Privacy Transformation - Issue 25
PRIVACY
Sweden authorises the use of facial recognition technology by the police
Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.
The decision is controversial following successive bans of this technology in US cities.
The Government Protects Our Food and Cars. Why Not Our Data?
The United States is virtually the only developed nation without a comprehensive consumer data protection law and an independent agency to enforce it.
Your DNA Profile is Private? A Florida Judge Just Said Otherwise
Privacy experts say a warrant granted in Florida could set a precedent, opening up all consumer DNA sites to law enforcement agencies across the country.
Tinder, four other dating sites don't comply with Dutch privacy laws
Dating platforms Tinder, Happn, 50plusmatch, Parship, and Paiq are in violation of Dutch privacy law, according to consumers association Consumentenbond. They place tracking cookies without users' permission and their privacy statements are intentionally vague about who they share information with, according to the association.
Concerns raised over privacy and security of UK Home Office's £842m biometrics programme
An independent ethical advice group has raised concerns about the UK Home Office's £842m Biometrics programme, which will store millions of people's highly sensitive biometric data, due to go live next year.
Data for money: App facilitating data portability now under the EDPB's scrutiny Related reading: Sens. to propose new data portability bill
Starting from the early months of 2019, a number of large-scale Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople, whereby such a company exercised, on behalf of the data subjects that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers' loyalty programs. The transfer of such data was to go directly to Weople.
e-Hallpass is one of many apps tracking students' personal data like trips to the bathroom
A digital hallpass app that tracks bathroom trips is the latest school software to raise privacy concerns.
SECURITY & TECH
On the inside of a hacking catastrophe
In early September 2017 David Rimmer was on the final day of a corporate get-together in the US, organised by Equifax, the giant financial firm he worked for.
"In that meeting, where external counsel [lawyers] were also present, some of us were told 'if you tell anyone else about this, you'll be fired on the spot and walked off-site'."
Your period-tracking app could be sharing intimate details with all of Facebook
Women’s health apps are again raising concerns of privacy as a new study finds some are sharing information without consent.
NordVPN users’ passwords exposed in mass credential-stuffing attacks
Many of the dumps have been pulled off public webpages, but at least one remains.
NHS pagers are leaking medical data
Unencrypted pager messages are broadcasting health and medical data across UK cities
Pegasus breach: Will quitting WhatsApp make your phone safer?
Some are quitting the popular messaging app for alternatives, but experts say this is not the answer.
Revolut issue statement regarding privacy update
The update is in relation to the banking app's policy with regards to who it shares user's private information with.
DATA BREACH
UniCredit unveils 2015 data breach involving 3 million Italian clients
UniCredit has uncovered a data breach involving the personal records of 3 million domestic clients, it said on Monday, the third security incident at Italy's top bank in recent years.
Healthcare Data Breaches Costs Industry $4 Billion by Year's End, 2020 Will Be Worse Reports Survey
Hospital systems expenditure on protections as part of IT budgets increased 6% year-to-year but physician organization cybersecurity spend has decreased since 2018, and 92% lack full-time security staff.
ENFORCEMENT
Berlin DPA hands property firm 14.5M euro GDPR fine
The Berlin Commissioner for Data Protection and Freedom of Information has announced German property company Deutsche Wohnen SE has been fined 14.5 million euros for violating the GDPR.
The Spanish Data Protection Authority fined a company for the cookie policy used on its website with 30,000 euros
The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros.
GUIDELINES
EDPS Guidelines on the concepts of controller, processor and joint controllership
This document provides EU Institutions with guidance on the concepts of controller, processor and joint controllership in order provide further clarity on their role when processing personal data, thus identifying their responsibilities and complying with the Regulation.
The Right of Access - DPC Guidelines Updated
The DPC has updated their guidance on the Right of Access, clarifying language around mixed personal data and third party personal data.
Information Commissioner reminds political parties they must comply with the law ahead of General Election
U.K. Information Commissioner Elizabeth Denham has sent letters to political campaigns to re-emphasize proper data use.
Opinion on Proposals regarding European Production and Preservation Orders for electronic evidence in criminal matters
The EDPS has issued an Opinion on Proposals regarding European Production and Preservation Orders for electronic evidence in criminal matters.
Data Protection Impact Assessments and AI
The ICO has produced detailed guidance on DPIAs that explains when they are required and how to complete them. This blog sets out some of the things organisations should think about when carrying out a DPIA for the processing of personal data in AI systems.
RESOURCES
Blockchain now and tomorrow: assessing the impact of distributed ledger technologies
Blockchain now and tomorrow: assessing the impact of distributed ledger technologies - REPORT.
Introduction to the hash function as a personal data pseudonymisation technique
Introduction to the hash function as a personal data pseudonymisation technique.