Privacy Transformation - Issue 218

Curated privacy news, insights & resources, with a focus on Irish and EU developments.

PRIVACY

WhatsApp shifts legal basis for processing personal data in Europe

WhatsApp updated its privacy policy on Monday (17 July) by switching to the ‘legitimate interest’ legal basis following an Irish Data Protection Commissioner’s sanction in January.

🔗 RELATED: Norwegian DPA: Temporary ban on behavioural advertising on Facebook and Instagram

EDPB informs stakeholders about the implications of the DPF and adopts a statement on the first review of the Japan adequacy decision

During its latest EDPB plenary, the EDPB adopted an information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and objective information regarding the impact of the adequacy decision on transfers to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism in the area of national security.

🔗 RELATED: Information note on data transfers under the GDPR to the United States after the adoption of the adequacy decision on 10 July 2023

EDPS finds that the CJEU’s use of cloud videoconferencing services complies with data protection law

In its Decision published on 13 July 2023, the EDPS finds that the use of Cisco Webex videoconferencing and related services by the Court of Justice of the European Union (the Court) meets the data protection standards under Regulation 2018/1725 applicable to EU institutions, bodies, offices and agencies. [Read Decision]

SECURITY & TECH

US Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity

A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA) advanced to the Senate floor Thursday, alarming privacy advocates who say the legislation turns the companies into de facto drug enforcement agents and exposes many of them to liability for providing end-to-end encryption.

AI facial recognition tech brings ‘airport-style security’ to UK stores, says human rights group

A rising number of British stores are using a facial recognition system powered by artificial intelligence to identify repeat shoplifters in what one human rights group has called the spread of “airport-style security” on the high street.

‘Not for Machines to Harvest’: Data Revolts Break Out Against A.I.

Fed up with A.I. companies consuming online content without consent, fan fiction writers, actors, social media companies and news organizations are among those rebelling.

US government launches the Cyber Trust Mark, its long-awaited IoT security labeling program

The Biden administration has launched its long-awaited Internet of Things (IoT) cybersecurity labeling program that aims to protect Americans against the myriad security risks associated with internet-connected devices.

OpenAI holding back GPT-4 image features on fears of privacy issues

OpenAI has been testing its multimodal version of GPT-4 with image-recognition support prior to a planned wide release. However, public access is being curtailed due to concerns about its ability to potentially recognize specific individuals.

DATA BREACH

Russian hackers threaten to release masses of private data stolen from Irish communications regulator

A notorious Russian cybercriminal gang has threatened to publish masses of private information stolen from ComReg, the Irish communications regulator. The group, which is known as Cl0p, said on Tuesday it has 143 gigabytes of ComReg data which was stolen in a ransomware attack on the Government agency in May.

Metropolitan police shared sensitive data about crime victims with Facebook

Britain’s biggest police force gathered sensitive data about people using its website to report sexual offences, domestic abuse and other crimes and shared it with Facebook for targeted advertising, the Observer has found.

Mental health start-up exposes the personal data of more than 3 million people

A mental health start-up exposed the personal data of as many as 3.1 million people online. In some cases, possibly sensitive information on mental health treatment was leaked, according to a company statement and a Department of Health and Human services filing.

ENFORCEMENT

Norwegian DPA: Temporary ban on behavioural advertising on Facebook and Instagram

The Norwegian Data Protection Authority imposes a ban on Meta carrying out behavioural advertising based on the surveillance and profiling of users in Norway. The ban will initially apply until October.

GUIDANCE & OPINIONS

EDPS: Opinion 33/2023 on the Proposal for a Regulation in matters relating to the protection of adults

EDPS Opinion 33/2023 on the Proposal for a Regulation in matters relating to the protection of adults.

RESOURCES

Irish DPA Case Study: Technical and organisational measures

In this case, the complainant’s family were members of a sports club staffed by volunteers. Following a dispute with the sports club that involved them making a complaint about a member of the club the complainant made a subject access request (SAR) to a body that governed the league that the sports club participated in.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!