Privacy Transformation - Issue 186

PRIVACY

Meta faces record EU privacy fines

Meta faces record EU privacy fines

EU is finalizing imminent decisions on the legality of the US tech giant’s data-hungry business model.

RELATED:

Meta’s Targeted Ad Model Faces Restrictions in Europe

Noyb: Meta's business model declared illegal in the EU according to WSJ. Facebook, Instagram and WhatsApp can no longer run personalized ads without user consent

Dwyer's lawyers claim phone data retention is 'opportunistic form of mass surveillance'

Dwyer's lawyers claim phone data retention is 'opportunistic form of mass surveillance'

Lawyers for Graham Dwyer, who murdered vulnerable care worker Elaine O'Hara for his sexual gratification, have argued that the retention of mobile phone data is an "opportunistic form of mass surveillance" that transforms phones into tracking devices that can reveal a detailed picture of every aspect of a person's life.

RELATED: 'Illegitimate' data law still stands as EU was not notified of new act rushed through this year

HSE brace for likely legal actions following cyber breach disclosures

Solicitor Fred Logue told The Journal that patients and staff are entitled to compensation for material and non-material losses under GDPR.

ICO on Public Sector Enforcement: Providing certainty on how we enforce the laws we regulate

John Edwards, UK Information Commissioner, recently set out our strategic approach to regulatory action where he said: “Members of the public, and those affected by a breach or infringement, are entitled to know that we have held the business or organisation to account, and that they have changed their practices as a result.”

SECURITY & TECH

Microsoft 365 faces darkening GDPR compliance clouds after German report

Microsoft 365 faces darkening GDPR compliance clouds after German report

Legal trouble may be brewing for Microsoft in the European Union, where an assessment by a working group of German data protection regulators that's spent around two years looking into a swathe of privacy concerns attached to its cloud-based 365 productivity products.

Google must remove search data if proven inaccurate, EU court says

Google must remove search data if proven inaccurate, EU court says

The EU's Court of Justice ruled that Google must remove data if a person making the request can prove the information is inaccurate.

TikTok's employees in China can now access EU users' data; Dutch experts concerned

TikTok's employees in China can now access EU users' data; Dutch experts concerned

From today, TikTok’s employees in China can access European users’ data. That violates European privacy laws, Dutch experts told NOS after looking at the social media platform’s updated privacy statement.

Apple advances user security with powerful new data protections

Apple advances user security with powerful new data protections

iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud provide users important new tools to protect data.

‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them

‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them

In October, the university quietly introduced heat sensors under desk without notifying students or seeking their consent. Students removed the devices, hacked them, and were able to force the university to stop its surveillance.

DATA BREACH

LastPass says it was breached — again

LastPass says it was breached — again

The password manager said a hacker used information stolen from a breach of LastPass' systems in August to break in again.

Brendan O'Connor sues Mediahuis over data breach

Brendan O'Connor sues Mediahuis over data breach

RTÉ broadcaster is latest to claim emails were illegally accessed by people working for INM

ENFORCEMENT

EU court rejects WhatsApp challenge against EU Data Protection Board

EU court rejects WhatsApp challenge against EU Data Protection Board

The Court of Justice of the European Union has dismissed as inadmissible an action brought by WhatsApp against a decision of the European Data Protection Board, it said in a statement on Wednesday.

RELATED: General Court: WhatsApp annulment action inadmissible (EDPB)

Musk's Twitter Firings Shrank Compliance Teams, Risks Investigations and Fines

Musk's Twitter Firings Shrank Compliance Teams, Risks Investigations and Fines

The work of two key teams that Twitter Inc. relied on to comply with regulators abruptly stopped amid a rash of layoffs, resignations and firings, according to two people familiar with the matter. That puts the social media giant at risk of investigations and hefty fines, the people said.

DPC welcomes latest successful prosecution of marketing offences

DPC welcomes latest successful prosecution of marketing offences

The Data Protection Commission today welcomed the outcome of the prosecution proceedings that were taken by it at Naas District Court against a publishing company, Guerin Media Limited of Kill, Co. Kildare.

ICO: Five businesses fined a total of £435,000 for making nearly half a million unlawful marketing calls

The Information Commissioner’s Office (ICO) has fined five companies a total of £435,000 for making nearly half a million unlawful marketing calls to people registered with the Telephone Preference Service (TPS).

DPC: Inquiry concerning Meta Dataset

DPC: Inquiry concerning Meta Dataset

On 25 November 2022, the Data Protection Commission (‘the DPC’) adopted a decision to impose a fine of €265 million and to exercise other corrective powers on Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (‘Meta Platforms’).

RELATED: EDPB adopts Art. 65 dispute resolution binding decisions regarding Facebook, Instagram and WhatsApp

RESOURCES

ENISA: Foreign Information Manipulation Interference (FIMI) and Cybersecurity - Threat Landscape

ENISA: Foreign Information Manipulation Interference (FIMI) and Cybersecurity - Threat Landscape

The EU Agency for Cybersecurity (ENISA) and the European External Action Service (EEAS) have joined forces to study and analyse the threat landscape concerning Foreign Information Manipulation and Interference (FIMI) and disinformation. A dedicated analytical framework is put forward, consistent with the ENISA Threat Landscape (ETL) methodology, with the aim of analysing both FIMI and cybersecurity aspects of disinformation.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.