Privacy Transformation - Issue 165
PRIVACY
Europe’s state of mass surveillance
The EU’s top court says mass surveillance is banned. Governments do it anyway.
Insights: Your compliance obligations under the UK’s Online Safety Bill; or, welcome to hell
Last month I wrote a post about the UK’s “world-leading” vision for age-gating the open web. It got a bit of attention. That post, sadly, encompassed only one aspect of your compliance obligations under the Online Safety Bill. In this post, I’m going to tell you about the rest.
Security warning after sale of stolen Chinese data
Public bodies are told to be on guard after hacker tries to sell data of one billion Chinese citizens.
EDPB moves ahead with closer cooperation on strategic cases
Following the commitments set out in its Vienna Statement on Enforcement Cooperation, the EDPB adopted a set of criteria to assess whether a cross-border case may qualify as a case of “strategic importance” for closer cooperation.
SECURITY & TECH
Italy warns TikTok over privacy policy switch
TikTok’s attempt to switch legal basis for targeting advertising at users in Europe looks to be in trouble after Italy’s data protection watchdog stepped in and issued a warning of legal inadequacy just days ahead of the planned privacy policy change.
'Endemic' software flaw could take years to address, US government review finds
It could take a decade to fully eradicate a critical vulnerability found last year in software used by governments and tech firms around the world from some computer systems, a Department of Homeland Security review board said Thursday.
Australia probes retail giants Bunnings and Kmart over customer 'faceprints'
The use of facial recognition technology by two retail giants is unethical, an advocacy group says.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
DATA BREACH
Former CIA employee convicted for carrying out largest data leak in agency's history
A former CIA employee charged with carrying out the largest leak of classified data in the agency's history was convicted on all counts in federal court.
ENFORCEMENT
Selfie scraping Clearview AI hit with another €20M ban order in Europe
Athens-based data protection authority has fined Clearview AI €20M and banned it from collecting and processing the personal data of people living in Greece.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space
The European Data Protection Board and the European Data Protection Supervisor have adopted their Joint Opinion on the European Commission’s Proposal for the European Health Data Space (EHDS). The Proposal aims to facilitate the creation of a European Health Union and to enable the EU to make full use of the potential offered by a safe and secure exchange, use and reuse of health data.
New EU funding rules: processing of personal data must be clarified
In its Opinion published today, the EDPS fully supports the goals of the proposed amendments to the financial rules on the general budget of the European Union, but strongly recommends specifying the types of personaldata to be processed, from where this data is sourced, as well as the means and duration of the processing.
RESOURCES
Transfer Impact Assessment Template: Intra-Group Tranfers
Updated EU SCC Transfer Impact Assessment (TIA) Toolbox from David Rosenthal, now including a simplified TIA designed for intra-group cross-border data trasnfers.
Report: Behind the screens - ICO calls for review into use of private email and messaging apps within government
The Information Commissioner’s Office has called for a government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps.
EDPS Podcast: AI and I - A three-step approach to Artificial Intelligence: Episode 2
The second episode of this podcast series focused on a three-step approach to Artificial Intelligence (AI), organised by the trainees of the European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB).
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.