Privacy Transformation - Issue 237
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
Consumer groups file complaint against Meta’s ‘pay-or-consent’ model
The European Consumer Organisation (BEUC) and 18 of its members has filed a complaint to the European Commission against Meta’s “unfair pay-or-consent” model under EU consumer law.
UK GDPR reforms move forward in UK Parliament
The proposed U.K. Data Protection and Digital Information Bill has moved a step closer to passage. The U.K. House of Commons has voted to avoid recommitting the bill following the recent introduction of U.K. government-backed amendments, instead moving the proposal to the report stage of consideration. If the recommittal vote succeeded, the bill and its proposed changes would've moved back to the committee debate.
Commissioner warns UK’s top websites to make cookie changes
The Information Commissioner has warned some of the UK’s top websites they face enforcement action if they do not make changes to comply with data protection law.
Behind France’s stance against regulating powerful AI models
In the past weeks, France has emerged as a showstopper in the negotiations on the world’s first comprehensive AI law, taking an uncompromising stance in rejecting binding rules for the most powerful models.
🔗 RELATED: AI Act: Spanish presidency makes last mediation attempt on foundation models
DATA BREACH
ICO: Hospitals urged to improve data protection standards following incident at NHS Fife
The Information Commissioner’s Office has issued a reprimand to NHS Fife, after an unauthorised person was able to enter a ward and access the personal information of 14 patients.
🔗 RELATED: ICO: NHS Fife reprimand
Okta: October data breach affects all customer support system users
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. The company notes that the threat actor also accessed additional reports and support cases with contact information for all contact information of all Okta certified users.
GUIDANCE & OPINIONS
DPC: Data protection during Christmastime
As we approach Christmastime and the busy shopping season, we thought it might be helpful to provide an overview of some of the DPC’s guidance around the issues that crop up the most at this time of year.
RESOURCES
📕 ENISA: Trust Services Security Incidents 2022
The Annual Report Trust Services Security Incidents 2022 provides an aggregated overview of the notified breaches for 2022, analysing root causes, statistics and trends. This report marks the sixth round of security incident reporting for the EU’s trust services sector.
📰 Briefing: EU Cyber-Resilience Act
A briefing paper produced by the European Parliament on the Commission's proposal for a regulation, the 'cyber-resilience act', which aims to impose cybersecurity obligations on all products with digital elements whose intended and foreseeable use includes direct or indirect data connection to a device or network.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!