Privacy Transformation - Issue 170
PRIVACY
EU Court Expands Definition of Sensitive Data, Prompting Legal Concerns for Companies
Companies will be under increased pressure after Europe’s top court ruled they must apply special protections to data that firms previously didn’t consider sensitive. The ruling will require companies to protect data that indirectly relates to sensitive information such as health or sexual orientation.
Public servants told not to talk shop around Amazon’s Alexa
Public servants have been told not to discuss work in the vicinity of so-called "smart speakers" like Amazon's Alexa-powered Echo device, according to reports. A document seen by the Business Post says staff working at the Oireachtas should "avoid having confidential work conversations near digital
Analysis: Who's who under the DMA, DSA, DGA and Data Act?
As part of its data strategy, the European Commission has presented a number of legislative instruments, including the Digital Markets Act (DMA), the Digital Services Act (DSA), the Data Governance Act (DGA) and the Data Act. This publication focuses on these four new instruments in more detail - in particular, who these legal instruments apply to and who may benefit from them.
CNIL: WereUAt — Location data re-identification from theory to practice
This project aims to test with a concrete example, and as the case may be, demonstrate, the risks of reidentification posed when a data broker sells deidentified geolocation data.
SECURITY & TECH
Deepfakes expose vulnerabilities in certain facial recognition technology
Researchers found that most application programming interfaces that use facial liveness verification—a feature of facial recognition technology that uses computer vision to confirm the presence of a live user—don't always detect digitally altered photos or videos of individuals made to look like a live version of someone else, also known as deepfakes.
Cisco Confirms Network Breach Via Hacked Employee Google Account
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
TikTok parent ByteDance acquires private hospital chain
ByteDance's healthcare unit in China, Xiaohe Health, has acquired a high-end healthcare organization called Amcare Healthcare for $1.5 billion.
RELATED: Amazon to buy primary health-care provider One Medical for roughly $3.9 billion
iRobot's Roomba will soon be owned by Amazon, which raises privacy questions
In the development of ever smarter homes, Amazon could soon have access to the maps of our houses created and stored by Roomba vacuums.
RELATED: The iRobot Deal Would Give Amazon Maps Inside Millions of Homes
Meta Launches New Legal Proceedings Against Data Scraping, Helping to Establish Precedent Around Misuse
Meta has launched two new legal actions against data scraping sites, which have extracted user data from both Instagram and Facebook for unauthorized use.
RELATED: Meta — Taking Action Against Scraping for Hire
How a Third-Party SMS Service Was Used to Take Over Signal Accounts
Unknown attackers targeted Signal users after they broke into the systems of communications services company Twilio.
RESOURCES
TechCrunch launches TheTruthSpy spyware lookup tool
This tool lets you check to see if your Android device was compromised.
RELATED: Behind the stalkerware network spilling the private phone data of hundreds of thousands
Future of Privacy Forum: Introduction to the Conformity Assessment under the draft EU AI Act, and how it compares to DPIAs
The proposed Regulation on Artificial Intelligence put forward by the European Commission is the first initiative towards a comprehensive legal framework on AI in the world. It aims to set rules on specific AI applications in certain contexts and does not intend to regulate AI technology in general.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.