Privacy Transformation - Issue 247

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.


PRIVACY

EU countries give crucial nod to first-of-a-kind Artificial Intelligence law

The ambassadors of the 27 countries of the European Union unanimously approved the world’s first comprehensive rulebook for Artificial Intelligence, rubber-stamping the political agreement reached in December.

Argentina: New adequacy decision obtained from the European Union for the international transfer of personal data

The European Commission has concluded that personal data transferred from the European Union to Argentina are adequately protected and, therefore, can continue to flow freely from the EU to Argentina.

Data Accuracy: In the name of the fada – Aer Lingus and Bank of Ireland computers unable to use Irish accent mark

The Irish national flag carrier and one of the country’s largest banks have both claimed their computer systems are unable to process the Irish language síneadh fada accent, the High Court has heard. The inability of Aer Lingus and Bank of Ireland to use fadas when recording the names and addresses of customers was highlighted in a dispute involving an Irish language activist and the Data Protection Commission.

ICO urges all app developers to prioritise privacy

The UK Information Commissioner’s Office is reminding all app developers to ensure they protect users’ privacy, following the regulator’s review of period and fertility apps. Last year, the ICO looked closely at period and fertility apps to understand how they process personal data and identify whether there is any negative impact on users as a result.

Reading through the CNIL's new decision against Yahoo on cookies brings back to mind a question that has stuck with me for well over a decade: what is the exact reasoning that has led many EU-based authorities to say that advertising cookies/etc. are not strictly necessary for the provision of a service, and why does it persist?


DATA BREACH

Data breach at French healthcare services firm puts millions at risk

French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.


ENFORCEMENT

Danish DPA: Denmark orders schools to stop sending student data to Google

The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.

French DPA: Data brokers TAGADAMEDIA fined €75,000

CNIL has fined an operator of online competition and product testing websites, in particular because it collected prospect data without valid consent, due to the misleading appearance of its competition forms.


GUIDANCE & OPINIONS

Irish DPA: Managing Your Digital Footprint

The Irish Data Protection Commission has published guidance to help individuals manage their digital footprint.


RESOURCES

📗 ENISA Report: Engineering Personal Data Protection in EU Data Spaces

Common European data spaces (EU data spaces) are a novel concept introduced in the European strategy for data and elaborated further within the Data Governance Act (DGA). This report attempts to contextualise the main design principles regarding protection of personal data and demonstrate how to engineer personal data protection through two use cases of an envisioned EU data space in the pharmaceutical domain.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!