Privacy Transformation - Issue 213
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
KPMG found there was no legal basis for public services card database
The Department responsible for the beleaguered Public Services Card was unable to legally justify the creation of a database of citizens’ photos when the card process was reviewed by a private consultancy.
🔗 RELATED: Read PSC DPIA
How would facial recognition technology work in Ireland?
Government plans to give gardaí powers to use facial recognition technology in limited circumstances hit a stumbling block last month on Simon Harris's last day with the justice brief when he was reportedly accused of "taking shortcuts" by Green Party TD Patrick Costello.
🔗 RELATED: Every move being watched: the midlands town that is the CCTV capital of Ireland
Changes in laws brought about by Graham Dwyer EU Court of Justice ruling now in effect
Minister for Justice Helen McEntee has signed an order to bring new legislation on data retention into effect. The new law will give An Garda Síochána new permissions to retain specified data for a longer period of time if a judge rule that it’s in the interests of national security.
No one to pick up the phone when the regulator calls Twitter
"Twitter has not responded in relation to the invitation issued, nor has it been possible to make contact with the organisation by phone." So went an email to members of the Oireachtas Media Committee in April 2023 informing TDs and Senators that not only had Twitter failed to respond to an invitation to appear before them, it had not even been possible to make contact with the company's Dublin office by phone.
Google says Australia’s online privacy law should target websites instead of search engines
As country considers ‘right to be forgotten’, firm says it would be more effective to create legal obligations for sites hosting information.
SECURITY & TECH
Google delays EU launch of its AI chatbot after DPC raises concerns
Google has delayed a planned launch of its generative AI chatbot, Bard, in the European Union this week, according to the Irish Data Protection Commission — the tech giant’s lead data protection authority in the region.
🔗 RELATED:
- AI Act enters final phase of EU legislative process
- The outstanding concerns surrounding generative AI
- Don’t be blind to AI risks in rush to see opportunity – ICO reviewing key businesses’ use of generative AI
Using AI for loans and mortgages is big risk, warns EU boss
Discrimination is a more pressing concern from advancing artificial intelligence than human extinction, says the EU's competition chief. Margrethe Vestager told the BBC "guardrails" were needed to counter the technology's biggest risks.
Edward Snowden says surveillance technology is more intrusive than ever
Edward Snowden has warned that surveillance technology is so much more advanced and intrusive today it makes that used by US and British intelligence agencies he revealed in 2013 look like child’s play.
🔗 RELATED: US intelligence confirms it buys Americans’ personal data [Read Report]
Warning firms may use brain data to watch workers
Companies in the future may use brain-monitoring technology to watch or hire workers, the data watchdog says. But there is a real danger of discrimination if "neurotech" is not developed and used properly, the Information Commissioner's Office says.
From “Heavy Purchasers” of Pregnancy Tests to the Depression-Prone: We Found 650,000 Ways Advertisers Label You
A spreadsheet on ad platform Xandr’s website revealed a massive collection of “audience segments” used to target consumers based on highly specific, sometimes intimate information and inferences.
Zoom brings in new privacy measures following EU fine for Meta
Video communications business Zoom announced a handful of new privacy measures on Tuesday in the wake of a record fine for social media giant Meta for transferring European citizens’ data to the United States.
DATA BREACH
Fresh cyber attack impacts HSE
The Health Service Executive (HSE) has been impacted by a fresh cyber attack. Work is ongoing to determine the impact on HSE data following the attack which has been as criminal in nature and international in scale.
🔗 RELATED: HSE says 20 people's data breached in cyber-attack on third party recruitment software
Another huge US medical data breach confirmed after Fortra mass-hack
Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year.
ENFORCEMENT
Swedish SA: Spotify fined € 5 Million for GDPR violations
While users have a right to get access to all their data and information on the use of their data, Spotify did not fully comply with this obligation.
Italian SA: The Garante shows its teeth by seizing telemarketing databases
The Italian Supervisory Authority has acted against a network of telemarketing companies not only by imposing fines but also by physically seizing their databases. We consider the implications of this dramatic sanction.
GUIDANCE & OPINIONS
EDPB: Updated Guidelines on the calculation of administrative fines under the GDPR
The European Data Protection Board has adopted these guidelines to harmonise the methodology supervisory authorities use when calculating of the amount of the fine.
IE NCSC: Guidelines on Cyber Security Specifications (ICT Procurement for Public Service Bodies)
Ireland’s National Cyber Security Strategy 2019-2024 sets out key objectives to continuously develop and protect the State and its critical national infrastructure, as well as the general public. The recommendations in these guidelines aim to provide organisations with an improved understanding of the cyber security risks and challenges to be addressed when specifying their requirements for ICT goods and services, thereby helping raise the level of awareness in this area.
RESOURCES
💸 2023 IAPP Privacy Professionals Salary Survey
In this report we explore the compensation, both financial and nonfinancial, offered to privacy professionals. We focused on understanding key impacts on compensation, such as education, experience, motivation and job satisfaction, as well as the nature and size of employers. This report aims to provide privacy pros with an updated view and opportunity to benchmark their compensation.
📗 Primer: Generative Artificial Intelligence and Data Privacy
This report focuses on privacy issues and relevant policy considerations for Congress. Some policymakers and stakeholders have raised privacy concerns about how individual data may be used to develop and deploy generative models. These concerns are not new or unique to generative AI, but the scale, scope, and capacity of such technologies may present new privacy challenges for Congress.
📕 Report: ICO tech futures: neurotechnology
This report specifically considers gathering, analysing and using information that is directly produced by the brain and nervous system, referred to as neurodata. This ranges from monitoring concentration levels at work, to more distant concepts such as smart prosthetics that can mimic brain patterns for greater responsivity. This report is a short introductory guide for those who wish to know more about neurotechnologies from a regulatory perspective.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!