Privacy Transformation - Issue 210

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Record Meta fine masks Europe’s privacy struggle

Five years and almost €4 billion worth of fines stemming from tougher privacy enforcement and the European Union is still asking if it's doing enough to protect personal data. Social media giant Meta was the latest to face a big penalty Monday when Ireland's privacy watchdog fined it a record €1.2 billion euros for privacy violations under the European Union’s General Data Protection Regulation.

🔗 RELATED:

Irish Data Protection Commission to open Brussels office to brief MEPs

The Data Protection Commission is establishing an office in Brussels to brief MEPs on regulatory matters amid criticism of its investigations into big tech companies.

European Commission: Statement ahead of the 5th anniversary of the General Data Protection Regulation

To mark the occasion of five years since the entry into application of the GDPR, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued this statement. [Read Statement]


SECURITY & TECH

The Untold Story of the Boldest Supply-Chain Hack Ever

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

Leaked Government Document Shows Spain Wants to Ban End-to-End Encryption

Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content.

🔗 RELATED: Message-scanning not incompatible with fundamental rights, Commission says

TikTok’s lead privacy regulator in Europe takes heat from MEPs

MEPs in the European Parliament had the opportunity of a rare in-person appearance by Ireland’s data protection commissioner, Helen Dixon, to criticize the bloc’s lead privacy regulator for most of Big Tech over how long it’s taking to investigate the video-sharing social media platform TikTok.

🔗 RELATED: Helen Dixon calls criticism of DPC ‘misplaced’


ENFORCEMENT

1.2 billion euro fine for Facebook as a result of binding decision

Following the EDPB’s binding dispute resolution decision of 13 April 2023, Meta Platforms Ireland Limited (Meta IE) was issued a 1.2 billion euro fine following an inquiry into its Facebook service, by the Irish Data Protection Authority. This fine, which is the largest GDPR fine ever, was imposed for Meta’s transfers of personal data to the U.S. on the basis of standard contractual clauses (SCCs) since 16 July 2020. Furthermore, Meta has been ordered to bring its data transfers into compliance with the GDPR.

UK DPA: TikTok Information Technologies UK Limited and TikTok Inc (TikTok)

The Information Commissioner’s Office (ICO) has issued a £12,700,000 fine to TikTok Information Technologies UK Limited and TikTok Inc (TikTok) for a number of breaches of data protection law, including failing to use children’s personal data lawfully.

US: AG Ferguson’s lawsuit forces Google to pay nearly $40M over deceptive location tracking

Attorney General Bob Ferguson announced Google will pay $39.9 million to Washington state as a result of his office’s lawsuit over misleading location tracking practices. Google will also implement a slate of court-ordered reforms to increase transparency about its location tracking settings.


GUIDANCE & OPINIONS

ICO: Subject Access Request Q&A for Employers

ICO publishes new guide on responding to subject access requests for employers.

EDPS: Opinion 20/2023 on the Proposal for a Regulation on the transfer of proceedings in criminal matters

EDPS Opinion 20/2023 on the Proposal for a Regulation on the transfer of proceedings in criminal matters.


RESOURCES

Updated: One-Stop-Shop case digest on right to object and right to erasure

These thematic case digests analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) decisions taken from the EDPB’s public register. The OSS thematic digests are a valuable resource to showcase how Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions taken by, and involving, different SAs relating to specific data subject rights.

UK: Supporting documents assessing the impact of the Data Protection and Digital Information Bill

Supporting documents assessing the impact of the Data Protection and Digital Information Bill, including UK GDPR, Data Protection Act and PECR revisions.

▶ Video: The A.I. Dilemma

Tristan Harris and Aza Raskin discuss how existing A.I. capabilities already pose catastrophic risks to a functional society, how A.I. companies are caught in a race to deploy as quickly as possible without adequate safety measures, and what it would mean to upgrade our institutions to a post-A.I. world.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!