Privacy Transformation - Issue 178
PRIVACY
Analysis: New Hope for EU-US Data Transfer Mechanism Following White House Executive
The White House has issued its Executive Order (“EO”) on Enhancing Safeguards for United States Signal Intelligence Activities, which provides additional due process protections to the use of surveillance mechanisms by U.S. intelligence agencies and creates a new 2-layer redress mechanism for affected individuals.
RELATED: The EU-US Data Privacy Framework: A new era for data transfers?
EC: Questions & Answers - EU-U.S. Data Privacy Framework
The GDPR European Data Protection Seal Approved by the EU, a New Era for Privacy and Data Protection Compliance
The European Data Protection Board (EDPB) approved Europrivacy as European Data Protection Seal for certification under art. 42 (5) GDPR. Europrivacy enables companies to assess and formally certify their data processing compliance. Europrivacy certificates will be formally recognised in all E.U. Member States and will be taken into account by data protection supervisory authorities in case of litigation.
See Guidance Section for EDPB Opinion.
Analysis: Is Mere Worry Enough? “Non-Material Loss” claims for breach of data rights under the GDPR
The GDPR brought with it the possibility of, for the first time in Ireland, individuals (or groups of individuals) being allowed by law to claim damages for “non-material loss” arising from breaches of their data rights. Two recent and much-publicised English decisions have already restricted the scope for claims of this kind in the UK to those where there is more than a de minimis level of pain and suffering. This week, an opinion of the Advocate General in one of the cases awaiting judgment before the CJEU, suggests that the CJEU may follow suit.
RELATED: Advocate General Opinion - UI v Österreichische Post AG
Demanding employees turn on their webcams is a human rights violation, Dutch Court rules
When Florida-based Chetu hired a telemarketer in the Netherlands, the company demanded the employee turn on his webcam. The employee wasn’t happy with being monitored “for 9 hours per day,” in a program that included screen-sharing and streaming his webcam. When he refused, he was fired.
The 7 Legislative Developments That Will Disrupt The Global Advertising Ecosystem
From Brussels to New Delhi, these data privacy, protection and governance legislative changes are shaking up the advertising landscape. This story is part of The Drum’s Globalization Deep Dive.
RSA says GDPR limited the level of road crash data it could publish, as questions raised in Dáil
The RSA says this is due to the fact that ‘the data must be treated as personal data in order to comply with GDPR demands’.
SECURITY & TECH
Insights: Privacy as Product
The way in which most businesses approach privacy issues is far from ideal and more often than not self-defeating. Compliance with data regulations has imposed itself as the central part of the work when privacy really is a product concern: as aspect you work on to make your product better and increase your revenue. How can we fix this?
Dutch scandal serves as a warning for Europe over risks of using algorithms
The Dutch tax authority ruined thousands of lives after using an algorithm to spot suspected benefits fraud — and critics say there is little stopping it from happening again.
DATA BREACH
Former Uber security chief found guilty of concealing data breach
A San Francisco jury has found Uber’s former chief security officer, Joe Sullivan, guilty of criminal obstruction for failing to report a 2016 cybersecurity incident to authorities.
ENFORCEMENT
Italian SA fines US company offering diabetes app
Notification of data breach to the Italian SA due to an employee’s sending – as part of an information campaign – email messages with the recipients’ addresses in the ‘Cc’ field rather than in the ‘Bcc’ one. This resulted into enabling every recipient to view the other recipients’ email addresses that in this case, also contained data disclosing health data.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
DPC: Data Subject Access Requests
The Irish Data Protection Commission has issued updated guidance to aid in identifying the core practical issues of compliance of Data Controllers with data protection legislation in relation to access requests.
RESOURCES
EDPB: Opinion 28/2022 on the Europrivacy criteria of certification
Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR)
Questions & Answers: EU-U.S. Data Privacy Framework
On 25 March 2022, President von der Leyen and President Biden announced that they had reached an agreement in principle on a new EU-U.S. Data Privacy Framework. The European Commission has published a Q&A sheet on the topic.
PrivacyTests.org: open-source tests of web browser privacy
PrivacyTests.org subjects major web browsers to a suite of automated tests to find out: which web browsers offer the best privacy protections?
AEPD: GDPR Risk Assessment Tool
The AEPD have released a tool to aid in the assessment of risk of processing activities.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.