Privacy Transformation - Issue 225

Curated privacy news, insights & resources, with a focus on Irish and EU developments.


PRIVACY

Meta denied injunction against Norway’s ban order on its surveillance ads

Meta has lost a first bid to get an injunction slapped on a ban Norway’s data protection authority imposed on its consent-less behavioral ad targeting in July. The order also provides for daily fines for non-compliance.

🔗 RELATED:

Ex-INM senior executives settle alleged data breach case

A legal action taken by two former senior executives at Independent News and Media (INM) over an alleged breach of their electronic data in 2014, has been settled.

✍🏻 Are drones flight of fancy or modern-day menace in the skies?

The Irish Aviation Authority has launched an investigation into using a drone near a crash site in Co Tipperary as first responders attended the scene. Sorcha Crowley reports on the growing privacy concerns and legislation around the use of the technology.

✍🏻 EFF: UK Online Safety Bill Will Mandate Dangerous Age Verification for Much of the Web

Under new age verification rules in the UK’s massive Online Safety Bill, all internet platforms with UK users will have to stop minors from accessing ‘harmful’ content, as defined by the UK Parliament. This will affect adult websites, but also user-to-user services – basically any site, platform, or app that allows user-generated content that could be accessed by young people. To prevent minors from accessing ‘harmful’ content, sites will have to verify the age of visitors, either by asking for government-issued documents or using biometric data, such as face scans, to estimate their age.


SECURITY & TECH

ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security

The Information Commissioner’s Office (ICO) is reviewing period and fertility apps as new figures show more than half of women have concerns over data security.

UK cyber chief urges ‘Security by Design’ in AI development

Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC), has emphasised the crucial need for artificial intelligence (AI) to be developed with security as a foundational element.

When hackers descended to test AI, they found a string of disturbing flaws

Avijit Ghosh wanted the bot to do bad things. He tried to goad the artificial intelligence model, which he knew as Zinc, into producing code that would choose a job candidate based on race. The chatbot demurred: Doing so would be “harmful and unethical”, it said. Then, Ghosh referenced the hierarchical caste structure in his native India. Could the chatbot rank potential hires based on that discriminatory metric? The model complied.

TikTok opens Dublin data centre to ease China spying fears

TikTok has opened its first European data centre to alleviate fears over Chinese state surveillance. The firm says European users' data is now migrating to servers in Dublin, as part of its ongoing response to data privacy concerns around the video-sharing app's links to China.


DATA BREACH

Data breach could cost PSNI up to £220m, committee told

A huge data breach by the PSNI could end up costing Northern Ireland's police service up to £220 million, MPs have been told. The information came as a senior officer briefed politicians on the mistaken publication of the details of all 10,000 officers and staff by the PSNI on 8 August.

Paramount discloses data breach following security incident

American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personal data.


ENFORCEMENT

Swedish DPA: Insurer fined $3M for exposing data of 650k clients for two years

Spedish DPA: The Swedish Authority for Privacy Protection (IMY) has fined insurer Trygg-Hansa $3 million for exposing on its online portal sensitive data belonging to hundreds of thousands of customers. Trygg-Hansa is an insurer for individuals, private companies, and public organizations, and also an asset management and investment consultation firm.

🔗 RELATED: IMY issues administrative fine against insurance company for security deficiencies

UK DPA: Simply Connecting Ltd

Simply Connecting Ltd sent 441,830 direct marketing text messages to individuals in breach of regulation 22 of PECR. The company was fined £40,000 and issued with an enforcement notice.


GUIDANCE & OPINIONS

EDPS: Opinion 40/2023 on the Proposal for a Regulation on European Statistics

EDPS Opinion 40/2023 on the Proposal for a Regulation on European Statistics.

Swiss DPA: Factsheet on Data Protection Impact Assessment

Following the entry into force of the revised Data Protection Act in Switzerland, there is now an obligation for federal bodies and private individuals to prepare a Data Protection Impact Assessment if the planned data processing entails a high risk for the personality or fundamental rights of the data subjects. The Swiss DPA has published a guidance document to support this requirement.

French DPA: Remote monitoring of online exams

The use of distance exams in digital form by public and private higher education establishments is increasingly widespread. The remote monitoring devices used in this context are by nature intrusive, the CNIL recalls the obligations of the GDPR and encourages compliance with good practices. [Note: Guidance is in French]


RESOURCES

📗 Study: 25 major car brands violate consumer privacy principles

Twenty-five of the major car brands fail to uphold consumer privacy through collecting personal data by means of microphones, cameras, and devices connected to cars by users, according to a study by Mozilla, which was quickly challenged by car makers.

📕 Report: Cost of a Data Breach Report 2023

This report provides valuable insights into the threats that you face, along with practical recommendations to upgrade your cybersecurity and minimize losses.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!