Privacy Transformation - Issue 216

Curated privacy news, insights & resources, with a focus on Irish and EU developments.

PRIVACY

Facebook-owner Meta loses as EU court ruling may boost powers over data breaches

The ruling followed a challenge by Meta after the German cartel office in 2019 ordered the social media giant to stop collecting users' data without their consent

🔗 RELATED: noyb: CJEU declares Meta's GDPR approach illegal

EU Commission pitches harmonisation measures for data protection enforcement

The European Commission presented on Tuesday (4 July) a legislative proposal to harmonise certain aspects of national procedural rules to speed up cross-border cases under the GDPR. The draft law touches upon complaints over alleged data protection breaches, the procedural rights of parties under investigation, intra-authority cooperation and dispute resolution.

🔗 RELATED: EC Press Release: Commission adopts new rules to ensure stronger enforcement of the GDPR in cross-border cases

Minister creates a de facto mass surveillance system of entire population

Justice Minister Helen McEntee has made an attempt to address issues in the State’s flawed data retention laws, but they’re open to legal challenges.

Garda sergeant to stand trial over alleged leak of private information from Pulse system

A Garda sergeant has been sent forward for trial on multiple counts of breaking data protection laws by disclosing private information about individuals from the Garda Pulse computer system.

UK's proposed alt.GDPR will turn Britain into a 'test lab' for data harvesting

The UK is expected to adopt a new data protection bill this Autumn. If that happens, more than two dozen civil society groups and privacy experts want the European Commission to cancel its 2021 data sharing agreement with the UK.

SECURITY & TECH

No Instagram Threads app in the EU: Irish DPC says Meta's new Twitter rival won't be launched in Ireland

Meta’s new Twitter rival wants to suck Instagram users’ data, including health, location, search history and sensitive information, into the new Threads service. Under EU data privacy rules, it faces higher hurdles than in the US or UK, where it has launched.

🔗 RELATED: Data Protection Commission: ‘We are not blocking Instagram’s Threads’

Swedish Data Protection Authority Warns Companies Against Google Analytics Use

The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year.

DATA BREACH

'Pay and benefits compromised' in Dublin Airport cyber attack

The pay and benefits details of nearly 2,000 staff members of DAA, which operates Dublin Airport, were compromised due to a recent cyber attack on a third party application used by professional service provider Aon, the Sunday Times reported.

Microsoft denies data breach, theft of 30 million customer accounts

Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts.

ENFORCEMENT

Swedish DPA: Four companies must stop using Google Analytics

The Swedish Authority for Privacy Protection has audited how four companies use Google Analytics for web statistics. IMY issues administrative fines against two of the companies. One of the companies has recently stopped using the statistics tool on its own initiative, while IMY orders the other three to also stop using it.

🔗 RELATED:

• noyb: First major fine (€ 1 million) for using Google Analytics
• IMY orders CDON, Coop, Dagens Industri and Tele2 to stop using Google Analytics

GUIDANCE & OPINIONS

EDPS: Opinion 30/2023 on the Proposal for a Regulation amending Council Decision 2009/917/JHA, as regards its alignment with data protection

EDPS Opinion 30/2023 on the Proposal for a Regulation amending Council Decision 2009/917/JHA, as regards its alignment with data protection. The present Opinion of the EDPS is issued in response to a consultation by the European Commission pursuant to Article 42(1) of EUDPR.

RESOURCES

🎙 Podcast: DPC on the controversial "Section 26a"

Fleur O'Shea, Head of Legal Affairs at the Irish Data Protection Commission joins Jess to explain the amendment to the "Courts and Civil Law (Miscellaneous Provisions) Bill 2022".

📚 ENISA Reports:

• A multilayer framework for good cybersecurity practices for AI
• Health Threat Landscape
• Digital Identity Standards

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!