Privacy Transformation - Issue 224

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Court backs Data Protection Commission over Google inquiry

The Irish High Court has dismissed a claim the Data Protection Commission failed to fully investigate a complaint made to it five years ago about an alleged data breach by the internet giant Google.

Lawsuits Against Google And Meta Allege Websites Are Spying On Taxpayers

Users of tax preparation websites in seven US states have filed a class action lawsuit against Google, claiming the company engaged in wiretapping. According to court documents, the company's actions allegedly resulted in the involuntary transmission of sensitive personal information including income, refund amounts, filing status, and scholarship information.

New data strategy: German government recognises untapped data potential

Germany’s federal cabinet adopted the new National Data Strategy with the aim to use the potential of generated data more effectively, strengthen digital innovation, and improve competitiveness.

UK DPA: Joint statement on data scraping and data protection

The UK's Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.


SECURITY & TECH

How the EU Digital Services Act affects Facebook, Google and others

Unprecedented regulation forcing more than 40 online giants including Facebook, X, Google and TikTok to better police the content they deliver within the EU is due to come into force on 25 August. So what is the legislation and how will regulators enforce it?

Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets

Researchers are tracking a new cybercrime group that uses a never-seen-before extortion tactic. The gang, which operates through a blog called Ransomed, tells victims that if they don’t pay to protect stolen files, they will face fines under data protection laws like the EU’s GDPR, according to a new report by cybersecurity firm Flashpoint.

UK cybersecurity agency warns of chatbot ‘prompt injection’ attacks

The UK’s cybersecurity agency has warned that chatbots can be manipulated by hackers to cause scary real-world consequences. The National Cyber Security Centre has said there are growing cybersecurity risks of individuals manipulating the prompts through “prompt injection” attacks.

Several French media block OpenAI’s GPTBot over data collection concerns

Following steps by many English-language media, a series of French media groups including Radio France and France24 have decided to block a feature by OpenAI’s GPTBot from collecting their content online.


DATA BREACH

Data protection breach at Irish military medical facility

A Irish Defence Forces investigation is under way into another data protection breach of the military’s electronic health record system. The latest investigation centres on the alleged actions of a healthcare worker at a military medical facility.

Met police on high alert after supplier IT security breach

The Metropolitan police are on high alert after a security breach involving the IT system of one of their suppliers. Scotland Yard is working with the company to try to understand the scale of the incident.

Hosting firm says it lost all customer data after ransomware attack

Danish hosting firms CloudNordic and AzeroCloud have suffered ransomware attacks, causing the loss of the majority of customer data and forcing the hosting providers to shut down all systems, including websites, email, and customer sites.


ENFORCEMENT

Fitbit targeted with trio of data transfer complaints in Europe

Google-owned Fitbit is facing a trio of privacy complaints in the European Union which allege the company is illegally exporting user data in breach of the bloc’s data protection rules.

🔗 RELATED: noyb: Your Fitbit is useless – unless you consent to unlawful data sharing


GUIDANCE & OPINIONS

UK DPA: Guidance on sending bulk communications by email

The ICO has published new guidance to help organisations understand the law and good practice around protecting personal information when sending bulk emails.

Irish DPA: Back-to-school photos — Keeping information about your child safe

The Irish Data Protection Commission has published guidance to consider when taking back-to-school photos.


RESOURCES

NIST: Building a Cybersecurity and Privacy Learning Program

This is an Initial Public Draft of a publication that provides a framework for integrating privacy with cybersecurity in the development of organization-wide learning programs.

📕 noyb: Annual Report 2022

Noyb has published its 2022 Annual Report which details new and ongoing projects, financials and its plans for 2023.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!