Privacy Transformation - Issue 245
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
Google begins High Court case against Irish data regulator
Google has started a High Court case against Irish data regulator over a new privacy investigation into the company, taking the unusual step of initiating a legal challenge before any determination is made in the case.
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears
Microsoft said that it is upgrading its cloud computing service to let customers store all personal data within the European Union.
Meta will let EU users unlink their Instagram, Facebook, and Messenger info ahead of DMA
Under the changes, users will also be able to unbundle their Marketplace and Facebook Gaming accounts, though in some cases Meta says this will limit features.
EU Commission’s last-minute attempt to keep private companies in world’s first AI treaty
Despite pressure from some EU countries, the European Commission is still trying to prevent private companies from being excluded by default from the first international treaty on Artificial Intelligence.
EU Commission readies establishment of AI Office
The European Commission is set to adopt a decision establishing the European Artificial Intelligence Office. The AI Office will play a pivotal role in the enforcement architecture of the AI Act, the EU’s landmark law to regulate Artificial Intelligence, set to be formally adopted in the coming weeks based on a political agreement nailed down in December.
DATA BREACH
“The mother of all breaches”: 26 billion records found online
Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches”. However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches.
AerCap discloses cybersecurity incident
The world's largest aircraft lessor AerCap Holdings was hit by a cybersecurity incident related to ransomware on January 17, the company said in a filing today.
23andMe data breach: Hackers stole raw genotype data, health reports
Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.
ENFORCEMENT
Digital rights group files additional complaint against Meta’s ‘pay or okay’ model
The non-profit digital rights organisation Noyb filed an additional complaint on Thursday morning (11 January) with the Austrian data protection authority about Facebook’s “pay or okay” system, this time focusing on the withdrawal conditions.
CNIL fines Yahoo! €10 million for violation of cookie consent
The CNIL received 27 complaints reporting the failure to take into account the refusal of cookies and the obstacles encountered in withdrawing consent to the deposit of cookies. In October 2020 and June 2021, the CNIL carried out several online investigations on the Yahoo.com website and the Yahoo! Mail messaging service.
Employee monitoring: CNIL fined Amazon France Logistique €32 million
The French DPA has fined Amazon France Logistique €32 million for setting up an excessively intrusive system for monitoring employee activity and performance. The company was also fined for video surveillance without information nor sufficient security.
RESOURCES
Swiss DPA: Guide to Technical and Organisational Data Protection Measures (TOM) available in English
The Guide to Technical and Organisational Data Protection Measures (TOM) provides an introduction to the risks and solutions associated with data protection in today's information systems.
EDPB publishes OSS case digest on Security of Processing and Data Breach Notification
The EDPB has published a thematic one-stop-shop case digest on Security of Processing (Art. 32 GDPR) and Data Breach Notification (Art. 33 & 34 GDPR). The case digest offers valuable insights on how DPAs have interpreted and applied GDPR provisions in diverse scenarios, such as hacking, ransomware, or accidental data disclosure.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!