Privacy Transformation - Issue 23
PRIVACY
DCU Brexit Institute: DPC Helen Dixon says post Brexit Personal Data issues are 'broad and deep' for Irish business
Personal data issues arising from the UK’s departure from the EU are “broad and deep” – and Irish businesses that ignore these issues do so “at their peril” in the event of a hard-Brexit, Ireland’s Data Protection Commissioner (DPC) has warned.
EDPS investigation into IT contracts: stronger cooperation to better protect rights of all individuals
Cooperation between public authorities in the Member States, EU institutions and other international organisations is essential to ensure that contractual arrangements and measures with Microsoft provide the same level of protection for individual rights throughout the European Economic Area (EEA)
Latest ePrivacy Regulation draft proposal released by Finnish Presidency
The Finnish Presidency of the Council of the European Union has released a new draft compromise proposal for the ePrivacy Regulation ahead of the Working Party on Telecommunications and Information Society meeting Oct. 22.
Blog by Elizabeth Denham, UK Information Commissioner: Global collaboration and how it helps the UK
We live in an age of borderless data flows. We can be in our own homes, but as quickly as we tap an app on our phones, our information travels outside our personal four walls and is transmitted around the world.
The moment of truth has arrived for the ICO
Last June, the UK’s Information Commissioner’s Office (ICO) agreed that RTB as currently configured is unlawful under GDPR. The ICO instead gave the industry six months to clean up their act while they investigate further.
Those six months are ending soon and the world is watching. It’s the moment of truth not just for GDPR but for the ICO as well. While the Irish Data Protection Commission remains underfunded, the ICO has been adding hundreds of staff, signalling an intent to get serious about enforcement.
Public Service Card cost nears €68m as enforcement order ‘imminent’
The cost of the public services card has risen to nearly €68 million, according to new information given to the Dáil’s Public Accounts Committee (PAC).
The new figures were contained a letter sent by the secretary-general of the Department of Social Protection, John McKeon.
It comes as sources have indicated that an enforcement order against the department by the Data Protection Commissioner is “imminent”.
Donohoe ordered that PSC system be used
The Department of Children and Youth Affairs was ordered to make the public services card (PSC) the only way for people to access the new National Childcare Scheme as it did “not make sense” for the department to be allowed to develop its own application system.
SECURITY & TECH
Rethinking Encryption
This piece is particularly noteworthy given that the author was the FBI's top lawyer when it went to court in 2016 to try force Apple to develop the ability for the FBI to decrypt an iPhone.
All public safety officials should think of protecting the cybersecurity of the United States as an essential part of their core mission to protect the American people and uphold the Constitution. In order to do that effectively, they should deal with reality and embrace encryption.
India is trying to build the world's biggest facial recognition system
India is setting up a countrywide facial recognition system, which will be one of the largest ones ever built. It will assist police forces, which are among the most understaffed in the world, to arrest criminals and find missing persons.
The Delicate Ethics of Using Facial Recognition in Schools
A growing number of districts are deploying cameras and software to prevent attacks. But the systems are also used to monitor students—and adult critics.
Firefox gets personalized privacy reports
Mozilla today announced that its Enhanced Tracking Protection feature for Firefox, which launched in July (and became the default in September), has now blocked a total of more than 450 billion third-party tracking requests from the thousands of companies that try to track you as you browse the web.
Mark Zuckerberg says Facebook's top priority is setting up FTC-mandated privacy program
Mark Zuckerberg said Facebook plans to implement a new privacy program that was mandated after the company's $5 billion settlement with the FTC in July.
How Macron tried to fix Facebook — and failed
An ill-fated scheme to embed regulators inside of Facebook underscores the French president’s challenge in trying to be Europe’s most tech-savvy leader.
Facebook Wants to Know the Apps You Download and Delete
But it has discontinued the use of software that violated App Store policies across Apple and Google—not to mention the trust of consumers.
Councils who use software with UK firms face GDPR headaches
Not even the dead have escaped Brexit preparations as county councils using a Northern Ireland firm to manage cemetery records faced a data protection headache.
DATA BREACH
NordVPN hit by data breach, failed to notify customers
Virtual private network (VPN) provider NordVPN has confirmed that one of its servers was breached back in March 2018, and that it had known of the attack since 'a few months ago' - but had not passed that information on top its customers.
Zappos Must Face Class Action Over Data Breach, Appeals Court Rules
A federal appellate court has revived a class-action lawsuit against Zappos stemming from a 2012 data breach that resulted in the theft of 24 million customers' information, including their email addresses, passwords, phone numbers and last four digits of their credit cards.
ENFORCEMENT
The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website
The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros
Users who accessed the company’s website did not have the ability to configure the cookies that were installed on their computers.
Landmark £100 million data breach claim against Equifax
North West based data breach and cybersecurity specialist Hayes Connor Solicitors is the first in the UK to serve a representative data breach claim in the High Court. The action could see Equifax ordered to pay up to £100 million in compensation to its estimated 15 million UK customers affected by its 2017 data breach.
COURTS, JUDGEMENTS & OPINIONS
Europe’s top court says active consent is needed for tracking cookies
Europe’s top court has ruled that pre-checked consent boxes for dropping cookies are not legally valid.
Consent must be obtained prior to storing or accessing non-essential cookies, such as tracking cookies for targeted advertising. Consent cannot be implied or assumed.
It’s a decision that — at stroke — plunges websites into legal hot water in Europe if their cookie notices don’t ask for consent first. As many don’t, preferring not to risk their ability to track users for ad targeting.
GUIDELINES
DPC - Updated Guideliens on DPIA's
In an update to their September guidance on Data Protection Impact Assessments, under 'How do I know if a DPIA should be conducted?', a list that the DPC has adopted of the ten types of processing that trigger a DPIA is now included.
RESOURCES
DPC - Data Breach Trends in the first year of GDPR
The DPC has published an info note showing trends in notified data breaches in the year to May 25 2019, the first year of GDPR operation.
IAPP - Updated 2019 Tech Vendor Report
This updated Report reflects the latest tech vendor landscape in 2019.
Report of the Special rapporteur on extreme poverty and human rights
UN report warns we risk "stumbling zombie-like into a digital welfare dystopia" as new systems "automate, predict, surveil, target & punish".