Privacy Transformation - Issue 174
PRIVACY
Scant resources might threaten enforcement on Big Tech, EU data protection bodies warn
The European privacy watchdogs have sent a letter, seen exclusively by EURACTIV, requesting the European Parliament and Council to allocate more financial resources in next year’s budget or face a loss in credibility in the EU’s data protection rules.
Data Protection Commission announces decision in Instagram Inquiry
The Data Protection Commission (DPC) has today announced a conclusion to an inquiry into Meta Platforms Ireland Limited (Instagram) imposing a fine of €405 million and a range of corrective measures.
ICCL: Landmark GDPR decision against “consent” spam to be heard at Europe’s highest court
The Brussels Court of Appeal dismisses various IAB Europe procedural grounds of appeal and agrees to refer our preliminary questions to the European Court of Justice.
Redline UK GDPR: How the UK GDPR may change
On 18 July 2022, the UK government introduced the Data Protection and Digital Information Bill to Parliament for its first reading. Hogan Lovells have produced a redline version which highlights how the Bill could amend the UK GDPR if passed today.
Case Analysis: Spain – Data protection complaints can bypass the controller
The Spanish Supreme Court has decided data subjects can complain directly to a data protection authority without having to first exercise their rights against the relevant controller.
SECURITY & TECH
Cyber Chief: Ireland's position in the world does not protect it from attacks by other countries
Dr Richard Browne gave an interview to The Journal this week on the work of Ireland’s National Cyber Security Centre.
Ransomware gangs switching to new intermittent encryption tactic
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped.
Senior Facebook engineers say no one at the company knows where your data is kept
Two Meta engineers were grilled about the company's data storage systems in court, and the transcript of their answers was recently unsealed.
DuckDuckGo, Proton, Mozilla throw weight behind bill targeting Big Tech ‘surveillance’
A dozen companies leading on the issue of data privacy take their fight to Congress.
DATA BREACH
Ransomware gang threatens 1m-plus medical record leak
Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.
ENFORCEMENT
Instagram fined €405m by Irish regulator for breaching children’s privacy rights
The Irish Data Protection Commission (DPC) says that it has fined Instagram €405m for breaching the privacy rights of children.
RELATED:
€405m Instagram fine to go to exchequer, DPC confirms
Data protection watchdog defends handling of social media investigations
EU backs massive antitrust decision against Google but trims record fine
Last year, Google argued the EU’s decision was unfounded and that the bloc did not fine Apple, which gives preference to its own services such as Safari on iPhones.
Irish DPC submits Article 60 draft decision on inquiry into TikTok
As the EU Lead Supervisory Authority for TikTok, the DPC opened this inquiry in September 2021. The DPC has now submitted its draft decision to its colleagues.
More on the latest GDPR enforcement news can be found on:
RESOURCES
The DRAFT Design Process Standard – Institute of Operational Privacy Design
The Institute of Operational Privacy Design (IOPD) is dedicated to promotion and adoption of privacy design standards for organizations. Today, the IOPD is putting forth a draft of it’s first standard, the IOPD Design Process Standard, for how to implement and measure a company’s compliance with privacy by design requirements that are found in some of the privacy regulations and laws.
ICO: AI and data protection risk toolkit
Our AI toolkit is designed to provide further practical support to organisations to reduce the risks to individuals’ rights and freedoms caused by of their own AI systems.
Podcast: Is GDPR enforcement catching up?
This week, the Irish Data Protection Commission sanctioned Instagram for violating children’s privacy. After much waiting for the EU’s data protection rulebook to bite, privacy watchdogs have started to show their teeth. Is this a sign of a new trend? And how does it sit with the ongoing discussions about potential reforms of the General Data Protection Regulation? Tune in for this discussion with Isabelle Roccia, managing director for Europe of the International Association of Privacy Professionals, and Vincenzo Tiani, a partner at the law firm Panetta.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.