seen by EURACTIV, includes sovereignty requirements on European data localisation and foreign law immunity, even though member states and tech industry representatives strongly advised against it.

Helen McEntee faces Cabinet backlash over gardaí plans for facial recognition

Helen McEntee faces Cabinet backlash over gardaí plans for facial recognition

Justice Minister Helen McEntee is facing a Cabinet backlash over plans to give gardaí powers to use controversial facial recognition technology (FRT) in murder, missing person and child sex abuse cases.

RELATED: Facial recognition technology has 'a fundamental problem'

Kerry businessman claims garda fraudulently obtained his private data from online sales platform

Kerry businessman claims garda fraudulently obtained his private data from online sales platform

Case centres around an online exchange that occurred on the 'Advert.ie' platform involving the complainant and the seller of an electric drone

The CNPD adopts the certification mechanism GDPR-CARPA

The CNPD adopts the certification mechanism GDPR-CARPA

The National Data Protection Commission (CNPD) has adopted its certification mechanism GDPR-CARPA on 13th May 2022. GDPR-CARPA is the first certification mechanism to be adopted on a national and international level under the GDPR.

EDPS: Amended Europol Regulation weakens data protection supervision

EDPS: Amended Europol Regulation weakens data protection supervision

Following the publication of the amended Europol Regulation in the Official Journal of the EU today, the EDPS expresses its concerns that the amendments, which will enter into force on 28 June 2022, weaken the fundamental right to data protection and do not ensure an appropriate oversight of the European Union Agency for Law Enforcement Cooperation (Europol).

Controversy after Revenue asked Social Protection for data on 1,616 PUP recipients

Controversy after Revenue asked Social Protection for data on 1,616 PUP recipients

Finance Minister Paschal Donohoe defended the sharing of information between government departments but data protection experts say the move was unlawful.

SECURITY & TECH

Instagram: Video selfies trial to verify age of teens - BBC News

Instagram: Video selfies trial to verify age of teens - BBC News

The Meta-owned app is trialling new verification methods to ensure teens meet platform age rules.

The nation where your 'faceprint' is already being tracked

The nation where your 'faceprint' is already being tracked

Australia's use of facial recognition technology has caused controversy and stoked privacy fears, but there is a chance that it could become a world leader in regulating its use.

China’s Surveillance State Is Growing. These Documents Reveal How

China’s Surveillance State Is Growing. These Documents Reveal How

A New York Times analysis of over 100,000 government bidding documents found that China’s ambition to collect digital and biological data from its citizens is more expansive and invasive than previously known.

MEP calls on Irish authorities to investigate if Pegasus spyware was used on citizens here

MEP calls on Irish authorities to investigate if Pegasus spyware was used on citizens here

Pegasus spyware infiltrates mobile phones to extract data or activate a camera or microphone to spy on their owners.

Meta Agrees to Alter Ad Technology in Settlement With U.S.

Meta Agrees to Alter Ad Technology in Settlement With U.S.

The Justice Department had accused Meta’s housing advertising system of discriminating against Facebook users based on their race, gender, religion and other characteristics.

Japanese worker loses city's personal data in USB fail

Japanese worker loses city's personal data in USB fail

A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's threat report is drawn from recent open source reporting.

ENFORCEMENT

EU Commission rejects criticism of GDPR monitoring in Ireland

EU Commission rejects criticism of GDPR monitoring in Ireland

The European Commission has described as "unfounded" claims that it does not collect sufficient information to monitor the implementation of data protection rules in Ireland.

Revised approach to public sector enforcement: Open letter from UK Information Commissioner John Edwards to public authorities

The role of UK Information Commissioner comes with responsibilities, powers, and discretions. Since starting my role in January, I have been touring the UK listening to businesses, organisations and the public about their expectations of me and my office.

Google’s ‘deceptive’ account sign-up process targeted with GDPR complaints

Google’s ‘deceptive’ account sign-up process targeted with GDPR complaints

Consumer rights groups in Europe have filed a series of privacy complaints against Google, accusing them of deceptive design around the account creation process

Data Protection Commission welcomes outcome of prosecution proceedings taken against Vodafone Ireland Limited

Data Protection Commission welcomes outcome of prosecution proceedings taken against Vodafone Ireland Limited

We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.

Italian SA bans use of Google Analytics: no adequate safeguards for data transfers from Caffeina Media S.r.l. to the U.S.

Italian SA bans use of Google Analytics: no adequate safeguards for data transfers from Caffeina Media S.r.l. to the U.S.

The Italian SA found that Caffeina Media S.r.l. using Google Analytics on its website collected, via cookies, information on user interactions with the respective websites, visited pages and services on offer. The set of data collected in this connection included the user device IP address along with information on browser, operating system, screen resolution, selected language, date and time of page viewing.

Cookies: the Council of State confirms the 2020 sanction imposed by the CNIL against Amazon

The CNIL decision of 7 December 2020 On 7 December 2020, the CNIL imposed a fine of 35 million euros on AMAZON EUROPE CORE, in particular for having placed advertising cookies on the computers of users of the Amazon.fr sales site without prior consent or satisfactory information.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB: Guidelines 07/2022 on certification as a tool for transfer

The European Data Protection Board welcomes comments on the Guidelines 07/2022 on certification as a tool for transfers. Such comments should be sent 30th September 2022 at the latest using the provided form.

RESOURCES

Report: International Enforcement Cooperation Working Group  - Credential Stuffing Awareness Raising for individuals

Latest report from international data protection and privacy authorities has identified credential stuffing as a significant and growing cyber threat to personal information.

RELATED: Report: International Enforcement Cooperation Working Group - Credential Stuffing Guidelines for commercial organisations

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.