Privacy Transformation - Issue 223
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Irish Central Bank admits data breach may have hurt credit ratings of more than 20,000 borrowers
More than 20,000 borrowers may have been unfairly assessed for loans or credit assessments because of an IT error at the Central Bank. The error, discovered by the Central Bank when a member of the public complained earlier this month, is being described by the Central Bank as a data breach and has also been reported to the Data Protection Commissioner.
Airbnb Ireland reprimanded by Data Protection Commission
Airbnb Ireland has been reprimanded by the Irish Data Protection Commission over breaches related to the retention and processing of identity documentation.
Ready for the new Swiss data protection law? Implications for organizations outside Switzerland
The revised Swiss Federal Act on Data Protection comes into force 1 Sept. Unsurprisingly, perhaps, this upgrade to the 1992 version brings Switzerland's data protection regime into greater alignment with the provisions of the EU General Data Protection Regulation.
5 steps to prepare for India's Digital Personal Data Protection Act
India's first comprehensive regulatory framework for privacy, the Digital Personal Data Protection Act 2023 has received presidential assent and is published in the official gazette. This article outlines five steps privacy professionals can take to build a proactive compliance roadmap ahead of its implementation, focusing on the most resource intensive and technology-dependent operational elements.
SECURITY & TECH
Opt out of algorithmic feeds on Instagram and Facebook – but only if you’re in Europe
Meta has announced that European users can now opt out of algorithmic feeds on Instagram and Facebook, in order to comply with the EU’s Digital Services Act (DSA). However, the company is not extending the same choice to app users in the US or anywhere else outside Europe
X may soon add ID verification for 'preventing impersonation'
X appears to be working on new ID verification features several months after rampant impersonation temporarily derailed the company’s paid verification plans.
Changes to UK Surveillance Regime May Violate International Law
The UK government has recently unveiled plans to revise the Investigatory Powers Act 2016. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference. This article examines how the United Kingdom would likely be in breach of international human rights law by interfering with the privacy and security of online users both within and outside of its borders, should it decide to move forward with proposed revisions.
The AI Power Paradox
Can States Learn to Govern Artificial Intelligence—Before It’s Too Late?
DATA BREACH
Irish Central Bank admits to data breach in its credit register
The Central Bank has admitted to a data breach in its credit register, which may have made it harder for thousands of borrowers to successfully access credit.
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
ENFORCEMENT
Irish DPA: Inquiry concerning Airbnb Ireland UC June 2023
On 21 June 2023, following an inquiry concerning a complaint received against Airbnb Ireland UC (Airbnb), the Data Protection Commission (DPC) adopted a decision. The DPC commenced this inquiry on 4 March 2022, on foot of a complaint that Airbnb had unlawfully requested a copy of the complainant’s ID (ID) in order to verify their identity which had not been previously requested by Airbnb.
noyb: 23 years of illegal data transfers due to inactive DPAs and new EU-US deals
A new analysis of noyb's 101 complaints on the matter of EU-US data transfers without a valid legal basis now shows how a combination of inactive data protection authorities and new deals by the European Commission have lead to 23 years of privacy violations.
GUIDANCE & OPINIONS
ICO consultation on the draft biometric data guidance
The Information Commissioner’s Office (ICO) is producing guidance on biometric data and biometric technologies. The first phase of this guidance (draft biometric data guidance) is now published for public consultation.
EDPS: Financial and payment services: use of personal data should remain proportionate and fair
The EDPS published two Opinions: one on the proposal for a Regulation on a Financial Data Access Framework and one on the proposal for a Regulation and Directive on payment services in the EU’s internal market. Both proposals aim to foster the sharing of data to broaden the offer of financial services and products, whilst providing individuals or organisations control over the processing of their financial data.
🔗 RELATED:
- Opinion 38/2023 on the Proposal for a Regulation on a framework for Financial Data Access
RESOURCES
📕 DPA Digest: PDPC Digest 2022
The Personal Data Protection Digest 2022, which highlights the latest decisions issued by the Singaporean Data Protection Commission as well as data protection-related articles, is now available.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!