Privacy Transformation - Issue 174

PRIVACY

Scant resources might threaten enforcement on Big Tech, EU data protection bodies warn

Scant resources might threaten enforcement on Big Tech, EU data protection bodies warn

The European privacy watchdogs have sent a letter, seen exclusively by EURACTIV, requesting the European Parliament and Council to allocate more financial resources in next year’s budget or face a loss in credibility in the EU’s data protection rules.

[Read Joint EDPB/EDPS Letter]

Data Protection Commission announces decision in Instagram Inquiry

Data Protection Commission announces decision in Instagram Inquiry

The Data Protection Commission (DPC) has today announced a conclusion to an inquiry into Meta Platforms Ireland Limited (Instagram) imposing a fine of €405 million and a range of corrective measures.

[Read DPC Decision]

[Read Binding EDPB Decision]

ICCL: Landmark GDPR decision against “consent” spam to be heard at Europe’s highest court

The Brussels Court of Appeal dismisses various IAB Europe procedural grounds of appeal and agrees to refer our preliminary questions to the European Court of Justice.

Redline UK GDPR: How the UK GDPR may change

Redline UK GDPR: How the UK GDPR may change

On 18 July 2022, the UK government introduced the Data Protection and Digital Information Bill to Parliament for its first reading. Hogan Lovells have produced a redline version which highlights how the Bill could amend the UK GDPR if passed today.

[Read redline version here]

Case Analysis: Spain – Data protection complaints can bypass the controller

Case Analysis: Spain – Data protection complaints can bypass the controller

The Spanish Supreme Court has decided data subjects can complain directly to a data protection authority without having to first exercise their rights against the relevant controller.

SECURITY & TECH

Cyber Chief: Ireland's position in the world does not protect it from attacks by other countries

Cyber Chief: Ireland's position in the world does not protect it from attacks by other countries

Dr Richard Browne gave an interview to The Journal this week on the work of Ireland’s National Cyber Security Centre.

Ransomware gangs switching to new intermittent encryption tactic

Ransomware gangs switching to new intermittent encryption tactic

A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped.

Senior Facebook engineers say no one at the company knows where your data is kept

Senior Facebook engineers say no one at the company knows where your data is kept

Two Meta engineers were grilled about the company's data storage systems in court, and the transcript of their answers was recently unsealed.

DuckDuckGo, Proton, Mozilla throw weight behind bill targeting Big Tech ‘surveillance’

DuckDuckGo, Proton, Mozilla throw weight behind bill targeting Big Tech ‘surveillance’

A dozen companies leading on the issue of data privacy take their fight to Congress.

DATA BREACH

Ransomware gang threatens 1m-plus medical record leak

Ransomware gang threatens 1m-plus medical record leak

Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.

ENFORCEMENT

Instagram fined €405m by Irish regulator for breaching children’s privacy rights

Instagram fined €405m by Irish regulator for breaching children’s privacy rights

The Irish Data Protection Commission (DPC) says that it has fined Instagram €405m for breaching the privacy rights of children.

RELATED:

€405m Instagram fine to go to exchequer, DPC confirms

Data protection watchdog defends handling of social media investigations

EU backs massive antitrust decision against Google but trims record fine

EU backs massive antitrust decision against Google but trims record fine

Last year, Google argued the EU’s decision was unfounded and that the bloc did not fine Apple, which gives preference to its own services such as Safari on iPhones.

Irish DPC submits Article 60 draft decision on inquiry into TikTok

Irish DPC submits Article 60 draft decision on inquiry into TikTok

As the EU Lead Supervisory Authority for TikTok, the DPC opened this inquiry in September 2021. The DPC has now submitted its draft decision to its colleagues.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

The DRAFT Design Process Standard – Institute of Operational Privacy Design

The DRAFT Design Process Standard – Institute of Operational Privacy Design

The Institute of Operational Privacy Design (IOPD) is dedicated to promotion and adoption of privacy design standards for organizations. Today, the IOPD is putting forth a draft of it’s first standard, the IOPD Design Process Standard, for how to implement and measure a company’s compliance with privacy by design requirements that are found in some of the privacy regulations and laws.

ICO: AI and data protection risk toolkit

Our AI toolkit is designed to provide further practical support to organisations to reduce the risks to individuals’ rights and freedoms caused by of their own AI systems.

Podcast: Is GDPR enforcement catching up?

Podcast: Is GDPR enforcement catching up?

This week, the Irish Data Protection Commission sanctioned Instagram for violating children’s privacy. After much waiting for the EU’s data protection rulebook to bite, privacy watchdogs have started to show their teeth. Is this a sign of a new trend? And how does it sit with the ongoing discussions about potential reforms of the General Data Protection Regulation? Tune in for this discussion with Isabelle Roccia, managing director for Europe of the International Association of Privacy Professionals, and Vincenzo Tiani, a partner at the law firm Panetta.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.