Privacy Transformation - Issue 167
PRIVACY
Data Protection Commission to be expanded
The Government is to appoint two additional commissioners at the office of the Data Protection Commission (DPC). The current Commissioner Helen Dixon is to become Chairperson of the DPC.
CCTV to be used to prosecute littering and illegal dumping
The intention is to install cameras in black spots, not in a ‘covert’ but in a visible way, says Minister.
Homeland Security records show 'shocking' use of phone data, ACLU says
The civil liberties group released documents showing new details about how agencies had purchased information on people's movements throughout North America.
SECURITY & TECH
CNIL: Google Analytics and data transfers: how to make your analytics tool compliant with the GDPR?
The Court of Justice of the European Union (CJEU), in its ruling of 16 July 2020, invalidated the Privacy Shield, a mechanism that provided a framework for transfers of personal data between the European Union and the United States. The US legislation does not offer sufficient guarantees in the face of the risk of access by the authorities, particularly the intelligence services, to the personal data of European residents.
Facial recognition cameras in UK retail chain challenged by privacy group
Shoppers at a grocery store chain across southern England are being surveilled with facial recognition cameras, prompting a legal complaint by civil rights campaigners.
Opinion: I Was on TikTok for 30 Days: It Is Manipulative, Addictive and Harmful to Privacy
TikTok must have something special, right? Well it has. It uses manipulative user experience (UX) design to keep users glued to it. It is built to trigger compulsive use, especially in more impressionable audiences such as teenagers. It is also harmful to privacy.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
ENFORCEMENT
T-Mobile to pay $500M for one of the largest data breaches in US history
When T-Mobile compromised the sensitive personal information of more than 76 million current, former, and prospective customers in 2021, plaintiffs involved in a class action lawsuit complained that the company continued profiting off their data while attempting to cover up “one of the largest and most consequential data breaches in US history.”
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
ICO: Guide to Binding Corporate Rules
The concept of using Binding Corporate Rules (BCRs) to provide adequate safeguards for making restricted transfers was developed under EU law and continues to be part of UK law under the UK GDPR, specifically, Article 47.
RESOURCES
'Splinternets': Addressing the renewed debate on internet fragmentation
This report explores the implications of the EU's recent policies and the opportunities and challenges for EU Member States and institutions in addressing internet fragmentation. It underlines how recent EU legislative proposals – on the digital services act, digital markets act, artificial intelligence act, and NIS 2 Directive – could help to address patterns of fragmentation, but also have limitations and potentially unintended consequences.
ENISA: Threat Landscape for Ransomware Attacks
This report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. Based on the findings, ransomware has adapted and evolved, becoming more efficient and causing more devastating attacks.
ENISA: Telecom Security Incidents 2021
This report provides anonymised and aggregated information about major telecom security incidents in 2021. The 2021 annual summary contains reports of 168 incidents submitted by national authorities from 26 EU Member States (MS) and 2 EFTA countries.
ENISA: Trust Services Security Incidents 2021
This report provides an aggregated overview of the notified breaches for 2021, analysing root causes, statistics and trends. It marks the sixth round of security incident reporting for the EU’s trust services sector. In this round of annual summary reporting a total of 27 EU countries and 3 EEA countries took part. They reported a total of 46 incidents.
EDPS Podcast: AI and I - A three-step approach to Artificial Intelligence: Episode 3 - Regulating AI. The paradox of Achilles and the tortoise
Welcome to the final episode of the three-part podcast series focused on Artificial Intelligence (AI) technologies, created by the trainees of the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB).
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.