Privacy Transformation - Issue 190
PRIVACY
Data Protection Commission increases Meta fines to €390m after European ruling
Facebook and Instagram not entitled to rely on legal basis currently used to justify data collection under GDPR, says Irish regulator.
RELATED:
Noyb: Meta (Facebook and Instagram) prohibited from using personal data for advertisement
Data Protection Commission tries to make victory of its U-turn on Facebook and Instagram
SECURITY & TECH
Ransomware gang apologizes, gives SickKids hospital free decryptor
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization.
US passes the Quantum Computing Cybersecurity Preparedness Act
Remember quantum computing, and the quantum computers that make it possible? Along with superstrings, dark matter, gravitons and controlled fusion (hot or cold), quantum computing is a concept that many people have heard of, even if they know little more about any of these topics than their names.
LastPass password vaults crackable for $100, alleges 1Password
LastPass has claimed that it would take millions of years to crack a user's master password, but a rival company claims that the process won't take nearly that long, and could be done for a mere $100.
RELATED: Not in a million years: It can take far less to crack a LastPass password
DATA BREACH
Twitter in data-protection probe after '400 million' user details up for sale
Politicians and celebrities are said to be affected but the scale of the data breach is unverified.
RELATED: Hackers leak email addresses tied to 235 million Twitter accounts
UCD reports six personal data breaches to watchdog
University had expenditure of €6.6m in the year to September 2021 that was not compliant with procurement regulations.
ENFORCEMENT
Data Protection Commission announces conclusion of two inquiries into Meta Ireland
The Data Protection Commission has announced the conclusion of two inquiries into the data processing operations of Meta Platforms Ireland Limited (“Meta Ireland”) in connection with the delivery of its Facebook and Instagram services. (Meta Ireland was previously known as Facebook Ireland Limited).
Polish SA imposed fine on telecom operator for failure to notify the personal data breach
Only after the company received a notice from the Polish SA on initiating administrative proceedings, the controller sent a notification of a personal data breach to the supervisory authority, along with the letter communication to the subscriber on the personal data breach.
RESOURCES
DPC Case Studies: 3 New Cases Studies
The DPC has published three new case studies :
- Disclosure of personal data
- Fair processing of personal data
- Unlawful processing of photograph and erasure request under Article 17 of GDPR
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!