Privacy Transformation - Issue 166
PRIVACY
Data Protection Commission urged to act over alleged illegal retention of data
The Government’s bid to address the fallout from convicted murderer Graham Dwyer’s successful challenge to mobile phone metadata retention laws here faces another hurdle with the Data Protection Commission being urged to act immediately over alleged continuing illegal retention of data by service providers.
The delay to the online safety bill won’t make it any easier to please everyone
The Conservatives have kicked the sprawling document, which aimed for a political Goldilocks zone and ended up a hot mess, firmly down the road.
EU Privacy Regulators Are Scrutinizing Data Flows to Russia
Regulators are monitoring legal changes in Russia and how they could affect any data being moved through from the EU, according to the European Data Protection Board, the umbrella group of authorities from the bloc.
RELATED: EDPB Statement 02/2022 on personal data transfers to the Russian Federation.
SECURITY & TECH
HBDI bans Microsoft products following data sovereignty concerns
Windows 10 and Office 365 have been banned by the HBDI in some German schools amid concerns over data sovereignty and privacy.
Microsoft launches its Cloud for Sovereignty
At its Inspire conference, Microsoft today announced the launch of the Microsoft Cloud for Sovereignty, a new solution for public sector customers — especially in Europe — who need to be able to guarantee that their users’ data is stored and processed in a given region.
CISA chooses London for its first-ever overseas office
Within hours of the US' announcement, the EU also said it would be going the other way and opening its first west-coast office to tackle digital diplomacy.
Facebook accused of secretly saving deleted Messenger data and sharing it with police
In response to the legal filing, Facebook's parent company Meta said the "claims are without merit and we will defend ourselves against them vigorously".
Google’s adding the app permissions section back to the Play Store after removing it
Google is reversing its decision to remove a section in the Play Store that showed users which permissions an app had access to.
Analysis: UK government announces its proposals for regulating AI
On 18 July 2022, the UK government published its cross-sector proposal for regulating artificial intelligence. The proposal outlines what is referred to as a ‘pro-innovation’ regulatory framework which is underpinned by a set of six core principles that seek to address the key risks associated with AI.
ENFORCEMENT
Denmark Google ban: Workspace and Chromebooks outlawed over GDPR
Denmark has become the latest European country to ban Google products, over fears the tech giant's data transfer practices breach GDPR.
RELATED: The Danish DPA imposes a ban on the use of Google Workspace in Elsinore municipality
Hellenic DPA fines Clearview AI 20 million euros
The Authority examined a complaint against Clearview AI Inc, lodged by the civil non-profit organization “Homo Digitalis” on behalf of a complainant, who claimed that s/he was not satisfied in relation to the right of access s/he exercised before the aforementioned company.
MEPs to visit Ireland in September over data protection enforcement
Seven EU lawmakers will fly to Dublin to discuss the enforcement of the European data protection law with the Irish regulator, policymakers and stakeholders.
RELATED: EU Ombudsman requests for more information in Irish data inquiry
European Commission sued for violating EU’s data protection rules
The European Commission is to face a lawsuit over allegations it is violating its own data protection rules when transferring citizens' personal data from one of its websites to the United States.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
EDPB: Data transfers to the Russian Federation
EDPB Statement 02/2022 on personal data transfers to the Russian Federation.
EDPS: Proposal on asset recovery and confiscation
In its Opinion published today on the European Commission’s Proposal for a Directive on recovery and confiscation of assets, the EDPS recognises that processing personal data in this context is liable to have a significant impact on the individuals concerned and constitutes an interference with individuals’ rights guaranteed by the EU Charter of Fundamental Rights, including the right to data protection. The EDPS therefore welcomes the fact that the Proposal explicitly underlines the particular importance that the protection of personal data, according to EU law, is ensured.
RESOURCES
ICO: Overview of Data Protection Harms and the ICO’s Taxonomy
In this document, the ICO sets out their framework for harms, an evidence base, and a taxonomy of data protection harms.
IE NCSC Guidance: Securing Operational Technology
Securing Operational Technology provides guidance to organisations about the risks associated with OT and the best practices they should implement in order to use it securely.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.