Privacy Transformation - Issue 230
Curated privacy news, insights & resources, with a focus on Irish and EU developments.
PRIVACY
Dixon’s dilemma: Irish data watchdog faces big call over Meta’s subscription plan
Eyebrows were raised around the world last week when it emerged that Meta was planning to start charging Europeans a monthly fee to use Instagram and Facebook without having their personal data used for targeted advertising. The move, after all, represents a dramatic shift in policy for Meta – a company that has for years taken pride in the fact that it provides its services to billions of users for free.
ICCL: Government urged to ensure no appearance of conflict of interest in selection of new leaders of the Irish Data Protection Commission
The Irish Council for Civil Liberties has urged the Irish Government to adopt a transparent and independent approach in selecting new leadership for the Irish Data Protection Commission.
✍🏻 What to expect when the UK-US Data Bridge comes into force this week
The UK Extension to the EU-US Data Privacy Framework will enter into force on October 12, allowing certifying entities to easily transfer personal data from the UK to the US. The ICO is still not happy that agreement 'appropriately' protects sensitive data.
SECURITY & TECH
BBC blocks AI access to content: Protecting Copyright and Privacy
Recently, the BBC has implemented measures to restrict access by artificial intelligence software to its content. This decision has been prompted by the mounting concerns surrounding potential copyright violations and privacy breaches. AI technologies have demonstrated the ability to manipulate content, generating new text, images, and other media forms based on the data they acquire.
✍🏻 Encryption services are sending the right message to the quantum codebreakers
A spectre is haunting our networked world. It’s the prospect of quantum computers. These are machines that harness some of the weirder properties of subatomic particles in ways that would make them exponentially more powerful than the computers we use today.
German competition authority happy as Google grants users more control over data
The German competition authority concluded its proceedings against Google’s data processing conditions, with the US company agreeing to give users more control over their data.
EU commission and Member States conduct large-scale cyber-attacks simulation for enhanced preparedness
Senior cybersecurity representatives from EU Member States, the Commission, and the EU Agency for Cybersecurity (ENISA) took part in a two-day ‘Blueprint Operational Level Exercise’, or Blue OLEx 2023, to test EU preparedness in the event of a cyber-related crisis.
DATA BREACH
Irish Dept. Social Protection responsible for over half of 5,000 data breaches by Government departments
Government departments have been responsible for more than 5,000 data breaches since new GDPR regulations came into effect in 2018. New information shows that there have been a total of 5,105 data breaches across all Government departments, including a significant amount of incidents of personal information being erroneously provided to third parties.
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. 23andMe is a U.S. biotechnology and genomics firm offering genetic testing services to customers who send a saliva sample to its labs and get back an ancestry and genetic predispositions report.
ENFORCEMENT
UK Information Commissioner concerned about Snapchat chatbot’s privacy risks
The British Information Commissioner’s Office issued a preliminary enforcement notice against Snapchat due to the social platform possibly failing to assess the privacy risks of “My AI”, its artificial intelligence bot.
🔗 RELATED: ICO: UK Information Commissioner issues preliminary enforcement notice against Snap
Irish DPA: Inquiry into Airbnb Ireland UC - September 2023
On 14 September 2023, the Data Protection Commission (DPC) adopted a decision in relation to a complaint against Airbnb Ireland UC (Airbnb), which was submitted to the Cypriot DPA, in its capacity as the concerned supervisory authority and thereafter referred to the DPC in its capacity as lead supervisory authority.
Court of Appeal rules ICO acted lawfully in subject access request complaint litigation
The UK Information Commissioner has welcomed the Court of Appeal’s ruling on a long-running court battle over a subject access request complaint. In its judgment, the court upheld an earlier High Court decision to dismiss a claim by Mr Ben Delo that the ICO had unlawfully failed to determine his complaint about a subject access request he had made to Wise Payments Limited. The case raised important questions about how far the ICO has to go in investigating and reaching a decision on the merits of every complaint.
RESOURCES
📚 New Irish DPC Case Studies
The DPC has published a number of new case studies:
- Right to be forgotten - removal of online news article and photograph
- Unlawful processing of personal data by a waste management company
- Request for erasure of biometric data from employer database
- Complaint of excessive personal data requested by a letting agent
- Excessive CCTV cameras in the workplace complaint
- Rectification request regarding inaccurate information in a Section 20 report
- Hospital refuses erasure request of special category data
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!