Privacy Transformation - Issue 247
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
EU countries give crucial nod to first-of-a-kind Artificial Intelligence law
The ambassadors of the 27 countries of the European Union unanimously approved the world’s first comprehensive rulebook for Artificial Intelligence, rubber-stamping the political agreement reached in December.
Argentina: New adequacy decision obtained from the European Union for the international transfer of personal data
The European Commission has concluded that personal data transferred from the European Union to Argentina are adequately protected and, therefore, can continue to flow freely from the EU to Argentina.
Data Accuracy: In the name of the fada – Aer Lingus and Bank of Ireland computers unable to use Irish accent mark
The Irish national flag carrier and one of the country’s largest banks have both claimed their computer systems are unable to process the Irish language síneadh fada accent, the High Court has heard. The inability of Aer Lingus and Bank of Ireland to use fadas when recording the names and addresses of customers was highlighted in a dispute involving an Irish language activist and the Data Protection Commission.
ICO urges all app developers to prioritise privacy
The UK Information Commissioner’s Office is reminding all app developers to ensure they protect users’ privacy, following the regulator’s review of period and fertility apps. Last year, the ICO looked closely at period and fertility apps to understand how they process personal data and identify whether there is any negative impact on users as a result.
✒️ Op-Ed: Maybe no consent needed for advertising under ePrivacy "cookie" rule?
Reading through the CNIL's new decision against Yahoo on cookies brings back to mind a question that has stuck with me for well over a decade: what is the exact reasoning that has led many EU-based authorities to say that advertising cookies/etc. are not strictly necessary for the provision of a service, and why does it persist?
DATA BREACH
Data breach at French healthcare services firm puts millions at risk
French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.
ENFORCEMENT
Danish DPA: Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.
French DPA: Data brokers TAGADAMEDIA fined €75,000
CNIL has fined an operator of online competition and product testing websites, in particular because it collected prospect data without valid consent, due to the misleading appearance of its competition forms.
GUIDANCE & OPINIONS
Irish DPA: Managing Your Digital Footprint
The Irish Data Protection Commission has published guidance to help individuals manage their digital footprint.
RESOURCES
📗 ENISA Report: Engineering Personal Data Protection in EU Data Spaces
Common European data spaces (EU data spaces) are a novel concept introduced in the European strategy for data and elaborated further within the Data Governance Act (DGA). This report attempts to contextualise the main design principles regarding protection of personal data and demonstrate how to engineer personal data protection through two use cases of an envisioned EU data space in the pharmaceutical domain.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!