Privacy Transformation - Issue 164
PRIVACY
DPC moves closer to possible ban on Facebook EU-US data flows
Ireland's data privacy regulator moved a step closer to a ruling that could halt EU-US data transfers by Meta-ownedFacebook and Instagram when it shared an updated draft order with other EU regulators today, a spokesperson said.
RELATED: Europe faces Facebook blackout
Ireland’s slapdash approach to data retention legislation sinks to new low
I’ve written about the inane, disconnected, legally presumptuous approach by successive Irish governments to data retention — the gathering and storing of everyone’s communications data for possible law enforcement use down the line. Emergency legislation has now been rushed through with little oversight.
SECURITY & TECH
Payment Data Could Become Evidence of Abortion, Now Illegal in Some States
Financial companies collect a lot of payment data from customers. Prosecutors could subpoena those records for evidence of abortion, legal experts say.
RELATED: You scheduled an abortion. Planned Parenthood’s website could tell Facebook.
‘Supercookies’ Have Privacy Experts Sounding the Alarm
Customers of some phone companies in Germany, including Vodafone and Deutsche Telekom, have had a slightly different browsing experience from those on other providers since early April. Rather than seeing ads through regular third-party tracking cookies stored on devices, they’ve been part of a trial called TrustPid.
DATA BREACH
China data leak: Nearly one billion people had their personal data leaked, and it's been online for more than a year
A massive online database apparently containing the personal information of up to one billion Chinese citizens was left unsecured and publicly accessible for more than a year -- until an anonymous user in a hacker forum offered to sell the data and brought it to wider attention last week.
Hackers leak private data of thousands of children to the dark web
Thousands of British school pupils have had their private details leaked online by a cyber gang. Hackers stole private data including photocopies of children’s passports, disciplinary records and child protection reports relating to vulnerable pupils.
ENFORCEMENT
UK data watchdog to scale back fines for public bodies
The UK’s data watchdog is to scale back fines for public bodiesm, stating that users of services often bear the brunt of the financial punishment.
Audio recording requires legal basis. Administrative fine imposed on Warsaw Centre for Intoxicated Persons
In the opinion of the Polish SA, the recording of voices of people who are often in the state of alcohol intoxication, which prevents them from making conscious statements or controlling the sounds they make, is excessive and unintended.
French SA fines TotalEnergies Électricité et Gaz France €1,000,000
The French Supervisory Authority, CNIL has received several complaints concerning the difficulties encountered by individuals in having their requests for access to their data and opposition to receiving calls for the purposes of direct marketing taken into account by the French energy producer and supplier, TotalEnergies Électricité et Gaz France.
More on the latest GDPR enforcement news can be found on:
RESOURCES
ENISA Threat Landscape Methodology
By establishing the ENISA Cybersecurity Threat Landscape (CTL) methodology, the Agency aims to set a baseline for the transparent and systematic delivery of horizontal, thematic, and sectorial cybersecurity threat landscapes. The following threat landscapes could be considered as examples.
EDPB / EDPS Podcast: AI and I: A three-step approach to Artificial Intelligence
The first episode of the three-part podcast series: AI and I: A three-step approach to Artificial Intelligence, created by the trainees of the European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB), which explore specific aspects of Artificial Intelligence technologies (AI) in our society.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.