Privacy Transformation - Issue 226

Curated privacy news, insights & resources, with a focus on Irish and EU developments.

PRIVACY

Data Protection Commission seeks meeting with FAI over youth player registration concerns

The Data Protection Commission (DPC) has asked to meet with the Football Association of Ireland amidst a data protection dispute that has seen one grassroots club in Co Wicklow suspended by the Dublin and District Schoolboys’/girls’ League.

Garda sergeant sent forward for trial over alleged unlawful sharing of personal data

A Garda sergeant and another man have been sent forward for trial accused of unlawfully sharing personal information from the force’s Pulse computer system.

Switzerland ratifies the Protocol amending Convention 108

Switzerland, who has been Party to Convention 108 since 1998, thus becomes the 28th State Party to join the modernised Convention 108 (Convention 108+). With this move, Convention 108+ is at ten ratifications of entry into force, demonstrating the acceleration of the ratification process of this landmark instrument, which still remains the only global international legally binding instrument protecting personal data and the right to privacy, aims at ensuring appropriate protection of all individuals in an ever-expanding digital era, in order to safeguard the respect for dignity and privacy of all and to fully enjoy the right to informational self-determination.

Digital Markets Act: Commission designates six gatekeepers

The European Commission has designated, for the first time, six gatekeepers - Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft - under the Digital Markets Act (DMA). In total, 22 core platform services provided by gatekeepers have been designated. The six gatekeepers will now have six months to ensure full compliance with the DMA obligations for each of their designated core platform services.

💡 INSIGHTS: Member of French Parliament lodges first request for annulment of EU-US Data Privacy Framework

P. Latombe, who is not only a Member of the French Parliament, but also seated at the French Data Protection Authority (CNIL)'s Commission, lodged a request for annulment of the DPF on 6 September 2023 before the Court of Justice of the European Union.

SECURITY & TECH

ChatGPT parent OpenAI to open office in Dublin

OpenAI, the company behind ChatGPT is expected to announce a new office in Dublin later this week, the Business Post has learned.

🔗 RELATED:

• OpenAI realizes that engaging with Europe, rather than threatening it, is the way to get what it wants
• 'Overwhelming consensus' on AI regulation - Musk

Meta developing new, more powerful AI system

Meta Platforms is working on a new artificial-intelligence system intended to be as powerful as the most advanced model offered by OpenAI, the Wall Street Journal reported on Sunday, citing people familiar with the matter.

✍🏻 ‘Our health data is about to flow more freely, like it or not’: big tech’s plans for the NHS

The government is about to award a £480m contract to build a vast new database of patient data. But if people don’t trust it, they’ll opt out – I know, because I felt I had to.

UK Information Commissioner and NCSC CEO sign Memorandum of Understanding

The UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC), Lindy Cameron, have today signed a joint Memorandum of Understanding (MoU) that sets out how both organisations will cooperate.

DATA BREACH

Manchester Police officers' data exposed in ransomware attack

United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier. The impacted organization, not named in a statement published today, is a service supplier for GMP and other organizations across the UK.

ENFORCEMENT

Irish DPA: Data Protection Commission welcomes latest successful prosecutions of marketing offences

The Data Protection Commission today welcomed the outcome of the prosecution proceedings that were taken by it at the Dublin Metropolitan District Court against Chill Insurance Limited, Hidden Hearing Limited, The Multiple Sclerosis Society of Ireland and Vodafone Ireland Limited.

Irish DPA: Inquiry into processing of Church Records by the Archbishop of Dublin

The DPC commenced the Inquiry following receipt of a number of complaints from data subjects who wished to obtain erasure in relation to their personal data processed in church registers. All of the data subjects had written to either their parish or to the Archdiocese asking for the erasure of their data pursuant to Article 17 GDPR.

🔗 RELATED: ✍🏻 GDPR saves Catholic no Double Dipping Baptism Rule

UK DPA: ICO issues reprimand to the Ministry of Justice

he Information Commissioner issues a reprimand to the Ministry of Justice (the MoJ) in accordance with Article 58(2)(b) of the UK General Data Protection Regulation in respect of certain infringements of the UK GDPR.

Google’s adtech targeted by Dutch class-action style privacy damages suit

Google is facing class-action style litigation in the Netherlands which accuses the adtech giant of breaching European privacy laws. It’s demanding Google stops tracking and profiling consumers and is also seeking compensation for what it dubs “large-scale privacy violations” of the European Union’s data protection regime.

RESOURCES

📘 Paper: The Law of AI for Good

Because AI requires better, more representative data, the right to privacy can conflict with the right to fair, unbiased, and accurate algorithmic decision-making. This article argues that the dominant policy frameworks regulating AI risks—emphasizing the right to human decision-making (human-in-the-loop) and the right to privacy (data minimization)—must be complemented with new corollary rights and duties: a right to automated decision-making (human-out-of-the-loop) and a right to complete and connected datasets (data maximization).

🔗 RELATED: What If Everything You’ve Heard about AI Policy is Wrong?

💻 Webinar: Saving Private DPO: Insights from Inside the World of the DPO

The Data Protection Officer job is exciting. It can also be stressful, due to a heavy workload, a lack of resources, insufficient support, or tensions with certain business departments or even with the data controller itself. But there are situations where the DPO is under so much pressure that he or she loses self-confidence, abdicates his or her independence, finds himself or herself isolated, pushed to leave, or even is dismissed. Some of them even fall into depression.

Based on the study of emblematic cases, the author attempts to list the various root causes and to identify the lessons that can be drawn from them: what can be done to avoid reaching this point, and how do we manage these situations when they occur? [Register Here]

💡 ENISA: Foresight 2030 Threats

This booklet summarises upcoming challenges and provides for an assessment of the risks. We are now ready to design the cyber secure future ahead of us.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!