Privacy Transformation - Issue 222

Curated privacy news, insights & resources, with a focus on Irish and EU developments.

PRIVACY

Man arrested in connection with PSNI data breach

A 39-year-old man has been arrested by PSNI detectives investigating criminality linked to last week's data breach. The man was arrested on suspicion of collecting information likely to be useful to terrorists.

🔗 RELATED: ✍🏻 Data security is vital to the rule of law

Millions of Americans’ health data stolen after MOVEit hackers targeted IBM

Millions of Americans had their sensitive medical and health information stolen after hackers exploited a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM.

🔍 INSIGHTS: Spanish data regulator changes approach and requires a “reject” button in cookie banners

The Spanish Data Protection Agency (AEPD) has recently updated its cookie guidance, now requiring a "reject" button in the first layer of cookie banners. This shift in approach aligns the AEPD with other EU supervisory authorities, such as the French CNIL and the Belgian APD.

✍🏻 Are Many Privacy Violations Also Data Breaches?

Data breaches and privacy violations have long been thought of as different things, but actually, there is a lot of overlap.

SECURITY & TECH

Why US tech giants are threatening to quit the UK

The Online Safety Bill is due to pass in the autumn. Aimed at protecting children, it lays down strict rules around policing social media content, with high financial penalties and prison time for individual tech execs if the firms fail to comply. One clause that has proved particularly controversial is a proposal that encrypted messages, which includes those sent on WhatsApp, can be read and handed over to law enforcement by the platforms they are sent on, if there is deemed to be a national security or child protection risk.

AI can hear what you're typing over Zoom with 93 per cent accuracy

Be careful what you type during Zoom meetings: a deep learning AI algorithm can identify the keys pressed on a keyboard with 93 per cent accuracy, based on the sounds of your keystrokes.

🔗 RELATED: How Zoom’s terms of service and practices apply to AI features

ENFORCEMENT

Finnish DPA bans Yango taxi service transfers of personal data from Finland to Russia temporarily

The Finnish Data Protection Authority has issued an order to Yandex LLC and Ridetech International B.V. to suspend the transfer to Russia of any customers’ personal data that is collected in the Yango taxi service, and to cease the processing of the personal data collected.

🔗 RELATED: Norway DPA bans Yango’s data transfers to Russia

ICO: Recruitment company reprimand

The UK Information Commissioner issues a reprimand to a recruitment company in respect of infringements of Article 5(1)(f) and 32(1)(b) of the UK GDPR. The organisation misconfigured a storage container, containing 12,000 records and relating to 3,000 workers, to be publicly accessible without any requirement to authenticate.

RESOURCES

NIST releases CSF 2.0 companion tool to explore framework's core

This NIST Cybersecurity Framework 2.0 Reference Tool allows users to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples). The Tool offers human and machine-readable versions of the draft Core (in JSON and Excel). It also allows users to view and export portions of the Core using key search terms.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!