Privacy Transformation - Issue 218
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
WhatsApp shifts legal basis for processing personal data in Europe
WhatsApp updated its privacy policy on Monday (17 July) by switching to the ‘legitimate interest’ legal basis following an Irish Data Protection Commissioner’s sanction in January.
🔗 RELATED: Norwegian DPA: Temporary ban on behavioural advertising on Facebook and Instagram
EDPB informs stakeholders about the implications of the DPF and adopts a statement on the first review of the Japan adequacy decision
During its latest EDPB plenary, the EDPB adopted an information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and objective information regarding the impact of the adequacy decision on transfers to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism in the area of national security.
EDPS finds that the CJEU’s use of cloud videoconferencing services complies with data protection law
In its Decision published on 13 July 2023, the EDPS finds that the use of Cisco Webex videoconferencing and related services by the Court of Justice of the European Union (the Court) meets the data protection standards under Regulation 2018/1725 applicable to EU institutions, bodies, offices and agencies. [Read Decision]
SECURITY & TECH
US Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity
A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA) advanced to the Senate floor Thursday, alarming privacy advocates who say the legislation turns the companies into de facto drug enforcement agents and exposes many of them to liability for providing end-to-end encryption.
AI facial recognition tech brings ‘airport-style security’ to UK stores, says human rights group
A rising number of British stores are using a facial recognition system powered by artificial intelligence to identify repeat shoplifters in what one human rights group has called the spread of “airport-style security” on the high street.
‘Not for Machines to Harvest’: Data Revolts Break Out Against A.I.
Fed up with A.I. companies consuming online content without consent, fan fiction writers, actors, social media companies and news organizations are among those rebelling.
US government launches the Cyber Trust Mark, its long-awaited IoT security labeling program
The Biden administration has launched its long-awaited Internet of Things (IoT) cybersecurity labeling program that aims to protect Americans against the myriad security risks associated with internet-connected devices.
OpenAI holding back GPT-4 image features on fears of privacy issues
OpenAI has been testing its multimodal version of GPT-4 with image-recognition support prior to a planned wide release. However, public access is being curtailed due to concerns about its ability to potentially recognize specific individuals.
DATA BREACH
Russian hackers threaten to release masses of private data stolen from Irish communications regulator
A notorious Russian cybercriminal gang has threatened to publish masses of private information stolen from ComReg, the Irish communications regulator. The group, which is known as Cl0p, said on Tuesday it has 143 gigabytes of ComReg data which was stolen in a ransomware attack on the Government agency in May.
Metropolitan police shared sensitive data about crime victims with Facebook
Britain’s biggest police force gathered sensitive data about people using its website to report sexual offences, domestic abuse and other crimes and shared it with Facebook for targeted advertising, the Observer has found.
Mental health start-up exposes the personal data of more than 3 million people
A mental health start-up exposed the personal data of as many as 3.1 million people online. In some cases, possibly sensitive information on mental health treatment was leaked, according to a company statement and a Department of Health and Human services filing.
ENFORCEMENT
Norwegian DPA: Temporary ban on behavioural advertising on Facebook and Instagram
The Norwegian Data Protection Authority imposes a ban on Meta carrying out behavioural advertising based on the surveillance and profiling of users in Norway. The ban will initially apply until October.
GUIDANCE & OPINIONS
EDPS: Opinion 33/2023 on the Proposal for a Regulation in matters relating to the protection of adults
EDPS Opinion 33/2023 on the Proposal for a Regulation in matters relating to the protection of adults.
RESOURCES
Irish DPA Case Study: Technical and organisational measures
In this case, the complainant’s family were members of a sports club staffed by volunteers. Following a dispute with the sports club that involved them making a complaint about a member of the club the complainant made a subject access request (SAR) to a body that governed the league that the sports club participated in.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!