Privacy Transformation - Issue 182
PRIVACY
Data Protection Commission pleads for new senior staff
The Data Protection Commission (DPC) warned of a desperate need to appoint new senior staff to ensure it could speed up how it makes decisions.
Irish DPC submits Article 60 draft decision on inquiry into Yahoo!
The Data Protection Commission (DPC) has submitted a draft decision in an inquiry into Yahoo! EMEA Limited to other Concerned Supervisory Authorities, or fellow regulators, across the EU. The inquiry, which commenced on 1 August, 2019, centred around Yahoo!’s compliance with its obligations under Articles 5(1)(a), 12, 13 and 14 of the GDPR.
‘We were taken for fools’: MEPs fume at UK data protection snub
MEPs were in Britain to scrutinize the country’s GDPR reform plans.
UK: ‘Woeful’ Department for Education blamed as betting firms gain access to children’s data
The department has been found responsible for an ‘unacceptable’ breach of data protection laws.
RELATED: Department for Education warned after gambling companies benefit from learning records database
Analysis: Does privacy end at death?
In most contexts, we think of privacy interests as situated in the individual person. It is, after all, my own data privacy that I manage. I exert control and autonomy over information about me. Unless I have a legal guardian, only I can request access, deletion, or other data subject rights. But what about when I’m gone?
SECURITY & TECH
UK government set to extract hospital data to Palantir system without patient consent
'You'll be hearing from us,' say privacy campaigners who previously forced the government to back down
Twitter's lead EU watchdog for data protection has fresh questions for Musk
Twitter's lead regulator in the EU is on its case after the resignation of senior staff in charge of security and privacy compliance.
British govt is scanning all Internet devices hosted in UK
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.
RELATED: NCSC - Scanning the internet for fun and profit
Harmful AI rules: Now brought to you by Europe & Co., Inc.
Companies, many of them from outside Europe, will play a key role in deciding the details of the European Union’s planned rules for potentially dangerous artificial intelligence. But corporate influence over decisions that risk human rights has some activists worried.
National cyber security centre join forces with international teams to fight ransomware hackers
The meeting in the White House in Washington DC was attended by the States cyber security officials.
AI Act: Czech EU presidency makes final tweaks ahead of ambassadors’ approval
The Czech presidency of the EU Council shared with the other EU countries on Thursday (3 November) the final version of the AI Act, a flagship EU legislative initiative, which is set to be approved at the ambassador level by mid-November.
GDPR and the AI Act interplay: Lessons from FPF’s ADM Case-Law Report
This blog will explore: the link between the GDPR’s provisions as relevant for Automated Decision Making and the AI Act Proposal.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
DATA BREACH
HSE cyberattack: More than 100,000 people whose personal data stolen to be contacted
More than 100,000 people who had their personal data stolen during the HSE cyberattack last year will begin being contacted by the service in the coming weeks.
ENFORCEMENT
Safety of property can be a legitimate interest for GPS tracking, but the measure must be appropriate and necessary
The data controller introduced GPS tracking of seven company vehicles in 2009, after a theft event at worksite. The vehicles were used for fieldwork transport and installation of equipment at client’s premises. The purpose of GPS tracking was to insure the vehicles, expensive equipment and documents, that are in the vehicle in case of theft.
More on the latest GDPR enforcement news can be found on:
GUIDANCE & OPINIONS
Analysis: New ICO guidance on direct marketing using electronic mail and live calls
The Information Commissioner's Office (ICO) has published new guidance on direct marketing using electronic mail and live calls, aimed at providing a more detailed overview of the rules on direct marketing as well as practical examples.
RESOURCES
ICO: How to use AI and personal data appropriately and lawfully
The use of AI transcends across different regulatory remits and therefore, regulators need to have a grounding in the lawful and appropriate use of personal data and AI systems, and its opportunities and risks. This grounding will help regulators when they need to assess the use of AI in the sector(s) they regulate. It will also help regulators who are using AI as part of their regulatory remit to do so appropriately and lawfully.
Report: NYC Bias Audit
Our team of experts in the fields of HR, employment, assessment, and AI Ethics have come together to draft a bias audit, in order to aid the NYC Council’s call for bias audit cover automated employment decision tools.
EDPS: Tech Sonar Report
The EDPS has published the outcome of their second TechSonar Report, with an updated set of technologies that the EDPS consider to be of primary importance to increase the preparedness of stakeholders in the field of personal data protection.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.