Privacy Transformation - Issue 183
PRIVACY
Is Elon Musk's Twitter about to fall out of the GDPR's one-stop shop?
Helmed by erratic new owner Elon Musk, Twitter is no longer fulfilling key obligations required to claim Ireland as its "main establishment" under the European Union's General Data Protection Regulation (GDPR).
RELATED:
Irish data watchdog meets with Twitter
After key privacy and security departures last week, Twitter names ‘acting DPO’
Insights: DPC 2022 - EU-US Data Privacy Framework on track, Schrems challenge to come
Well-known and influential names entrenched in the ongoing discussions around EU-U.S. data flows made their presence felt in back-to-back breakout sessions to cap off the final day of the IAPP Europe Data Protection Congress in Brussels, Belgium. EU and U.S. government officials took the stage focused on further touting and cementing the pending EU-U.S. Data Privacy Framework's workability.
UK wants EU visitors to give 'face and fingerprint biometrics' - but Irish will be exempt
The UK aims to implement measures that will require visitors and migrants from the European Union coming to the region, including Northern Ireland, to provide both their face and fingerprint biometrics.
World Cup Apps Hayya and Ehteraz under scrutiny due to privacy concerns
The 2022 World Cup uses two apps to monitor COVID-19 testing and entrance to the event. Some are worried they're also collecting private data.
SECURITY & TECH
Mass claim against Twitter for selling the data of 11 million Dutch users
The Netherlands Data Protection Foundation is preparing a mass claim against Twitter on behalf of 11 million Netherlands residents. According to the foundation, Twitter collected and sold their privacy-sensitive data without permission through the advertising company MoPub, Trouw reports.
Meta not fit to comply with data laws, human rights group tells EU
Dr Johnny Ryan of the ICCL wrote to EU commissioner Margrethe Vestager saying there exists a ‘regime of data anarchy’ at Meta.
Europe’s Spyware Scandal Is a Global Wakeup Call
Poland purchased Pegasus with funds intended to support victims of crime—and then used it to monitor opposition figures.
UK NCSC: Weekly Threat Report
The NCSC's threat report is drawn from recent open source reporting.
ENFORCEMENT
DISCORD INC. fined EUR800 000 by CNIL
During the investigation procedure, the company stated that it did not have a written data retention policy. The findings of the CNIL confirmed that there were 2,474,000 French user accounts in the DISCORD database that had not been used for more than three years and 58,000 accounts that had not been used for more than five years.
Meta Ireland looks to quash €405m Instagram fine over children's privacy
Meta claims the DPC decision is in breach of the Charter of Fundamental Rights of the EU and therefore invalid.
Google to pay record $391m privacy settlement
The technology company tracked users' locations despite them opting out, a US investigation found.
GUIDANCE & OPINIONS
EDPS: EU-wide cybersecurity requirements to protect privacy and personal data
Concretely, the proposed Regulation aims to set out EU-wide cybersecurity requirements for a broad range of hardware and software products and their remote data processing solutions. These include, for example, browsers, operating systems, firewalls, network management systems, smart meters or routers.
EDPB adopts Recommendations on the application for approval and on the elements and principles to be found in Controller Binding Corporate Rules
During its November plenary, the EDPB adopted Recommendations on the application for approval and on the elements and principles to be found in Controller Binding Corporate Rules.
EU Media Freedom Act: EDPS calls for better protection for all journalists and a ban on highly advanced military-grade spyware
In its Opinion published today, the EDPS welcomes the objectives pursued in the proposed EU Media Freedom Act to protect media freedom, independence and pluralism across the EU. Media freedom is a precondition for the functioning of media services in the EU’s internal market and, more importantly, a key enabler for the rule of law and democratic accountability in the EU.
RESOURCES
Briefing: Digital Services Act - European Parliament Think Tank
EU lawmakers have agreed on the digital services act (DSA), which aims to ensure fairness, trust and safety in the digital environment. The regulation entered into force in November 2022. The DSA puts in place a framework of layered responsibilities targeted at different types of online intermediary services, including network infrastructure services (e.g. cloud and webhosting), online platform services (e.g. app stores and social media platforms), and services provided by very large online platforms and very large online search engines that pose particular risks in the dissemination of illegal content and societal harms.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.