Privacy Transformation - Issue 171
PRIVACY
Norway wants Facebook fined for illegal data transfers
Facebook owner Meta Platforms should be fined for continuing to shuttle Europeans’ personal information to the United States in violation of a landmark EU court ruling, Norway’s data protection authority has told its peer regulators.
NOYB targets Google over 'spam emails' sent to Gmail users
NOYB claims Google is sending messages to its Gmail users that look like normal emails, but are adverts that the users never consented to.
Netherlands NCSC: How the CLOUD-Act works in data storage in Europe
European companies with data processing operations in Europe also sometimes fall under the scope of the American CLOUD-Act. This allows data stored in Europe to be accessible to the US government. The example of the CLOUD-Act shows the consequences of legislation if it has an extraterritorial effect.
SECURITY & TECH
French hospital hit by $10M ransomware attack, sends patients elsewhere
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
NHS IT supplier held to ransom by hackers
A cyber-attack on a major IT provider of the NHS has been confirmed as a ransomware attack. Advanced, which provides digital services like patient check-in and NHS 111, says it may take three to four weeks to fully recover.
Irish Data Protection Commission in discussions with Twitter over security risk claims
The Irish DPC is the watchdog for Twitter in Europe as the company has its regional headquarters in Dublin.
Oracle faces class-action lawsuit for ‘tracking’ five billion people
Irish Council for Civil Liberties (ICCL) senior fellow Johnny Ryan has launched a US class action lawsuit against Oracle over claims that the tech giant is unduly tracking and monitoring people.
RELATED: Class action against Oracle’s worldwide surveillance machine
Hackers are using cookies to beat two-factor authentication
The latest cyber threat uses cookies to bypass what is considered the best way to keep yourself secure online.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
DATA BREACH
Plex was compromised, exposing usernames, emails, and passwords
Streaming media platform Plex sent out an email to its customers earlier today regarding a security breach that may have compromised usernames, emails, and passwords.
Password manager LastPass confirms security breach
LastPass has confirmed that they recently suffered from a security breach, but thankfully your passwords are still safe.
ENFORCEMENT
Manx Care faces £170k fine over patient data breach
The health care provider is given until the end of the year to put measures in place or pay the fine.
California Fines Sephora $1.2 Million for Privacy Violations
Retailer Sephora has been fined $1.2 million as part of a settlement agreement with California's attorney general, over accusations that it violated the California Consumer Privacy Act, or CCPA, which went into effect in July 2020.
More on the latest GDPR enforcement news can be found on:
RESOURCES
Ultimate resources for SCCs and TIAs - Schrems II
📚 Your go-to overview for hands-on practical resources to deal with Schrems II, SCCs and TIAs.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.