Privacy Transformation - Issue 199
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
European Commission says Ireland's new data law may be 'inapplicable'
The European Commission has dismissed Ireland’s new controversial data retention law as possibly “inapplicable and unenforceable”, as it was not submitted to the commission before its enactment.
UK introduces draft data protection reform
The U.K. released draft data protection reform of its General Data Protection Regulation. On Wednesday, U.K. Secretary of State for Science, Innovation and Technology Michelle Donelan introduced the Data Protection and Digital Information (No. 2) Bill to Parliament.
🔗 RELATED:
- Top ten takeaways from the draft UK GDPR reform
- UK Gov Press Release: British Businesses to Save Billions Under New UK Version of GDPR
Leading MEP enraged by Swedish presidency’s neglect of ePrivacy Regulation
The ePrivacy Regulation, once meant to be put in place together with the General Data Protection Regulation, has been stuck in a political stalemate for almost six years, first between national governments in the EU Council of ministers and now in the interinstitutional negotiations, so-called trilogues.
EDPS: Online child abuse draft law creates ‘illusion of legality’
In a closed-door meeting with EU lawmakers, the European Data Protection Supervisor criticised the proposal to fight Child Sexual Abuse Material as trying to mask breaches of fundamental rights.
Edwards talks data reform, ‘deliberate,’ ‘approachable’ ICO
Amid the introduction of a new data protection reform bill Wednesday, U.K. Information Commissioner John Edwards said the goals within the ICO25 strategic plan "are not predicated or dependent on law reform."
Facebook faces May D-Day for European blackout
Meta is facing a major legal decision within months that could see it shutter its Facebook service in Europe. Ireland’s privacy chief Helen Dixon, who heads the Irish Data Protection Commission (DPC), told POLITICO she was “very likely” to strike a final verdict on Facebook’s last legal tool for sending personal data to the U.S. before the European Union and the United States manage to roll out a new data-transfer agreement.
📣 Opinion: EDPB sees the glass half full on the EU-U.S. Data Privacy Framework
While the EDPB does identify some discrete areas where it believes that further improvement or clarification would be beneficial, it also emphasizes that there is no requirement for U.S. law to replicate EU law, and that the safeguards applied to transferred data must be assessed as a whole. Overall, the Opinion gives concrete grounds to believe that the new framework is likely to survive any future legal challenge.
SECURITY & TECH
Ireland to consider expanding cooperation with Nato in areas of cyber attacks and maritime intelligence
Ireland is considering expanding cooperation with Nato in the areas of cyber and hybrid attacks, maritime intelligence and strengthening resilience against attacks.
Irish data watchdogs to jointly assess cyber risks of TikTok
Irish Data Protection Commissioner Helen Dixon will meet the director of the National Cyber Security Centre (NCSC) over the potential safety issues linked to using TikTok in Ireland.
Tesla Tweaks Onboard Cameras Following Allegations of Privacy Invasion
The Dutch safety watchdog decided on Wednesday that it had concluded its investigation into Tesla and wouldn’t issue a fine against the company for its vehicle’s security cameras. The Dutch Data Protection Authority (DPA) carried out an investigation over concerns Tesla vehicles could be violating privacy laws with its security camera feature.
Responsible AI: What Does It Take to Turn Principles into Practice?
Are new regulations needed to safeguard AI use, or will best practices recommendations and existing laws be enough? And how can privacy frameworks set the groundwork for responsible AI practices?
RELATED: Humanity is sleepwalking into a neurotech disaster
FTC order bars BetterHelp from sharing data with social media platforms
Online counselling service BetterHelp will be banned from sharing consumer health data for advertising purposes and fined $7.8 million under a proposed Federal Trade Commission order issued Thursday.
Eurovision 2023: Hotel phishing scam targets song contest fans
Booking.com confirmed to BBC News that "some accommodation partners had been targeted by phishing emails" but denied it had suffered a data security breach.
DATA BREACH
Social media firms have helped MTU stop publication of cyberattack material, court told
Major social media platforms such as Twitter and Facebook owners Meta have been assisting Munster Technological University in its efforts to prevent confidential information about its staff and students from being widely published on the internet, the High Court has heard.
Gardaí and Fastway among those reprimanded for data breaches in 2022
An Garda Siochana and the Fastway delivery firm are among the organisations that were reprimanded over data breaches, according to a watchdog’s annual report.
WH Smith targeted by cyber attack with hackers accessing data on current and former employees
The high street retailer says its website, customer accounts and customer databases are on unaffected separate systems and an investigation has been launched into the incident.
ENFORCEMENT
Data Protection Commission applied fines of over €1bn in 2022
Ireland’s Data Protection Commission applied fines of over €1bn across 2022 as its investigations under GDPR ramped up.
DPC Decision: Inquiry into A&G Couriers Limited T/A Fastway Couriers
The personal data breach concerned the unauthorised access to personal data held by Fastway (a provider of courier services), while it was engaging with its service provider in order to undertake a modification to Fastway ICT systems to facilitate declarations of duty and VAT.
DPC Decision: Kildare County Council
This inquiry sought to assess whether Kildare County Council was processing personal data in compliance with the GDPR and the Data Protection Act 2018. The inquiry examined a number of the Council’s processing operations including its use of CCTV cameras in public places used for the purposes of prosecuting crime or other purposes.
FTC order bars BetterHelp from sharing data with social media platforms
Online counselling service BetterHelp will be banned from sharing consumer health data for advertising purposes and fined $7.8 million under a proposed Federal Trade Commission order.
GUIDANCE & OPINIONS
EDPS Opinion on the package of legislative Proposals on VAT in the Digital Age
EDPS Opinion on the package of legislative Proposals on VAT in the Digital Age.
RESOURCES
📗 Report: Data Protection Commission publishes 2022 Annual Report
Commissioner for Data Protection, Helen Dixon, has launched the Irish Data Protection Commission’s Annual Report for 2022.
📕 Report: ENISA: Embedded Sim Ecosystem, Security Risks and Measures
This report gives an overview of the eSIM technology, assesses the market potential in Europe and includes security challenges identified and proposed mitigation measures.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!