Privacy Transformation - Issue 250

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.


PRIVACY

Concerns raised over UK Data Protection Bill’s impact on EU’s GDPR

A letter sent by member of European Parliament Paul Tang raises questions regarding the potential effects of the UK’s Data Protection Bill on the EU’s General Data Protection Regulation.

Report released by Justice Committee on An Garda Síochána facial recognition bill

In Ireland, the Justice Committee released a pre-legislative scrutiny report on the Facial Recognition Technology Bill that would determine how An Garda Síochána would use the technology. The Irish Council for Civil Liberties (ICCL), Digital Rights Ireland, the Data Protection Commission, and academic experts, among others, have also voiced concerns with the technology.

CEF 2024: Launch of coordinated enforcement on the right of access

The European Data Protection Board has kicked off its Coordinated Enforcement Framework action for 2024. Throughout the year, 31 Data Protection Authorities, including 7 German State-level DPAs, across the EEA will take part in this initiative on the implementation of the right of access.

ICO and Federal Communications Commission sign Memorandum of Understanding

The Information Commissioner’s Office and the US Federal Communications Commission have signed a Memorandum of Understanding which formalises their commitment to work together to protect people from unwanted nuisance calls, spam messaging and the misuse of private and sensitive data.


SECURITY & TECH

French MPs voice sovereignty, competition concerns after Microsoft-Mistral AI deal

After Mistral AI and Microsoft announced their strategic partnership on Monday, sparking an outcry from lawmakers in the European Parliament, French MPs have voiced concern over the partnership’s impact on competition and sovereignty in the cloud sector.

Meta’s ‘consent or pay’ data grab in Europe faces new complaints

A controversial move by Meta last year, when it switched to charging users in the European Union for an ad-free subscription for access Facebook and/or Instagram unless they agreed to be tracked and profiled so it could keep running its attention-mining microtargeting ad business, has triggered a set of complaints from consumer rights groups. The complaints are being brought under the bloc’s data protection rules.

Cyberattack cost Munster Technological University more than €3m

The cyberattack that targeted Munster Technological University (MTU) last February has so far cost the educational institution €3.5 million. The university's annual report for 2022 outlined a number of measures it has taken to strengthen online security against any further cyberattacks. As a result of the cyberattack, the TU Cork campus was closed temporarily following the “significant” IT breach and phone outages.

US Justice Department appoints first Chief AI Officer

Attorney General Merrick B. Garland announced today the designation of Jonathan Mayer as the Justice Department’s first Chief Science and Technology Advisor and Chief Artificial Intelligence Officer.


DATA BREACH

Ireland: Dept of Foreign Affairs investigating potential cybersecurity incident

The Department of Foreign Affairs has said that it is investigating a potential cybersecurity incident involving its systems. It follows reports online that a newly established hacking group claimed that it had 7GB of compromised data from the Irish Department of Foreign Affairs for sale.

Microsoft Azure Hit With The Largest Data Breach In Its History; Hundreds Of Executive Accounts Compromised

For the first time in the history of Microsoft, a cyberattack has left hundreds of executive accounts compromised and caused a major user data leak as Microsoft Azure was attacked.

Huge cybersecurity leak lifts lid on world of China’s hackers for hire

A big leak of data from a Chinese cybersecurity firm has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including foreign governments, while hackers hoover up huge amounts of information on any person or institution who might be of interest to their prospective clients.


ENFORCEMENT

UK DPA: ICO orders Serco Leisure to stop using facial recognition technology to monitor attendance of leisure centre employees

The Information Commissioner’s Office has ordered public service provider Serco Leisure, Serco Jersey and seven associated community leisure trusts to stop using facial recognition technology and fingerprint scanning to monitor employee attendance.

Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data

Avast, the cybersecurity software company, is facing a $16.5 million fine after it was caught storing and selling customer information without their consent. The Federal Trade Commission announced the fine on Thursday and said that it’s banning Avast from selling user data for advertising purposes.


RESOURCES

📕 ENISA: Best Practices for Cyber Crisis Management

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends largely on the level of risk that EU Member States are prepared to tolerate (i.e. ‘risk appetite’).


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!