Privacy Transformation - Issue 223

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Irish Central Bank admits data breach may have hurt credit ratings of more than 20,000 borrowers

More than 20,000 borrowers may have been unfairly assessed for loans or credit assessments because of an IT error at the Central Bank. The error, discovered by the Central Bank when a member of the public complained earlier this month, is being described by the Central Bank as a data breach and has also been reported to the Data Protection Commissioner.

Airbnb Ireland reprimanded by Data Protection Commission

Airbnb Ireland has been reprimanded by the Irish Data Protection Commission over breaches related to the retention and processing of identity documentation.

Ready for the new Swiss data protection law? Implications for organizations outside Switzerland

The revised Swiss Federal Act on Data Protection comes into force 1 Sept. Unsurprisingly, perhaps, this upgrade to the 1992 version brings Switzerland's data protection regime into greater alignment with the provisions of the EU General Data Protection Regulation.

5 steps to prepare for India's Digital Personal Data Protection Act

India's first comprehensive regulatory framework for privacy, the Digital Personal Data Protection Act 2023 has received presidential assent and is published in the official gazette. This article outlines five steps privacy professionals can take to build a proactive compliance roadmap ahead of its implementation, focusing on the most resource intensive and technology-dependent operational elements.


SECURITY & TECH

Opt out of algorithmic feeds on Instagram and Facebook – but only if you’re in Europe

Meta has announced that European users can now opt out of algorithmic feeds on Instagram and Facebook, in order to comply with the EU’s Digital Services Act (DSA). However, the company is not extending the same choice to app users in the US or anywhere else outside Europe

X may soon add ID verification for 'preventing impersonation'

X appears to be working on new ID verification features several months after rampant impersonation temporarily derailed the company’s paid verification plans.

Changes to UK Surveillance Regime May Violate International Law

The UK government has recently unveiled plans to revise the Investigatory Powers Act 2016. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference. This article examines how the United Kingdom would likely be in breach of international human rights law by interfering with the privacy and security of online users both within and outside of its borders, should it decide to move forward with proposed revisions.

The AI Power Paradox

Can States Learn to Govern Artificial Intelligence—Before It’s Too Late?


DATA BREACH

Irish Central Bank admits to data breach in its credit register

The Central Bank has admitted to a data breach in its credit register, which may have made it harder for thousands of borrowers to successfully access credit.

Scraped data of 2.6 million Duolingo users released on hacking forum

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.


ENFORCEMENT

Irish DPA: Inquiry concerning Airbnb Ireland UC June 2023

On 21 June 2023, following an inquiry concerning a complaint received against Airbnb Ireland UC (Airbnb), the Data Protection Commission (DPC) adopted a decision. The DPC commenced this inquiry on 4 March 2022, on foot of a complaint that Airbnb had unlawfully requested a copy of the complainant’s ID (ID) in order to verify their identity which had not been previously requested by Airbnb.

noyb: 23 years of illegal data transfers due to inactive DPAs and new EU-US deals

A new analysis of noyb's 101 complaints on the matter of EU-US data transfers without a valid legal basis now shows how a combination of inactive data protection authorities and new deals by the European Commission have lead to 23 years of privacy violations.


GUIDANCE & OPINIONS

ICO consultation on the draft biometric data guidance

The Information Commissioner’s Office (ICO) is producing guidance on biometric data and biometric technologies. The first phase of this guidance (draft biometric data guidance) is now published for public consultation.

EDPS: Financial and payment services: use of personal data should remain proportionate and fair

The EDPS published two Opinions: one on the proposal for a Regulation on a Financial Data Access Framework and one on the proposal for a Regulation and Directive on payment services in the EU’s internal market. Both proposals aim to foster the sharing of data to broaden the offer of financial services and products, whilst providing individuals or organisations control over the processing of their financial data.

🔗 RELATED:

-  Opinion 38/2023 on the Proposal for a Regulation on a framework for Financial Data Access

- Opinion 39/2023 on the Proposal for a Regulation on payment services in the internal market and the Proposal for a Directive on payment services and electronic money services in the Internal Market


RESOURCES

📕 DPA Digest: PDPC Digest 2022

The Personal Data Protection Digest 2022, which highlights the latest decisions issued by the Singaporean Data Protection Commission as well as data protection-related articles, is now available.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!