Privacy Transformation - Issue 201
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Bank of Ireland apologises for errors giving 'unauthorised people' access to customers' online accounts
Bank of Ireland has apologised after a series of errors gave unauthorised people access to customers' Banking365 online accounts.
🔗 RELATED: DPC Inquiry into Bank of Ireland 365
EU institutions prepare to negotiate the European Digital Identity
The European Digital Identity is designed to provide the legal framework for establishing a system of national digital wallets interoperable across the EU where citizens can access all documents, from birth certificates to driving licenses.
EU Commission suing Czechia for not protecting whistleblowers
The European Commission is suing Czechia for not having introduced rules to protect whistleblowers.
Irish Government Publishes General Scheme of the Digital Services Bill 2023
The Digital Services Bill will support, at a national level, the Digital Services Act (Regulation (EU) 2022/2065) which came into force on 16 November 2022.
SECURITY & TECH
Facebook political microtargeting at center of GDPR complaints in Germany
In its latest piece of strategic litigation, the precision-punching European privacy rights campaign group noyb has used data donated by users of the ‘Who Targets me‘ browser extension, which analyzes political microtargeting on Facebook, to build a case against every political party in Germany — for what it alleges is unlawful processing of voters’ personal data via Facebook’s adtech platform during the 2021 federal elections.
🔗 RELATED:
- German parties accused of breaching data protection rules
- noyb: Political microtargeting on Facebook: an election promise just for you!
More Palantir controversy over claims leaked document ‘shows NHS data sharing’
NHS England and the UK government are coming under fire as internal documents appeared to reveal that hospitals in the country have been ‘ordered’ to share patients’ confidential medical records with US tech firm, Palantir.
✍🏻 Opinion: Bill Gates: The Age of AI has Begun
Bill Gates has published a letter on the future of artificial intelligence, focusing on three sectors that AI could be transformative: the workforce, healthcare, and education.
ChatGPT bug leaked users' conversation histories
A ChatGPT glitch allowed some users to see the titles of other users' conversations, the artificial intelligence chatbot's boss has said.
🔗 RELATED: ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence
💡 Insights: Lurking Beneath the Surface: Hidden Impacts of Pixel Tracking
A deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx & BetterHelp.
What the hell is wrong with TikTok?
The Chinese app famous for dancing teenagers has got Western officials in a spin over allegations of espionage and addiction.
🔗 RELATED: Congress grills CEO on China concerns and teen mental health
UK NCSC launches flagship new services to help millions of small organisations stay safe online
New online tools for small organisations to help find and fix any cyber security issues.
DATA BREACH
Ferrari discloses data breach after receiving ransom demand
Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's IT systems.
Ransomware Gang Threatens Amazon’s Ring With Data Leak
A ransomware gang is threatening the largest system of doorbell cameras in the US, claiming that it has some amount of stolen data. The group claims to have broken into Amazon’s Ring system, though Amazon has yet to confirm the incident.
ENFORCEMENT
Irish SA: Inquiry into Bank of Ireland 365
The DPC has imposed an administrative fine of €750,000 and issued a reprimand to Bank of Ireland for data breaches that resulted in unauthorised access to other people’s accounts via the Bank of Ireland 365 App.
🔗 RELATED: Bank of Ireland fined €750k for data breaches
Norwegian SA: Fine issued to Argon Medical Devices for infringement of GDPR requirement to notify without undue delay
Datatilsynet has issued an administrative fine of EUR218,365 against Argon Medical Devices for failing to notify a personal data breach without undue delay.
Finnish SA: Administrative fine imposed on Suomen Asiakastieto Oy for non-compliance with the supervisory authority’s order
The Finnish SA imposed an administrative fine on EUR440,000 on the controller for failing to erase inaccurate payment default entries saved into the credit information register due to inadequate practices. The SA pointed out that a payment default entry has a significant impact on the rights and freedoms of an individual.
GUIDANCE & OPINIONS
EDPS Opinion on the Proposal for a Regulation on European statistics on population and housing
The EDPS has issued an Opinion on the Proposal for a Regulation on European statistics on population and housing. The Proposal contains provisions aiming to facilitate access to available data sources that will improve the production processes and general quality of social statistics.
Advocate General: Opinion in Case C-634/21 regarding automated scoring of creditworthiness
Advocate General Pikamäe: the automated establishment of a probability concerning the ability of a person to service a loan constitutes profiling under the GDPR.
[Read Press Release & Opinion]
RESOURCES
📘 Paper: Applying the Rule of Law in Automated Decision Systems through Rules as Code
In this Submission, we develop recommendations which expand on how Rules as Code-compliant legislation can be developed, and how it can be incorporated in automated decision systems.
⚖ GDPR Legal Text Reference
A clean, fresh, user (and privacy)-friendly GDPR reference for the busy privacy professional.
📕 ENISA: Transport Threat Landscape
This report is the first analysis conducted by ENISA of the cyber threat landscape of the transport sector in the EU. The report aims to bring new insights into the reality of the transport sector by mapping and studying cyber incidents from January 2021 to October 2022.
🔶 FPF: Infographic exploring implications of Open Banking Data Flows and Security for Individuals
The Future of Privacy Forum (FPF), a global non-profit focused on privacy and data protection, has published an infographic, “Open Banking And The Customer Experience,” visualizing the US open banking ecosystem.
📕 ENISA: Single Programming Document 2023-2025
This is the main body of ENISA's Work Programme describing, in terms of its operational and corporate activities, what the Agency aims to deliver in the year 2023 towards achieving its strategy and the expected results.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!