Privacy Transformation - Issue 215

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

New Irish law might make data protection procedures confidential

The Irish government added a last-minute amendment to a bill allowing the Irish Data Protection Commission to label all their procedures as confidential.

🔗 RELATED:

Irish Phone and internet companies ordered to retain user data

Phone and internet companies have been ordered to retain user data as part of measures to protect the security of the State.

🔗 RELATED: Justice Minister gets court order for data retention over ‘serious and genuine’ security threat to State

EU to meet on U.S. data transfer pact in mid-July, lawyer says

The European Commission is due to finalise a new data transfer pact with the United States by mid-July, a lawyer for Ireland's Data Protection Commissioner (DPC), the bloc's lead regulator for many big tech firms, said on Monday.

🔗 RELATED:  Court continues stay on decision that Meta must suspend EU-US data transfer

US vendor accused of violating GDPR by reputation-scoring EU citizens

A US-based fraud prevention company is in hot water over allegations it not only collected data from millions of EU citizens and processed it using automated tools without their knowledge, but that it did so in the United States, all in violation of the EU's data protection rules.

DPC Blog: Failure to share information with a nursing home about a resident’s criminal convictions

The Data Protection Commission is aware of media coverage where concerns regarding General Data Protection Regulation (GDPR) compliance have been raised with regard to a failure to share information with a nursing home about a resident’s criminal convictions, and the risk that they presented to other residents.


SECURITY & TECH

Irish Government announces plan to boost cybersecurity

The Government has published a plan to boost cybersecurity. The Mid-Term Review of the National Cyber Security Strategy 2019-2024 sets out 18 new actions to be implemented within the lifetime of the strategy.

🔗 RELATED:

Apple joins opposition to encrypted message app scanning

Apple has criticised powers in the Online Safety Bill that could be used to force encrypted messaging tools like iMessage, WhatsApp and Signal to scan messages for child abuse material.

The tech flaw that lets hackers control surveillance cameras

Chinese-made surveillance cameras are in British offices, high streets and even government buildings - and Panorama has investigated security flaws involving the two top brands. How easy is it to hack them and what does it mean for our security?

How Indigenous Groups Are Leading the Way on Data Privacy

Indigenous groups are developing data storage technology that gives users privacy and control. Could their work influence those fighting back against invasive apps?


DATA BREACH

Hairdresser chain Peter Mark hit by cyberattack

Hairdresser Peter Mark says it has been the victim of a cyberattack, and some of its human resources data has been compromised as a result.

Siemens Energy confirms data breach after MOVEit data-theft attack

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.


RESOURCES

UK NCSC: New techniques added to the NCSC’s ‘risk management toolbox’

Refreshed guidance published to help practitioners manage cyber risk.

NIST 2022 Cybersecurity & Privacy Annual Report

This Annual Report highlights the FY 2022 research activities for the ITL Cybersecurity and Privacy Program. [Read Report]

EuroParl Think Tank: Briefing — Artificial intelligence act

The 'EU Legislation in Progress' briefings are updated at key stages throughout the legislative procedure. [Read Briefing Paper]


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!