Privacy Transformation - Issue 197

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Brussels sets out to fix the GDPR

The European Commission will propose a new law before the summer that’s aimed at improving how EU countries’ privacy regulators enforce the GDPR, a newly published page on its website showed.

🔗 RELATED: The EU is planning a major GDPR law that could impact Irish DPC

Concern over use of Chinese CCTV for new children’s hospital

The operators of the new National Children’s Hospital are facing calls to drop plans to install Chinese-made surveillance cameras at the new €1.7bn facility due to open next year.

Government seeks experts to ensure Mother and Baby Home redress scheme doesn't break GDPR rules

The Government said it needs “specialist expertise in Data Security, GDPR and Data Protection” on an ongoing basis to support the Department of Children as it establishes the redress scheme for survivors of mother and baby institutions.

State yet to advertise for new data commissioners

The Irish Data Protection Commission, in effect Silicon Valley’s leading data protection watchdog in Europe, is set to remain stretched in a raft of high-profile privacy investigations after the Republic failed to deliver on a pledge to beef up its senior ranks.

🔗 RELATED: Data Protection Commission still without senior hires

German Constitutional Court strikes down predictive algorithms for policing

The German Federal Constitutional Court declared the use of Palantir surveillance software by police in Hesse and Hamburg unconstitutional in a landmark ruling on Thursday (16 February).

Code of conduct to protect youth data online

A code of conduct is to be developed on the protection of youth data online. The plan has been announced by Technology Ireland, the Ibec group that represents the technology sector.

📣 Opinion: How’s Data Protection Doing In Your Country?

The categories of drivers for good data protection behaviours are not unlimited in number, or equal in power, but they include legal drivers, consumer pressure, activism, operational failures, corporate governance and more esoteric ideas such as reputation, ESG, enlightened self-interest and business purpose.

EDPB: Boosting enforcement and cooperation - EDPB sets out its priorities for 2023-2024

The EDPB has adopted its new work programme, setting out its priorities and putting the Board’s strategic objectives into practice.

EDPS to pilot the use of Open Source Software

The EDPS has started piloting the use of the Open Source Software Nextcloud and LibreOffice Online. Together, they offer the possibility to share files, send messages, make video calls, and allows collaborative drafting, in a secured cloud environment.


SECURITY & TECH

European Commission bans TikTok from corporate devices

The EU executive’s IT service has asked all Commission employees to uninstall TikTok from their corporate devices, as well as the personal devices using corporate apps, citing data protection concerns.

Warnings were issued over a log-in system used by Cork university in weeks before cyber attack

Global warnings about a weakness in a virtual computer system used by Munster Technological University were issued just weeks before it was targeted by a Russian hacker group.

Warning that Ireland's FDI at risk if cyber security not taken seriously

Ireland risks losing massive amounts of the foreign direct investment on which it depends, if it does not start taking cyber security seriously.

CCTV: Welsh police and government turn off Chinese Hikvision cameras

The use by many Welsh public bodies of CCTV cameras linked to China is set to be scrapped or paused after concerns about security and human rights.

Privacy Regulators Step Up Oversight of AI Use in Europe

European privacy regulators are intensifying their scrutiny of companies’ use of artificial intelligence, hiring experts and opening new units to crack down on data violations.

Meta Shifts UK Users to US Agreements in Post-Brexit Move

Meta Platforms Inc. will begin moving its UK users away from the company’s Irish subsidiary and onto US agreements in a move the social-media giant flagged post-Brexit.

Does paid-for Facebook and Instagram signal end of free-access orthodoxy?

Mark Zuckerberg’s social media empire is built on billions of users – and the advertisers who pay vast sums to grab their attention. But that business model is under pressure on several fronts. It is against this backdrop that Meta, the owner of Facebook and Instagram, said on Sunday it is trialling subscriptions for both social media platforms.


DATA BREACH

Tusla says 20,000 people had personal info stolen in 2021 cyber attack

Tusla is to begin contacting 20,000 people whose personal information was stolen during the 2021 cyber attack on the Health Service Executive.

Ransomware gang uses new zero-day to steal data on 1 million patients

Community Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients.


ENFORCEMENT

Experian ‘very pleased’ with outcome of appeal against ICO action

The Information Commissioner’s Office (ICO) has said it will consider whether to appeal, following a ruling on its action to require Experian to change how it handle’s people’s personal data. The judgment supported aspects of the ICO’s decision, while allowing Experian’s appeal in other areas.

🔗 RELATED:

ICO: Former 111 call centre advisor fined for illegally accessing medical records

A former 111 call centre advisor has been found guilty and fined for illegally accessing the medical records of a child and his family.


GUIDANCE & OPINIONS

ICO: Top tips for games designers – how to comply with the Children’s code

The Children’s code is a code of practice that sets out how online services, likely to be accessed by children, should protect them in the digital world. We’ve audited game design companies to better understand how the Children’s code applies in the games sector and importantly, what steps games companies can take to make sure they apply with the code. We’ve set out our top tips to ensure your players have a good game.


RESOURCES

One-Stop-Shop Case Digests

These thematic case digests analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) decisions taken from the EDPB’s public register.

▶ Webinar: IAPP - Leveraging privacy governance for the responsible use of AI

Artificial intelligence governance is the hot topic of the day. Find out what you need to know by watching a recording of the IAPP's recent LinkedInLive on the topic.

Genuine opt out and opt in consent requires that people have knowledge about commercial data-extraction practices as well as a belief they can do something about them. As we approach the 30th anniversary of the commercial internet, the latest Annenberg national survey finds that Americans have neither. High percentages of Americans don’t know, admit they don’t know, and believe they can’t do anything about basic practices and policies around companies’ use of people’s data.

European Parliament: Draft motion for a resolution on the adequacy of the protection afforded by the EU-US Data Privacy Framework

European Parliament resolution on the adequacy of the protection afforded by the EU-US Data Privacy Framework.

📗 Future of Privacy Forum - Overview of Regulatory Strategies of European Data Protection Authorities for 2023 and Beyond

The Future of Privacy Forum released a report that explores “Evolving enforcement priorities in times of debate – Overview of regulatory strategies of European Data Protection Authorities for 2023 and beyond.

[Read Report]

📕 ENISA: Interoperable EU Risk Management Toolbox

This document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information security RM methods. The toolbox aims to facilitate the smooth integration of various RM methods in an organisation’s environment or across organisations and bridge the gaps associated with the methods’ disparate respective approaches. With the help of the toolbox, shareholders will be able to have a common understanding of risks and report interoperable risk assessment results to the community and competent authorities.

📙 ENISA: Demand Side of Cyber Insurance in the EU

The report analyses current perspectives and challenges of Operator of Essential Services (OESs) related to the acquirement of cyber insurance services.


CONTRIBUTE‌‌

Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!