Privacy Transformation - Issue 177
PRIVACY
Biden signs executive order on EU-U.S. data privacy agreement
The order will set surveillance limits and establish a new court for European citizens to redress privacy concerns with US intelligence agencies.
RELATED: Whitehouse Statement
Data Protection Commission warned legal costs could drain resources, document shows
The risk register also warned of the difficulty in securing enough government funding and getting sanction for “key items of expenditure”.
RELATED: Data Protection Commission warns of dangers of ‘negative outcome’ from court cases
DSA: Council gives final approval to the protection of users' rights online
The Council approves new rules to protects the digital space against the spread of illegal content through the Digital Services Act.
Irish DPC submits Article 60 draft decision on inquiry into Meta
The Data Protection Commission (DPC) has submitted a draft decision in a large scale inquiry into Meta Platforms Ireland Limited (“MPIL”) to other Concerned Supervisory Authorities across the EU. This inquiry was commenced in April 2021 after media reports highlighted that a collated dataset of Facebook user personal data had been made available on the internet.
SECURITY & TECH
Gardaí and government warn businesses to prepare for potential ransomware attacks
The government and gardaí launched an awareness campaign today for European Cyber Security Month.
Peter Thiel Palantir (PLTR) Had Plan to Crack NHS: ‘Buying Our Way In’
Palantir Technologies had a secret plan to deepen its relationship with the UK’s National Health Service without public scrutiny.
AI Data Laundering: How Academic and Nonprofit Researchers Shield Tech Companies from Accountability
Tech companies working with AI are outsourcing data collection and training to academic/nonprofit research groups, shielding them from potential accountability and legal liability.
UK Government failing on AI regulation
The UK Government have published their vision for “Establishing a pro-innovation approach to regulating AI”.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
DATA BREACH
HSE apologises for data breach which saw vulnerable children's details released
Addresses and phone numbers were accidentally emailed outside the organisation.
People who had data stolen in HSE cyber attack yet to be informed
People who had their data stolen in last year's cyber attack on the Health Service Executive have yet to be informed.
ENFORCEMENT
ICO: Home Office warned after sensitive documents left at London venue
The ICO has issued a formal reprimand to the Home Office, after sensitive documents were found at a public London venue.
ICO: Catalogue retailer Easylife fined £1.48 million for breaking data protection and electronic marketing laws
The Information Commissioner’s Office (ICO) has fined Easylife Ltd £1,350,000 for using personal information of 145,400 customers to predict their medical condition and target them with health-related products without their consent. The company was also fined £130,000 for making 1,345,732 predatory direct marketing calls.
Processing of personal data related to Danish research projects
The case regards the processing of personal data related to Danish research projects by the genetic research company deCODE Genetics. The processing has taken place with reference to data processing agreements which the Danish Capital Area has made with the company, and the complainant considered that the company had exceeded its role as a processor and thus itself become a controller of unlawful processing.
More on the latest GDPR enforcement news can be found on:
RESOURCES
DPC: One-Stop-Shop Cross-Border Complaints Statistics Report
We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.
Open-Source ‘Consent-O-Matic’ Tool Lets Anyone Automatically Stop Websites From Tracking Them
"We shouldn't be having nicer pop-ups; we should just not have any pop-ups whatsoever," the researcher behind the tool said.
DPC Publishes New Case Studies
A number of new case studies have been published by the Irish Data Protection Commission, including:
- Amicable resolution - proof of identification and data minimisation
- Amicable resolution - Right to erasure and user generated content
- Amicable resolution in cross-border complaint - right to erasure
- Amicable resolution - right to erasure
- Disclosure and unauthorised publication of a photograph
- Legal basis for processing and security of processing
- Erasure request and reliance on Consumer Protection Code
- Debt collector involvement
EDPB: Coordinated Supervision Committee (CSC) Report of Activities 2020-2022
This bi-annual report summarises the work completed by the CSC during the first two years of its existence.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.