Privacy Transformation - Issue 171

PRIVACY

Norway wants Facebook fined for illegal data transfers

Norway wants Facebook fined for illegal data transfers

Facebook owner Meta Platforms should be fined for continuing to shuttle Europeans’ personal information to the United States in violation of a landmark EU court ruling, Norway’s data protection authority has told its peer regulators.

NOYB targets Google over 'spam emails' sent to Gmail users

NOYB targets Google over 'spam emails' sent to Gmail users

NOYB claims Google is sending messages to its Gmail users that look like normal emails, but are adverts that the users never consented to.

Netherlands NCSC: How the CLOUD-Act works in data storage in Europe

Netherlands NCSC: How the CLOUD-Act works in data storage in Europe

European companies with data processing operations in Europe also sometimes fall under the scope of the American CLOUD-Act. This allows data stored in Europe to be accessible to the US government. The example of the CLOUD-Act shows the consequences of legislation if it has an extraterritorial effect.

SECURITY & TECH

French hospital hit by $10M ransomware attack, sends patients elsewhere

French hospital hit by $10M ransomware attack, sends patients elsewhere

The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.

NHS IT supplier held to ransom by hackers

NHS IT supplier held to ransom by hackers

A cyber-attack on a major IT provider of the NHS has been confirmed as a ransomware attack. Advanced, which provides digital services like patient check-in and NHS 111, says it may take three to four weeks to fully recover.

Irish Data Protection Commission in discussions with Twitter over security risk claims

Irish Data Protection Commission in discussions with Twitter over security risk claims

The Irish DPC is the watchdog for Twitter in Europe as the company has its regional headquarters in Dublin.

RELATED: Data commissioner Helen Dixon ‘has important role’ in Twitter whistleblower’s allegations, lawyers say

Oracle faces class-action lawsuit for ‘tracking’ five billion people

Oracle faces class-action lawsuit for ‘tracking’ five billion people

Irish Council for Civil Liberties (ICCL) senior fellow Johnny Ryan has launched a US class action lawsuit against Oracle over claims that the tech giant is unduly tracking and monitoring people.

RELATED: Class action against Oracle’s worldwide surveillance machine

Hackers are using cookies to beat two-factor authentication

Hackers are using cookies to beat two-factor authentication

The latest cyber threat uses cookies to bypass what is considered the best way to keep yourself secure online.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's threat report is drawn from recent open source reporting.

DATA BREACH

Plex was compromised, exposing usernames, emails, and passwords

Plex was compromised, exposing usernames, emails, and passwords

Streaming media platform Plex sent out an email to its customers earlier today regarding a security breach that may have compromised usernames, emails, and passwords.

Password manager LastPass confirms security breach

Password manager LastPass confirms security breach

LastPass has confirmed that they recently suffered from a security breach, but thankfully your passwords are still safe.

ENFORCEMENT

Manx Care faces £170k fine over patient data breach

Manx Care faces £170k fine over patient data breach

The health care provider is given until the end of the year to put measures in place or pay the fine.

California Fines Sephora $1.2 Million for Privacy Violations

California Fines Sephora $1.2 Million for Privacy Violations

Retailer Sephora has been fined $1.2 million as part of a settlement agreement with California's attorney general, over accusations that it violated the California Consumer Privacy Act, or CCPA, which went into effect in July 2020.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

Ultimate resources for SCCs and TIAs - Schrems II

Ultimate resources for SCCs and TIAs - Schrems II

📚 Your go-to overview for hands-on practical resources to deal with Schrems II, SCCs and TIAs.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.