Privacy Transformation - Issue 232

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.


PRIVACY

Thousands of drivers have sensitive data exposed to hackers in major IT breach

The driving licences of thousands of motorists who had vehicles towed on behalf of the Irish police were left at the mercy of hackers in a major data breach. More than half a million documents exposed include details of insurance investigations, vehicle registration certs, notices of car seizures and payment card details.

The 23andMe data breach reveals the vulnerabilities of our interconnected data

On Oct. 6, news broke that 23andMe, the genomics company that collects genetic material from thousands of people for ancestry and genetic predisposition tests, had a massive data breach. But as it turns out, the company’s servers were not hacked. Rather, hackers targeted hundreds of individual user accounts — allegedly those that had repeated passwords. After gaining access to the accounts, hackers could leverage the “DNA relatives matches” function of 23andMe to get information about thousands of other people.

Commission recommends Member States to fast-track DSA governance to enhance response to illegal online content

The Commission published a set of recommendations for Member States to coordinate their response to the spread and amplification of illegal content, such as terrorist content or unlawful hate speech, before it can lead to a serious threat to public security. [Read Recommendations]

EU ‘in touching distance’ of world’s first laws regulating artificial intelligence

The EU is within “touching distance” of passing the world’s first laws on artificial intelligence, giving Brussels the power to shut down services that cause harm to society, says the AI tsar who has spent the last four years developing the legislation.

🔗 RELATED: White House to unveil sweeping AI executive order next week

The EU lawmakers spearheading the work on the EU’s AI bill have circulated a new version of the provisions regarding the classification of high-risk AI systems, maintaining the filter-based approach despite a contrary legal opinion.

🔗 RELATED: AI Act: EU Parliament’s legal office gives damning opinion on high-risk classification ‘filters’


SECURITY & TECH

Irish-linked spyware used in brazen attacks - report

The Irish government is set to investigate a digital surveillance alliance that has been accused of letting its smartphone spyware "run wild across the world".

EU cybersecurity body sounds alarm bell over AI-driven disruptions of European elections

ENISA, the EU cybersecurity agency, has warned that powerful new AI models might become a disruptive factor in the EU elections next June as malicious actors could use them to run large-scale information manipulation campaigns.

Okta says hackers stole customer access tokens from support unit

Identity and access giant Okta said a hacker broke into its customer support ticket system and stole sensitive files that can be used to break into the networks of Okta’s customers.

RELATED: 1Password discloses security incident linked to Okta breach


ENFORCEMENT

Face search company Clearview AI overturns UK privacy fine

A company which enables its clients to search a database of billions of images scraped from the internet for matches to a particular face has won an appeal against the UK's privacy watchdog.

🔗 RELATED: Should Clearview AI escape ICO punishment in the UK?

Swedish DPA: H&M fined for mishandling consumers’ right to object to direct marketing

The Swedish Agency for Privacy Protection has reviewed complaints concerning H&M and finds that the company has failed in its handling of requests from individuals who do not want to receive marketing from the company.

French DPA: Commercial prospecting and rights of individuals: fine of 600,000 euros against GROUPE CANAL+

On 12 October 2023, the French Data Protection Authority (CNIL) fined GROUPE CANAL+ 600,000 euros, notably for failing to comply with its obligations in terms of commercial prospecting and rights of individuals.

TikTok has been granted permission by the High Court to challenge the Data Protection Commission's decision to fine it €345m for failing to protect children’s privacy on its social media site.

UK DPA: Reprimand: Police Service of Northern Ireland

Police Service of Northern Ireland failed to have appropriate measures in place to prevent unlawful sharing of personal data including criminal data with the United States Department of Homeland Security.


GUIDANCE & OPINIONS

EDPS: EDPS' Final Recommendations on the AI Act

The EDPS has published its own-initiative Opinion on the Artificial Intelligence Act as this proposed Regulation enters the final stages of negotiations between the EU’s co-legislators. [Read Opinion]

ICO: How data protection law can help retailers tackle shoplifting

A guidance note in the form of a blog post from the ICO's Director of Regulatory Policy Projects providing insights into how retailers can share information to prevent or detect crime in line with data protection law.

Irish NCSC: NIS2 Quick Reference Guide

The Irish National Cyber Security Centre has published a quick reference guide for the NIS2. NIS2 is a crucial step taken by the EU to bolster cyber security across Member States. This guide simplifies the key points, deadlines, and obligations for entities, to aid in better understanding what's involved.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!