Privacy Transformation - Issue 195

Curated privacy news, insights & resources, with a focus on Irish and EU developments.

PRIVACY

Digital Rights Ireland to sue for damages for Facebook users over dark web data leak

Digital Rights Ireland has said it intends to sue for damages for Facebook users across the EU whose data was leaked to the dark web. It comes after DRI resolved its court case with the Data Protection Commission (DPC), in what it said is a victory for Facebook users whose data was leaked.

EU Privacy Chief Warns Criticism May Upend Irish Watchdog Role

Persistent criticism over the Irish Data Protection Commission’s handling of high profile investigations could threaten the country’s role as the European Union’s lead regulator of Big Tech, the watchdog’s chief has warned.

European Parliament readies position on the Data Act

The Data Act is a flagship EU legislation to regulate how data is accessed, ported and shared. In the European Parliament, lawmakers of the Industry committee have been spearheading the work and are set to adopt their report on 9 February.

📣Opinion: Compromise required to resolve impasse on data privacy regulation

Ireland will play a big role whenever the early history of Europe’s data-based economy is written, but it remains open whether it will be positive or negative. Nearly five years after a new EU data protection regime (GDPR) came into effect, efforts to create a cohesive pan-European regime – for citizens and business – remain contested.

📰 ICO: Update on the ICO’s change of approach to regulating communication service providers

As part of ICO25 we are aiming to reduce data protection compliance burdens and costs for businesses by providing regulatory clarity, support and guidance, as well as focussing our resources where we can have the greatest impact. This change in approach will allow the ICO to better use resources on investigations where significant harm has been, or is likely to be, caused to individuals and where we can have the greatest impact as a proportionate regulator.

📣Opinion: Privacy Is a Right - Protecting It Is Not Extreme

There comes a time in any lobbyist's career when the moment calls for taking a fringe position completely at odds with emerging policy consensus. When both political parties, industry players, and civil society activists have all grown wise to whatever con your particular interest group is playing and the walls are closing in, stick to a tried-and-true message: "I'm not extreme, you're extreme!".

SECURITY & TECH

When Hackers Hobbled Ireland’s Hospitals, They Took Themselves Down Too

A 2021 ransomware attack froze the country’s biggest health system, showing some cybercriminals the line they didn’t want to cross.

Italy bans U.S.-based AI chatbot Replika from using personal data

Italy's Data Protection Agency is prohibiting artificial intelligence (AI) chatbot company Replika from using the personal data of Italian users, citing risks to minors and emotionally fragile people.

🔗 RELATED:

• Garante's Order
• Press Release

Musk’s Twitter is facing tricky questions over data deletion

European data protection regulators are “engaging” with Twitter following a series of complaints from users that it’s ignoring requests to delete their direct messages.

Delete TikTok or risk your data being exposed to 'hostile' threats, warns foreign affairs committee chief

TikTok has become a cultural phenomenon and has more than one billion users, but concerns are growing about its Chinese parent company. While the UK is not currently entertaining a wholesale ban like the US, Britons are being urged to consider whether using the app is a good idea.

Millions of passport photos of innocent foreigners in police face database

An investigation by RTL Nieuws determined that the police have maintained a facial recognition database containing millions of photos of people who have come to the Netherlands from outside Europe.

✍🏻 ICO: Using FRT in schools – letter to North Ayrshire Council

We have issued a letter to North Ayrshire Council (NAC) following their use of Facial Recognition Technology (FRT) to manage ‘cashless catering’ in school canteens. The story was first brought to us in October 2021 when NAC introduced FRT into nine of its schools. NAC stopped processing shortly after data protection concerns were raised with us.

DATA BREACH

DPC 'assessing' data breach report from Munster Technological University cyber attack

The Data Protection Commission is “assessing” a reported data breach at the Munster Technological University (MTU) in this week’s ransomware attack. MTU Cork confirmed last night that hackers had encrypted data and demanded a ransom.

🔗 RELATED: MTU confirms Cork IT breach was caused by ransomware attack

Dutch hacker steals data from virtually entire population of Austria

A Dutch hacker has been arrested after reportedly stealing data belonging to 9 million Austrian citizens through a misconfigured cloud database.

JD Sports says 10 million customers hit by cyber-attack

Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber-attack.

ENFORCEMENT

Finish DPA: Administrative fine imposed on company for processing health information without the appropriate consent

The company had not asked the users of its service for their specific consent to the processing of health-related personal data. The Office of the Data Protection Ombudsman imposed an administrative fine on the company for violating the General Data Protection Regulation since the processing of health data is part of the company's core business. In addition, the Data Protection Ombudsman ordered the company to rectify its practices for requesting consent.

RESOURCES

📗 Report: ISACA - Privacy in Practice 2023

Organizations that practice privacy by design are more likely to be confident in their ability to protect the privacy of sensitive data, according to new research from ISACA. ISACA’s Privacy in Practice 2023 survey report, released ahead of Data Privacy Day on 28 January, finds that those enterprises that always practice privacy by design reap rewards but also must work through significant challenges when it comes to privacy budgets, staffing and skills gaps.

[Access Report]

📕 Report: Study on the impact of recent developments in digital advertising on privacy, publishers and advertisers

This study has collated evidence which on balance indicates a strong case to reform digital advertising. It indicates that the status quo is unsustainable for individuals, publishers and advertisers. Digital advertising that relies on the collection of personal data, tracking and massive-scale profiling can have unintended consequences on data protection rights, security, democracy and the environment.

[Access Report]

📋 Survey: Data protection officers point to problems applying GDPR

A survey by the Swedish Authority for Privacy Protection (IMY) notes that less than half of responding data protection officers assess that their own organisation works continually and systematically with data protection.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!