Privacy Transformation - Issue 191

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Meta Advertising Ban - Decision Published

The Irish DPC issued it's final decision on Meta's illegal processing of user data for personal advertising.

RELATED:
Analysis: Bare (Contractual) Necessity: DPC issues Final Decision on Meta Legal Basis
Analysis: Breaking down enforcement of Meta’s legal basis for personalized ads
Irish DPC to Challenge Fellow Regulators in Court Over ‘Problematic’ Direction

Digital Rights Ireland suing Facebook and DPC over Data Breach

Both Facebook's owner Meta and the Data Protection Commission are being sued by Digital Rights Ireland which claims “justice has been denied” to victims of a massive data breach at the social media giant.

German National competition regulator: Statement of objections issued against Google’s data processing terms

The Bundeskartellamt has reached the preliminary conclusion that, based on Google's current data processing terms, users are not given sufficient choice as to whether and to what extent they agree to this far-reaching processing of their data across services. The choices offered so far, if any, are, in particular, not sufficiently transparent and too general.

Insights: The curious case of Module 4

The new SCCs are not without their complexities. And one of these complications is the inclusion of Module 4 which is designed to cover processor to controller transfers.


SECURITY & TECH

Royal Mail halts international services after cyberattack

The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused by what it described as a "cyber incident."

EU leaders fire warning shots at TikTok over privacy

European Commission officials on Tuesday warned TikTok's CEO to respect EU laws and work on "regaining [the] trust of European regulators," as the Chinese-owned firm faces growing criticism over privacy.

Opinion: Republicans and Democrats, Unite Against Big Tech Abuses

Joe Biden: The American tech industry is the most innovative in the world. I’m proud of what it has accomplished, and of the many talented, committed people who work in this industry every day. But like many Americans, I’m concerned about how some in the industry collect, share and exploit our most personal data, deepen extremism and polarization in our country, tilt our economy’s playing field, violate the civil rights of women and minorities, and even put our children at risk.

Iran Says Face Recognition Will ID Women Breaking Hijab Laws

Iranian women are baring their heads to protest government controls. A top official said algorithms can identify anyone flouting dress codes.


DATA BREACH

Twitter claims leaked data of 200M users not stolen from its systems

Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems.

Data Protection Commission assessing alleged RTB data breach involving Kerry letting agency

The Data Protection Commission has confirmed it is assessing an alleged data breach by the RTB involving a Kerry letting agency.


ENFORCEMENT

Apple fined €8M in French privacy case

The regulator found that the U.S. tech giant did not "obtain the consent of French iPhone users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals," according to a statement released Wednesday.

France’s privacy watchdog fines Microsoft Ireland €60m

France’s CNIL privacy watchdog said it had imposed a €60 million fine against Microsoft Ireland, saying it sanctioned the company for not having put in place a mechanism to let people refuse cookies as easily as accepting them.

Finnish SA: Administrative fine on Viking Line for unlawful processing of employees' health data

According to the employee, Viking Line had been keeping their health data in an HR system for 20 years. Viking Line had saved diagnoses in connection with information on absences due to illness into the HR system. According to the complainant, some diagnosis information stored was inaccurate, because it was not possible to enter all diagnosis codes into it.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!