Privacy Transformation - Issue 165

PRIVACY

Europe’s state of mass surveillance

Europe’s state of mass surveillance

The EU’s top court says mass surveillance is banned. Governments do it anyway.

Insights: Your compliance obligations under the UK’s Online Safety Bill; or, welcome to hell

Insights: Your compliance obligations under the UK’s Online Safety Bill; or, welcome to hell

Last month I wrote a post about the UK’s “world-leading” vision for age-gating the open web. It got a bit of attention. That post, sadly, encompassed only one aspect of your compliance obligations under the Online Safety Bill. In this post, I’m going to tell you about the rest.

Security warning after sale of stolen Chinese data

Security warning after sale of stolen Chinese data

Public bodies are told to be on guard after hacker tries to sell data of one billion Chinese citizens.

EDPB moves ahead with closer cooperation on strategic cases

EDPB moves ahead with closer cooperation on strategic cases

Following the commitments set out in its Vienna Statement on Enforcement Cooperation, the EDPB adopted a set of criteria to assess whether a cross-border case may qualify as a case of “strategic importance” for closer cooperation.

SECURITY & TECH

Italy warns TikTok over privacy policy switch

Italy warns TikTok over privacy policy switch

TikTok’s attempt to switch legal basis for targeting advertising at users in Europe looks to be in trouble after Italy’s data protection watchdog stepped in and issued a warning of legal inadequacy just days ahead of the planned privacy policy change.

'Endemic' software flaw could take years to address, US government review finds

'Endemic' software flaw could take years to address, US government review finds

It could take a decade to fully eradicate a critical vulnerability found last year in software used by governments and tech firms around the world from some computer systems, a Department of Homeland Security review board said Thursday.

Australia probes retail giants Bunnings and Kmart over customer 'faceprints'

Australia probes retail giants Bunnings and Kmart over customer 'faceprints'

The use of facial recognition technology by two retail giants is unethical, an advocacy group says.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's threat report is drawn from recent open source reporting.

DATA BREACH

Former CIA employee convicted for carrying out largest data leak in agency's history

Former CIA employee convicted for carrying out largest data leak in agency's history

A former CIA employee charged with carrying out the largest leak of classified data in the agency's history was convicted on all counts in federal court.

ENFORCEMENT

Selfie scraping Clearview AI hit with another €20M ban order in Europe

Selfie scraping Clearview AI hit with another €20M ban order in Europe

Athens-based data protection authority has fined Clearview AI €20M and banned it from collecting and processing the personal data of people living in Greece.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space

The European Data Protection Board and the European Data Protection Supervisor have adopted their Joint Opinion on the European Commission’s Proposal for the European Health Data Space (EHDS). The Proposal aims to facilitate the creation of a European Health Union and to enable the EU to make full use of the potential offered by a safe and secure exchange, use and reuse of health data.

[Read Press Release]

New EU funding rules: processing of personal data must be clarified

New EU funding rules: processing of personal data must be clarified

In its Opinion published today, the EDPS fully supports the goals of the proposed amendments to the financial rules on the general budget of the European Union, but strongly recommends specifying the types of personaldata to be processed, from where this data is sourced, as well as the means and duration of the processing.

RESOURCES

Transfer Impact Assessment Template: Intra-Group Tranfers

Updated EU SCC Transfer Impact Assessment (TIA) Toolbox from David Rosenthal, now including a simplified TIA designed for intra-group cross-border data trasnfers.

Report: Behind the screens - ICO calls for review into use of private email and messaging apps within government

Report: Behind the screens - ICO calls for review into use of private email and messaging apps within government

The Information Commissioner’s Office has called for a government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps.

[Read Report]

EDPS Podcast: AI and I - A three-step approach to Artificial Intelligence: Episode 2

EDPS Podcast: AI and I - A three-step approach to Artificial Intelligence: Episode 2

The second episode of this podcast series focused on a three-step approach to Artificial Intelligence (AI), organised by the trainees of the European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB).

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.