Privacy Transformation - Issue 219
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Schrems’ privacy group challenges Ryanair’s use of facial recognition
Digital rights group NOYB on Thursday filed a complaint against Ryanair, alleging that it is violating customers’ rights to data protection by using facial recognition to verify their identity when booking through online travel agents.
🔗 RELATED: noyb: Booking a Ryanair flight trough an online travel agent might hold a nasty surprise
EU regulators rebuff Meta's offer to curb use of ad data
Meta offered to curb the use of competitors' advertising data for its Facebook Marketplace online classified service in an attempt to settle an EU antitrust investigation but regulators gave it the cold shoulder, people familiar with the matter said.
ICCL official to take DPC to court over personal data processing
A senior fellow at the Irish Council for Civil Liberties is set to take the Data Protection Commissioner to court in a case alleging that the data watchdog failed to fully investigate a complaint about how internet giant Google and digital marketing association Interactive Advertising Bureau process personal data.
SECURITY & TECH
Irish DPC warns AI companies to be careful when using public data
Speaking at the Eyes-Off Data conference, DPC deputy commissioner Ultan O’Carroll said data privacy investigations can ‘ruin organisations overnight’.
Apple slams UK surveillance-bill proposals
Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.
DATA BREACH
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps
The Storm-0558 breach that gave Chinese advanced persistent threat actors access to emails within at least 25 US government agencies could be much further-reaching and impactful than anyone anticipated, potentially placing a much broader swathe of Microsoft cloud services at risk than previously thought.
RESOURCES
IAPP: Defining Privacy Engineering
This chart provides a broad definition of privacy engineering and highlights various domains in which privacy engineers can significantly impact the protection of privacy.
📑 Paper: Global Data Privacy 2023: DPA Networks Almost Everywhere
In 2022, networks of Data Protection Authorities (DPAs) and (as they are sometimes called) Privacy Enforcement Agencies (PEAs) started a post-Covid revival of their activities, particularly international in-person meetings. This article continues an analysis of changes to global data privacy laws in 2021-2 (particularly because of laws in 17 new countries).
📑 ETSI: Securing Artificial Intelligence — Automated Manipulation of Multimedia Identity Representations
This paper focuses on the use of AI for manipulating multimedia identity representations and illustrates the consequential risks and measures to mitigate them.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!