Privacy Transformation - Issue 220

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Meta to seek user permission for targeted ads in the EU

Facebook and Instagram parent company Meta has said it intends to ask users in the EU for their consent before allowing businesses to target advertising based on what they view on its services.

🔗 RELATED: ICO statement on Meta's plans to seek consent of EU users

DPC denies failure to investigate advertising data complaint against Google

The Irish Data Protection Commission rejects claims that it has failed to fully investigate a complaint made to it five years ago about an alleged massive data breach by the internet giant Google.

âœđŸ» ICO: What happens when they don’t pay? Our work to tackle unlawful marketing calls and messages

Through our enforcement of the Privacy and Electronic Communications Regulations 2003 (PECR), we’ve issued more than £2.4 million in fines since April 2022 against companies responsible for nuisance calls, texts and emails. Some of these investigations began with a single complaint from a member of the public, and the fines act as a deterrent towards other organisations who may be flouting the law.


SECURITY & TECH

France’s privacy watchdog questions legality of Worldcoin’s biometric data collection

France’s privacy watchdog CNIL (The Commission nationale de l’informatique et des libertĂ©s) has expressed doubts about the legality of Worldcoin’s biometric data collection, which requires users to provide iris scans in exchange for a digital ID and free cryptocurrency.

Privacy fears over plans for wider use of AI for government online information services

The Irish Government is examining how it could use artificial intelligence (AI) to improve its online information services. However, there are question marks over how some state use of the technology is governed after the Department of Transport said it could not provide copies of the policies it adhered to when previously using the technology, saying records either could not be found or do not exist.

UK Home Office secretly backs facial recognition technology to curb shoplifting

Covert government strategy to install electronic surveillance in shops raises issues around bias and data, and contrasts sharply with the EU ban to keep AI out of public spaces.

IT giants to bid for HSE patient records contract

Salesforce is one of a number of large tech firms expected to tender for a contract to develop a shared care record (SCR) system for the HSE. The project is one of a number of large-scale IT projects likely to cost over €2bn in total which underpin Sláintecare.

The ESRB has begun work on "facial age verification" tech for age checks

The video games rating board, known and referred to as the ESRB, has proposed the implementation of a new age verification tech that would use facial age assurance to gain parental consent.


DATA BREACH

Two Northern Ireland public bodies reprimanded for 'distressing' email data breaches

Two public bodies in Northern Ireland have been reprimanded by a watchdog for email data breaches. Both Stormont's Executive Office and the Patient and Client Council disclosed recipients' details by using inappropriate group email options, the Information Commissioner's Office said.

🔗 RELATED: ICO warns of email data breach risk as it issues two reprimands


ENFORCEMENT

Irish DPC Will Conclude TikTok Privacy Probe Within Weeks

TikTok will hear within a month the outcome of an Irish investigation launched in 2021 into whether the short-form video app violated the privacy of underage users.

🔗RELATED: EDPB settles dispute on TikTok processing of children’s data

NHS Staff Reprimanded For WhatsApp Data Sharing

An NHS trust has been reprimanded by the UK’s data protection regulator after it was discovered that staff had been sharing patient details on an unapproved app for two years.


RESOURCES

📕 UK ICO Annual Report 2022-2023

The UK Information Commissioner's Office has published its annual report for the period 2022-2023.

📚 Digital health and EdTech: the CNIL publishes the results of its first “sandboxes”

With its “sandbox”, the CNIL helps innovative actors to understand the regulation of personal data protection, to apply it to their projects and, above all, to integrate GDPR compliance from the design of their solutions (“privacy by design”).

📰 UK NCSC: Shadow IT

This guidance helps you to better identify and reduce the levels of ‘shadow IT’ in your organisation. It’s been written for system owners and technical staff, so that they can better mitigate the presence of unknown (and therefore unmanaged) IT assets within their organisation.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!