Privacy Transformation - Issue 210
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Record Meta fine masks Europe’s privacy struggle
Five years and almost €4 billion worth of fines stemming from tougher privacy enforcement and the European Union is still asking if it's doing enough to protect personal data. Social media giant Meta was the latest to face a big penalty Monday when Ireland's privacy watchdog fined it a record €1.2 billion euros for privacy violations under the European Union’s General Data Protection Regulation.
🔗 RELATED:
- Data Protection Commission announces conclusion of inquiry into Meta Ireland
- Decision of the Data Protection Commission
- Meta vows to appeal €1.2bn fine by Irish data watchdog
- Meta: Our Response to the Decision on Facebook’s EU-US Data Transfers
- noyb: 1.2 billion GDPR fine for Meta over US mass surveillance. Decision required 10 years and 3 court procedures against Irish DPC
- Don’t be fooled by Meta’s fine for data breaches, says Johnny Ryan
Irish Data Protection Commission to open Brussels office to brief MEPs
The Data Protection Commission is establishing an office in Brussels to brief MEPs on regulatory matters amid criticism of its investigations into big tech companies.
European Commission: Statement ahead of the 5th anniversary of the General Data Protection Regulation
To mark the occasion of five years since the entry into application of the GDPR, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued this statement. [Read Statement]
SECURITY & TECH
The Untold Story of the Boldest Supply-Chain Hack Ever
The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.
Leaked Government Document Shows Spain Wants to Ban End-to-End Encryption
Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content.
🔗 RELATED: Message-scanning not incompatible with fundamental rights, Commission says
TikTok’s lead privacy regulator in Europe takes heat from MEPs
MEPs in the European Parliament had the opportunity of a rare in-person appearance by Ireland’s data protection commissioner, Helen Dixon, to criticize the bloc’s lead privacy regulator for most of Big Tech over how long it’s taking to investigate the video-sharing social media platform TikTok.
🔗 RELATED: Helen Dixon calls criticism of DPC ‘misplaced’
ENFORCEMENT
1.2 billion euro fine for Facebook as a result of binding decision
Following the EDPB’s binding dispute resolution decision of 13 April 2023, Meta Platforms Ireland Limited (Meta IE) was issued a 1.2 billion euro fine following an inquiry into its Facebook service, by the Irish Data Protection Authority. This fine, which is the largest GDPR fine ever, was imposed for Meta’s transfers of personal data to the U.S. on the basis of standard contractual clauses (SCCs) since 16 July 2020. Furthermore, Meta has been ordered to bring its data transfers into compliance with the GDPR.
UK DPA: TikTok Information Technologies UK Limited and TikTok Inc (TikTok)
The Information Commissioner’s Office (ICO) has issued a £12,700,000 fine to TikTok Information Technologies UK Limited and TikTok Inc (TikTok) for a number of breaches of data protection law, including failing to use children’s personal data lawfully.
US: AG Ferguson’s lawsuit forces Google to pay nearly $40M over deceptive location tracking
Attorney General Bob Ferguson announced Google will pay $39.9 million to Washington state as a result of his office’s lawsuit over misleading location tracking practices. Google will also implement a slate of court-ordered reforms to increase transparency about its location tracking settings.
GUIDANCE & OPINIONS
ICO: Subject Access Request Q&A for Employers
ICO publishes new guide on responding to subject access requests for employers.
EDPS: Opinion 20/2023 on the Proposal for a Regulation on the transfer of proceedings in criminal matters
EDPS Opinion 20/2023 on the Proposal for a Regulation on the transfer of proceedings in criminal matters.
RESOURCES
Updated: One-Stop-Shop case digest on right to object and right to erasure
These thematic case digests analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) decisions taken from the EDPB’s public register. The OSS thematic digests are a valuable resource to showcase how Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions taken by, and involving, different SAs relating to specific data subject rights.
UK: Supporting documents assessing the impact of the Data Protection and Digital Information Bill
Supporting documents assessing the impact of the Data Protection and Digital Information Bill, including UK GDPR, Data Protection Act and PECR revisions.
▶ Video: The A.I. Dilemma
Tristan Harris and Aza Raskin discuss how existing A.I. capabilities already pose catastrophic risks to a functional society, how A.I. companies are caught in a race to deploy as quickly as possible without adequate safety measures, and what it would mean to upgrade our institutions to a post-A.I. world.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!