Privacy Transformation - Issue 163
PRIVACY
Plans to fast-track law to deal with fallout from Dwyer appeal hits hurdle
Oireachtas Justice Committee has refused request from Minister to waive pre-legislative scrutiny of the legislation as part of efforts to have it passed before summer recess.
Sovereignty requirements remain in cloud certification scheme despite backlash
The draft Cybersecurity Certification Scheme for Cloud Services (EUCS), seen by EURACTIV, includes sovereignty requirements on European data localisation and foreign law immunity, even though member states and tech industry representatives strongly advised against it.
Helen McEntee faces Cabinet backlash over gardaí plans for facial recognition
Justice Minister Helen McEntee is facing a Cabinet backlash over plans to give gardaí powers to use controversial facial recognition technology (FRT) in murder, missing person and child sex abuse cases.
RELATED: Facial recognition technology has 'a fundamental problem'
Kerry businessman claims garda fraudulently obtained his private data from online sales platform
Case centres around an online exchange that occurred on the 'Advert.ie' platform involving the complainant and the seller of an electric drone
The CNPD adopts the certification mechanism GDPR-CARPA
The National Data Protection Commission (CNPD) has adopted its certification mechanism GDPR-CARPA on 13th May 2022. GDPR-CARPA is the first certification mechanism to be adopted on a national and international level under the GDPR.
EDPS: Amended Europol Regulation weakens data protection supervision
Following the publication of the amended Europol Regulation in the Official Journal of the EU today, the EDPS expresses its concerns that the amendments, which will enter into force on 28 June 2022, weaken the fundamental right to data protection and do not ensure an appropriate oversight of the European Union Agency for Law Enforcement Cooperation (Europol).
Controversy after Revenue asked Social Protection for data on 1,616 PUP recipients
Finance Minister Paschal Donohoe defended the sharing of information between government departments but data protection experts say the move was unlawful.
SECURITY & TECH
Instagram: Video selfies trial to verify age of teens - BBC News
The Meta-owned app is trialling new verification methods to ensure teens meet platform age rules.
The nation where your 'faceprint' is already being tracked
Australia's use of facial recognition technology has caused controversy and stoked privacy fears, but there is a chance that it could become a world leader in regulating its use.
China’s Surveillance State Is Growing. These Documents Reveal How
A New York Times analysis of over 100,000 government bidding documents found that China’s ambition to collect digital and biological data from its citizens is more expansive and invasive than previously known.
MEP calls on Irish authorities to investigate if Pegasus spyware was used on citizens here
Pegasus spyware infiltrates mobile phones to extract data or activate a camera or microphone to spy on their owners.
Meta Agrees to Alter Ad Technology in Settlement With U.S.
The Justice Department had accused Meta’s housing advertising system of discriminating against Facebook users based on their race, gender, religion and other characteristics.
Japanese worker loses city's personal data in USB fail
A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
ENFORCEMENT
EU Commission rejects criticism of GDPR monitoring in Ireland
The European Commission has described as "unfounded" claims that it does not collect sufficient information to monitor the implementation of data protection rules in Ireland.
Revised approach to public sector enforcement: Open letter from UK Information Commissioner John Edwards to public authorities
The role of UK Information Commissioner comes with responsibilities, powers, and discretions. Since starting my role in January, I have been touring the UK listening to businesses, organisations and the public about their expectations of me and my office.
Google’s ‘deceptive’ account sign-up process targeted with GDPR complaints
Consumer rights groups in Europe have filed a series of privacy complaints against Google, accusing them of deceptive design around the account creation process
Data Protection Commission welcomes outcome of prosecution proceedings taken against Vodafone Ireland Limited
We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.
Italian SA bans use of Google Analytics: no adequate safeguards for data transfers from Caffeina Media S.r.l. to the U.S.
The Italian SA found that Caffeina Media S.r.l. using Google Analytics on its website collected, via cookies, information on user interactions with the respective websites, visited pages and services on offer. The set of data collected in this connection included the user device IP address along with information on browser, operating system, screen resolution, selected language, date and time of page viewing.
Cookies: the Council of State confirms the 2020 sanction imposed by the CNIL against Amazon
The CNIL decision of 7 December 2020 On 7 December 2020, the CNIL imposed a fine of 35 million euros on AMAZON EUROPE CORE, in particular for having placed advertising cookies on the computers of users of the Amazon.fr sales site without prior consent or satisfactory information.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Guidelines 07/2022 on certification as a tool for transfer
The European Data Protection Board welcomes comments on the Guidelines 07/2022 on certification as a tool for transfers. Such comments should be sent 30th September 2022 at the latest using the provided form.
RESOURCES
Report: International Enforcement Cooperation Working Group - Credential Stuffing Awareness Raising for individuals
Latest report from international data protection and privacy authorities has identified credential stuffing as a significant and growing cyber threat to personal information.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.