Privacy Transformation - Issue 229
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
TikTok challenges €345m fine for failing to protect children’s privacy
TikTok has launched a High Court challenge aimed at quashing the Data Protection Commission's decision to fine it €345m for failing to protect children’s privacy on its social media site. Earlier this month, the DPC imposed the fine after it investigated TikTok over how some of its privacy settings and features complied with obligations under the GDPR.
Firms using electronic monitoring on staff working from home must 'respect their rights,' ICO warns
Britain's information watchdog has warned companies that employee monitoring must be 'necessary' and 'proportionate', with those overstepping the mark facing potential legal action.
UK Financial Conduct Authority broke rules on data protection
The City regulator broke data protection rules by “intercepting and diverting” emails, a policy that was allegedly signed off by Andrew Bailey’s office and used to keep track of people “considered a nuisance”.
EU Parliament mulls using MEPs’ fingerprints to register attendance
The European Parliament is moving forward plans to replace the system of manual signature by MEPs with a system of biometric fingerprints as proof of presence at parliamentary meetings, according to a Parliament document seen by Euractiv.
TikTok seeks permission to erect 15 CCTV cameras outside Dublin head office
Video sharing online giant TikTok has lodged plans with Dublin City Council to erect 15 CCTV cameras on the exterior of its headquarters here “for additional security and surveillance purposes”.
EDPB response to MEP in't Veld on amendments to Irish legislation
EDPB's response to MEP Sophie in't Veld's letter concerning the amendments passed by the Irish Parliament on 28 June 2023 by way of the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 and including rules on the confidentiality of data protection investigations.
SECURITY & TECH
Ireland's Cybersecurity industry needs additional 1,000 workers a year to meet demand - report
Ireland’s cyber security sector needs an additional 1,000 workers a year amid a surge in demand for services, a new report has found. The cybersecurity industry could support up to 17,000 high-value jobs by 2030, up from 7,300 currently, the State of the Cyber Security Sector in Ireland 2022 found.
Meta planning ad-free subscription or tracking ads ‘choice’ in EU, per WSJ — in latest bid to keep snooping
New battle lines appear to be being drawn up in the European Union between Facebook and Instagram owner Meta and regional users’ privacy rights.
Canadian Federal Court of Appeal ruling opens door for Canadians to have ‘right to be forgotten’ on Google
Google’s search engine is covered by federal privacy law, a court has ruled, opening the door for people to demand to have their names made unsearchable – commonly known as a “right to be forgotten.” In a 2-1 ruling, the Federal Court of Appeal said Google, which is responsible for as much as 75 per cent of internet searches in Canada, is not covered by an exemption in the federal law for journalistic or artistic work.
DATA BREACH
Sony confirms data breach impacting thousands in the U.S.
Sony Interactive Entertainment has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform.
ENFORCEMENT
Norwegian DPA: Meta case brought to the European level
The Norwegian Data Protection Authority has requested a binding decision from the European Data Protection Board in the Meta case. In the request, they ask that the Norwegian temporary ban on behavioural advertising on Facebook and Instagram be made permanent and extended to the entire EU/EEA.
Norwegian DPA: Record fine in the Grindr case confirmed
The Privacy Appeals Board has now made a decision in the Grind case. The Board upholds the Norwegian Data Protection Authority’s decision on an administrative fine of NOK 65 million.
French DPA: Fine for excessive data collection and lack of cooperation imposed on SAF LOGISTICS
n 18 September 2023, the CNIL imposed a fine of 200 000 euros on SAF LOGISTICS for collecting too much data from its employees, infringing on their privacy and not having cooperated enough with the CNIL services.
GUIDANCE & OPINIONS
ICO: The UK Government’s assessment of adequacy for the UK Extension to the EU-US Data Privacy Framework for the general processing of personal data
The ICO has published its opinion regarding the UK Extension for consideration by the UK Parliament.
ICO: ICO publishes guidance to ensure lawful monitoring in the workplace
The UK Information Commissioner’s Office is calling on organisations to consider both their legal obligations and their workers’ rights before they implement any monitoring in the workplace. [Read Guidance]
RESOURCES
EDPS: Website Inspection Software
The European Data Protection Supervisor (EDPS) has developed open source software tools for the automation of privacy and personal data protection inspections of websites. The tool collects evidence of personal data processing, such as cookies, or requests to third parties.
NIST: Cybersecurity and Privacy Reference Tool
The Cybersecurity and Privacy Reference Tool offers a consistent format for accessing the reference data of NIST cybersecurity and privacy standards, guidelines, and frameworks. Here you can find digitized reference data, in a unified data format, from certain NIST publications that can support numerous use cases.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!