Privacy Transformation - Issue 25

PRIVACY

Sweden authorises the use of facial recognition technology by the police

Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.

The decision is controversial following successive bans of this technology in US cities.

The Government Protects Our Food and Cars. Why Not Our Data?

The United States is virtually the only developed nation without a comprehensive consumer data protection law and an independent agency to enforce it.

Your DNA Profile is Private? A Florida Judge Just Said Otherwise

Privacy experts say a warrant granted in Florida could set a precedent, opening up all consumer DNA sites to law enforcement agencies across the country.

Tinder, four other dating sites don't comply with Dutch privacy laws

Dating platforms Tinder, Happn, 50plusmatch, Parship, and Paiq are in violation of Dutch privacy law, according to consumers association Consumentenbond. They place tracking cookies without users' permission and their privacy statements are intentionally vague about who they share information with, according to the association.

Concerns raised over privacy and security of UK Home Office's £842m biometrics programme

An independent ethical advice group has raised concerns about the UK Home Office's £842m Biometrics programme, which will store millions of people's highly sensitive biometric data, due to go live next year.

Data for money: App facilitating data portability now under the EDPB's scrutiny Related reading: Sens. to propose new data portability bill

Starting from the early months of 2019, a number of large-scale Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople, whereby such a company exercised, on behalf of the data subjects that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers' loyalty programs. The transfer of such data was to go directly to Weople.

e-Hallpass is one of many apps tracking students' personal data like trips to the bathroom

A digital hallpass app that tracks bathroom trips is the latest school software to raise privacy concerns.

SECURITY & TECH

On the inside of a hacking catastrophe

In early September 2017 David Rimmer was on the final day of a corporate get-together in the US, organised by Equifax, the giant financial firm he worked for.

"In that meeting, where external counsel [lawyers] were also present, some of us were told 'if you tell anyone else about this, you'll be fired on the spot and walked off-site'."

Women’s health apps are again raising concerns of privacy as a new study finds some are sharing information without consent.

NordVPN users’ passwords exposed in mass credential-stuffing attacks

Many of the dumps have been pulled off public webpages, but at least one remains.

NHS pagers are leaking medical data

Unencrypted pager messages are broadcasting health and medical data across UK cities

Pegasus breach: Will quitting WhatsApp make your phone safer?

Some are quitting the popular messaging app for alternatives, but experts say this is not the answer.

Revolut issue statement regarding privacy update

The update is in relation to the banking app's policy with regards to who it shares user's private information with.

DATA BREACH

UniCredit unveils 2015 data breach involving 3 million Italian clients

UniCredit has uncovered a data breach involving the personal records of 3 million domestic clients, it said on Monday, the third security incident at Italy's top bank in recent years.

Healthcare Data Breaches Costs Industry $4 Billion by Year's End, 2020 Will Be Worse Reports Survey

Hospital systems expenditure on protections as part of IT budgets increased 6% year-to-year but physician organization cybersecurity spend has decreased since 2018, and 92% lack full-time security staff.

ENFORCEMENT

Berlin DPA hands property firm 14.5M euro GDPR fine

The Berlin Commissioner for Data Protection and Freedom of Information has announced German property company Deutsche Wohnen SE has been fined 14.5 million euros for violating the GDPR.

The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros.

GUIDELINES

EDPS Guidelines on the concepts of controller, processor and joint controllership

This document provides EU Institutions with guidance on the concepts of controller, processor and joint controllership in order provide further clarity on their role when processing personal data, thus identifying their responsibilities and complying with the Regulation.

The Right of Access - DPC Guidelines Updated

The DPC has updated their guidance on the Right of Access, clarifying language around mixed personal data and third party personal data.

Information Commissioner reminds political parties they must comply with the law ahead of General Election

U.K. Information Commissioner Elizabeth Denham has sent letters to political campaigns to re-emphasize proper data use.

Opinion on Proposals regarding European Production and Preservation Orders for electronic evidence in criminal matters

The EDPS has issued an Opinion on Proposals regarding European Production and Preservation Orders for electronic evidence in criminal matters.

Data Protection Impact Assessments and AI

The ICO has produced detailed guidance on DPIAs that explains when they are required and how to complete them. This blog sets out some of the things organisations should think about when carrying out a DPIA for the processing of personal data in AI systems.