Privacy Transformation - Issue 184
PRIVACY
EU court throws access to anti-money laundering data in doubt
The future of public registers of business owners has been thrown into doubt after the Court of Justice of the EU ruled the provision whereby the information is accessible in all cases to any member of the general public is invalid.
Tusla spend over €400k on consultants without proper tender process
Child and family agency Tusla spent more than €400,000 hiring a consultancy firm, without a tender process, to deal with requests seeking access to personal information, including from survivors of mother and baby homes.
EU Commissioner meets Twitter representatives in Dublin
European Commissioner for Justice, Didier Reynders has met representatives from Twitter in Dublin amid concerns that staff departures will impact the company's ability to comply with EU regulations.
RELATED: EU privacy enforcer puts Elon Musk on notice as Twitter melts down
Analysis: ICO data transfers guide clarifies data exporter role in sub-processing
Major technology providers could rethink how they package arrangements around the sub-processing of personal data into the products and services they offer businesses in response to new guidance issued by the UK’s data protection authority, an expert has said.
French schools asked not to use Microsoft 365 and Google Workspace
Free versions of Microsoft 365 and Google Workspace violate European privacy rules, according to French education minister Pap Ndiaye.
SECURITY & TECH
Dutch government will stop using Facebook if it doesn’t improve private data handling
The government will stop using Facebook if the social media platform does not improve how it handles sensitive personal data, said State Secretary Alexandra van Huffelen, who handles digitization issues for the Cabinet. The company contracted to vet Facebook's privacy policy said it is unlikely the company will meet all requirements. It is therefore likely that the government will eventually withdraw from the social media platform.
Here’s How Bad a Twitter Mega-Breach Would Be
Elon Musk laid off half the staff, and mass resignations seem likely. If nobody’s there to protect the fort, what’s the worst that could happen?
Facebook has been receiving users’ financial info from tax preparers
The Markup found that tax preparation services including TaxAct, TaxSlayer, and H&R Block have sent users’ personal financial information to Facebook through the Meta Pixel.
ENFORCEMENT
Data Protection Commission indicates range of fines to be imposed on TikTok's Irish arm
The Irish Data Protection Commission (DPC) has indicated 'a preliminary range of fines' to be imposed on the Irish arm of TikTok, concerning its investigation into how the social media giant processes children’s data.
RELATED: EU confirms multiple ongoing investigations into TikTok data practices
RESOURCES
Video: ‘Schrems II’ & the EU-US DPF: Stakeholders volley - IAPP Europe Data Protection Congress 2022
‘Schrems II’ & the EU-US DPF: Stakeholders volley, IAPP Europe Data Protection Congress 2022.
Video: Keynote - Privacy in sports - IAPP Europe Data Protection Congress 2022
Keynote: Privacy in sports and the FIFA World Cup, IAPP Europe Data Protection Congress 2022.
Paper: The GDPR International Data Transfer Regime - the case for Proportionality and a Risk-Based Approach
The paper concludes that the European Charter of Fundamental Rights, the Treaty on European Union, the GDPR and relevant CJEU case law require a proportionate, risk-based approach to personal data transfers to third countries outside the EEA, which can be implemented in practice and which will help to address the legal uncertainty created by an unlawful strict interpretation of Schrems II and Chapter V of the GDPR.
Handbook: EU – DGA, Data Act, NISD2, DSA explained
This handbook provides a high-level overview summary of what the new EU laws do, who it applies to, and when it is likely to come into force. The intention is to provide an initial orientation to this exciting new digital landscape.
ICO: International transfers - empowering innovation and growth whilst protecting people’s personal information
It’s important that businesses and organisations know how to protect people’s personal information when making international transfers, which are central to the increasingly global nature of businesses. Our work in this area aims to provide certainty, for all involved, that the right level of protection is in place.
[Read Guidance on International Transfers]
Alternatives to Google Products: The Big List
This guide gives you alternatives to every Google product. This is the complete Google alternatives guide.
ENISA: NIS Investments 2022
This report marks the third iteration of ENISA's NIS Investments report, which collects data on how Operators of Essential Services (OES) and Digital Service Providers (DSP) identified in the European Union’s directive on security of network and information systems (NIS Directive) invest their cybersecurity budgets and how this investment has been influenced by the NIS Directive.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.