Privacy Transformation - Issue 217
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
EU seals new US data transfer pact but challenge ahead
The European Commission announced a new data transfer pact with the United States today, seeking to end the legal uncertainty plaguing thousands of companies which transfer personal data across the Atlantic.
🔗 RELATED:
- EU-US Data Privacy Framework - Key Principles & Benefits
- Questions & Answers: EU-US Data Privacy Framework
- Adequacy Decision
- Facebook set to dodge transatlantic data ban as EU countries say US is now safe
- ODNI Releases Intelligence Community Procedures Implementing New Safeguards in Executive Order 14086
- noyb: New Trans-Atlantic Data Privacy Framework largely a copy of "Privacy Shield". noyb will challenge the decision
France Passes New Bill Allowing Police to Remotely Activate Cameras on Citizens' Phones
Amidst ongoing protests in France, the country has just passed a new bill that will allow police to remotely access suspects’ cameras, microphones, and GPS on cell phones and other devices.
Number of computers sent to Rehab Recycle resold instead of destroyed
Computers that were sent to a Rehab Group facility were sold on to a third party and not destroyed as instructed by clients. The issue came to light through a 2022 audit commissioned by Rehab Group to review concerns raised by a member of staff at Rehab Recycle Tallaght through a protected disclosure.
✍🏻 Opinion: A view from Brussels: The pitch for GDPR harmonization
On Tuesday, European Commissioner for Justice Didier Reynders presented a legislative proposal aimed at facilitating cooperation among data protection authorities on cross-border EU General Data Protection Regulation investigations. The draft regulation builds on the inaugural GDPR evaluation report produced in 2020 and the European Data Protection Board's 2022 wish list for procedural harmonization of cross-border cases enforcement.
SECURITY & TECH
As Threads app thrives, experts warn of Meta’s string of privacy violations
In just a matter of days, Meta’s new Threads app has reached 100 million users, solidifying the Twitter competitor’s claim to the title of the most rapidly downloaded app ever. That rapid growth has concerned privacy experts, who warn that few users realize just how much information the app collects.
🔗 RELATED: No Instagram Threads app in the EU: Irish DPC says Meta's new Twitter rival won't be launched here
Google launches generative AI model Bard in Europe
Bard, Google’s eagerly awaited response to ChatGPT, was launched in Europe on Thursday (13 July), following delays in complying with the EU’s data protection rules.
🔗 RELATED: EU policymakers prepare to close first aspects of AI regulation
DATA BREACH
Whistleblower welcomes data breach ruling against Dept of Health
A Department of Health whistleblower has welcomed a Data Protection Commissioner decision to issue a fine and ban the practice of collecting excessive sensitive information on children with autism who took legal cases against the State.
🔗 RELATED:
- DPC fines Dept of Health €22,500 for ‘excessive and disproportionate’ questions about families of children with special needs
- DPC Decision: Inquiry concerning the Department of Health
Bangladesh government website leaks citizens’ personal data
A Bangladeshi government website leaked the personal information of citizens, including full names, phone numbers, email addresses and national ID numbers.
ENFORCEMENT
Irish DPA: DPC fines Dept of Health €22,500 for ‘excessive and disproportionate’ questions about families of children with special needs
The decision follows allegations made by a whistleblower from the Department of Health about the strategy employed by the State body in defending legal actions from families of children with special needs.
Irish Courts: Damages awarded to employee who claimed he was mocked after CCTV images used in training video
A factory supervisor, who claimed he had been mocked by colleagues after his employer used CCTV images of him in a training video, has been awarded compensation for non-material damage of upset and embarrassment.
🔗 RELATED: Irish Circuit Court Values Non-Material Damage Data Protection Claim
GUIDANCE & OPINIONS
Spanish DPA: Approaches to Data Spaces from a GDPR Perspective
This document is a first approach to GDPR compliance of Data Spaces by applying the principles of proactive accountability and data protection by design. Without seeking to transpose the text of the GDPR to this document, nor to be exhaustive, the document addresses the set of definitions from the GDPR, the various European standards, specific standards and vocabulary in the field of Data Spaces.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!