Privacy Transformation - Issue 246

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.

PRIVACY

Google forced to stop telling publishers about ‘right to be forgotten’ decisions after court ruling

Google has been forced, under a ­controversial European privacy law, to stop informing media organisations of decisions it takes to “delist” news ­articles from search engine results.

Data watchdog should be notified of Google’s bid to challenge probe, judge says

Google Ireland’s bid to challenge the Data Protection Commission’s (DPC’s) decision to probe complaints the internet giant’s processing of personal data should be heard on notice to the DPC, a High Court judge has decided.

EU top court finds indiscriminate storing of convicts’ data illegal

The European Court of Justice (ECJ) has ruled that law enforcement agencies cannot indiscriminately store biometric and genetic data on those who committed criminal offences until their death.

Commission Decision Establishing the European AI Office

The European Commission has announced the creation of the European Artificial Intelligence Office. This new entity will be part of the Directorate-General for Communication Networks, Content and Technology, adhering to its annual management plan while operating in line with Commission internal processes.

Graham Dwyer sues State and prison service for damages

Convicted murderer Graham Dwyer has brought an action for damages against the Irish Prison Service and the State. It is understood the case includes claims for damages for alleged negligence, alleged breach of privacy rights and rights under the Data Protection Acts and alleged breach of statutory duty.

Trump data protection case thrown out by UK court

Donald Trump's data protection case against a British private investigations firm over a dossier which alleged ties between Mr Trump's campaign and Russia has been thrown out by London's High Court.

SECURITY & TECH

ChatGPT is violating Europe’s privacy laws, Italian DPA tells OpenAI

OpenAI has been told it’s suspected of violating European Union privacy, following a multi-month investigation of its AI chatbot, ChatGPT, by Italy’s data protection authority. Details of the Italian authority’s draft findings haven’t been disclosed. But the Garante said today OpenAI has been notification and given 30 days to respond with a defence against the allegations.

New plan announced to grow cybersecurity sector

A new plan has been unveiled to grow Ireland's cybersecurity sector between now and 2023. The roadmap has been published by Cyber Ireland, a national organisation that brings together industry, academia and Government to represent the needs of the cybersecurity ecosystem in Ireland.

Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears

Microsoft said Thursday that it is upgrading its cloud computing service to let customers store all personal data within the European Union instead of having it flow to the U.S. where national privacy laws don’t exist.

EU adopts first Cybersecurity Certification Scheme

The European Cybersecurity Scheme on Common Criteria (EUCC) drafted by the European Union Agency for Cybersecurity (ENISA) has been adopted as the first scheme within the EU cybersecurity certification framework.

DATA BREACH

23andMe admits it didn’t detect cyberattacks for months

In a data breach notification letter filed with regulators this weekend, 23andMe revealed that hackers started breaking into customers’ accounts in April 2023 and continued through most of September.

ICO confirms data breach probe as UK councils remain downed by cyberattack

Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline.

ENFORCEMENT

Dutch regulator fines Uber €10 mil. for violating privacy rules around drivers' data

Uber received a privacy fine of 10 million euros because the technology company is too unclear about how it handles the personal data of European drivers. According to the Dutch Data Protection Authority (AP), which imposed the fine, Uber did not provide sufficient transparency about how long the company kept this type of data. In addition, it was unclear to which countries outside Europe Uber forwarded that information. Uber also allegedly made it difficult for drivers who performed rides via the company’s app to request information about their personal data.

Employee monitoring: CNIL fined AMAZON FRANCE LOGISTIQUE €32 million

On 27 December 2023, the French Data Protection Authority (CNIL) fined AMAZON FRANCE LOGISTIQUE €32 million for setting up an excessively intrusive system for monitoring employee activity and performance. The company was also fined for video surveillance without information nor sufficient security.

GUIDANCE & OPINIONS

EDPS: Opinion 8/2024 on the Proposal for a Regulation amending Regulation (EU) 2021/1232 on a temporary derogation from certain ePrivacy provisions for combating CSAM

The EDPS has issued an Opinion on the proposed Regulation to extend the temporary derogation from certain provisions of the ePrivacy Directive to combat child sexual abuse online.

RESOURCES

📕 UK NCSC: The near-term impact of AI on the cyber threat

An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

🔎 EDPB Launches Website Auditing Tool

The EDPB has launched a website auditing tool that can be used to help analyse whether websites are compliant with the law. The tool was developed in the context of the EDPB Support Pool of Experts (SPE) and can be used by both legal and technical auditors at data protection authorities (DPAs), as well as by controllers and processors who wish to test their own websites.

CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!