Privacy Transformation - Issue 220
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Meta to seek user permission for targeted ads in the EU
Facebook and Instagram parent company Meta has said it intends to ask users in the EU for their consent before allowing businesses to target advertising based on what they view on its services.
đ RELATED: ICO statement on Meta's plans to seek consent of EU users
DPC denies failure to investigate advertising data complaint against Google
The Irish Data Protection Commission rejects claims that it has failed to fully investigate a complaint made to it five years ago about an alleged massive data breach by the internet giant Google.
âđ» ICO: What happens when they donât pay? Our work to tackle unlawful marketing calls and messages
Through our enforcement of the Privacy and Electronic Communications Regulations 2003 (PECR), weâve issued more than ÂŁ2.4 million in fines since April 2022 against companies responsible for nuisance calls, texts and emails. Some of these investigations began with a single complaint from a member of the public, and the fines act as a deterrent towards other organisations who may be flouting the law.
SECURITY & TECH
Franceâs privacy watchdog questions legality of Worldcoinâs biometric data collection
Franceâs privacy watchdog CNIL (The Commission nationale de lâinformatique et des libertĂ©s) has expressed doubts about the legality of Worldcoinâs biometric data collection, which requires users to provide iris scans in exchange for a digital ID and free cryptocurrency.
Privacy fears over plans for wider use of AI for government online information services
The Irish Government is examining how it could use artificial intelligence (AI) to improve its online information services. However, there are question marks over how some state use of the technology is governed after the Department of Transport said it could not provide copies of the policies it adhered to when previously using the technology, saying records either could not be found or do not exist.
UK Home Office secretly backs facial recognition technology to curb shoplifting
Covert government strategy to install electronic surveillance in shops raises issues around bias and data, and contrasts sharply with the EU ban to keep AI out of public spaces.
IT giants to bid for HSE patient records contract
Salesforce is one of a number of large tech firms expected to tender for a contract to develop a shared care record (SCR) system for the HSE. The project is one of a number of large-scale IT projects likely to cost over âŹ2bn in total which underpin SlĂĄintecare.
The ESRB has begun work on "facial age verification" tech for age checks
The video games rating board, known and referred to as the ESRB, has proposed the implementation of a new age verification tech that would use facial age assurance to gain parental consent.
DATA BREACH
Two Northern Ireland public bodies reprimanded for 'distressing' email data breaches
Two public bodies in Northern Ireland have been reprimanded by a watchdog for email data breaches. Both Stormont's Executive Office and the Patient and Client Council disclosed recipients' details by using inappropriate group email options, the Information Commissioner's Office said.
đ RELATED: ICO warns of email data breach risk as it issues two reprimands
ENFORCEMENT
Irish DPC Will Conclude TikTok Privacy Probe Within Weeks
TikTok will hear within a month the outcome of an Irish investigation launched in 2021 into whether the short-form video app violated the privacy of underage users.
đRELATED: EDPB settles dispute on TikTok processing of childrenâs data
NHS Staff Reprimanded For WhatsApp Data Sharing
An NHS trust has been reprimanded by the UKâs data protection regulator after it was discovered that staff had been sharing patient details on an unapproved app for two years.
RESOURCES
đ UK ICO Annual Report 2022-2023
The UK Information Commissioner's Office has published its annual report for the period 2022-2023.
đ Digital health and EdTech: the CNIL publishes the results of its first âsandboxesâ
With its âsandboxâ, the CNIL helps innovative actors to understand the regulation of personal data protection, to apply it to their projects and, above all, to integrate GDPR compliance from the design of their solutions (âprivacy by designâ).
đ° UK NCSC: Shadow IT
This guidance helps you to better identify and reduce the levels of âshadow ITâ in your organisation. Itâs been written for system owners and technical staff, so that they can better mitigate the presence of unknown (and therefore unmanaged) IT assets within their organisation.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!