Privacy Transformation - Issue 237

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.

PRIVACY

Consumer groups file complaint against Meta’s ‘pay-or-consent’ model

The European Consumer Organisation (BEUC) and 18 of its members has filed a complaint to the European Commission against Meta’s “unfair pay-or-consent” model under EU consumer law.

🔗 RELATED: European consumer groups band together to fight Meta’s self-serving ad-free sub — branding it ‘unfair’ and ‘illegal’

UK GDPR reforms move forward in UK Parliament

The proposed U.K. Data Protection and Digital Information Bill has moved a step closer to passage. The U.K. House of Commons has voted to avoid recommitting the bill following the recent introduction of U.K. government-backed amendments, instead moving the proposal to the report stage of consideration. If the recommittal vote succeeded, the bill and its proposed changes would've moved back to the committee debate.

Commissioner warns UK’s top websites to make cookie changes

The Information Commissioner has warned some of the UK’s top websites they face enforcement action if they do not make changes to comply with data protection law.

Behind France’s stance against regulating powerful AI models

In the past weeks, France has emerged as a showstopper in the negotiations on the world’s first comprehensive AI law, taking an uncompromising stance in rejecting binding rules for the most powerful models.

🔗 RELATED: AI Act: Spanish presidency makes last mediation attempt on foundation models

DATA BREACH

ICO: Hospitals urged to improve data protection standards following incident at NHS Fife

The Information Commissioner’s Office has issued a reprimand to NHS Fife, after an unauthorised person was able to enter a ward and access the personal information of 14 patients.

🔗 RELATED: ICO: NHS Fife reprimand

Okta: October data breach affects all customer support system users

Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. The company notes that the threat actor also accessed additional reports and support cases with contact information for all contact information of all Okta certified users.

GUIDANCE & OPINIONS

DPC: Data protection during Christmastime

As we approach Christmastime and the busy shopping season, we thought it might be helpful to provide an overview of some of the DPC’s guidance around the issues that crop up the most at this time of year.

RESOURCES

📕 ENISA: Trust Services Security Incidents 2022

The Annual Report Trust Services Security Incidents 2022 provides an aggregated overview of the notified breaches for 2022, analysing root causes, statistics and trends. This report marks the sixth round of security incident reporting for the EU’s trust services sector.

📰 Briefing: EU Cyber-Resilience Act

A briefing paper produced by the European Parliament on the Commission's proposal for a regulation, the 'cyber-resilience act', which aims to impose cybersecurity obligations on all products with digital elements whose intended and foreseeable use includes direct or indirect data connection to a device or network.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!