Privacy Transformation - Issue 252
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
Europe’s landmark AI Act passes Parliament vote
European lawmakers have voted to pass a landmark regulation on artificial intelligence in Strasbourg, a file that had garnered major lobbying attention from large tech companies over the past few years.
🔗 RELATED: ✏️ Opinion: EU’s much-heralded AI Act agreed by EU Parliament – but serious human rights holes in law remain
DATA BREACH
HSE suffers IT glitch that leaves data of more than one million people vulnerable to hackers
The HSE suffered an IT glitch that weakened security around the vaccination details of more than one million people, the agency has admitted. The organisation “misconfigured” a Covid-related database in December of 2021, a spokesperson said, opening the details of more than a million people up to potential exploitation.
🔗 RELATED:
- HSE says ‘misconfiguration’ of Covid vaccine dataset did not result in ‘unauthorised viewing’ of data
- A bug in an Irish government website that exposed COVID-19 vaccination records took 2 years to publicly disclose
French unemployment agency data breach impacts 43 million people
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
ENFORCEMENT
EDPS: European Commission’s use of Microsoft 365 infringes data protection law for EU institutions and bodies
Following its investigation, the EDPS has found that the European Commission has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission (see annex for detailed excerpt).
🔗 RELATED: EU Commission breached data protection rules using Microsoft 365, EU watchdog found
UK DPA: ICO reprimands London Mayor's Office for Policing and Crime for complaint web form error
The London Mayor’s Office has today been reprimanded by the Information Commissioner’s Office for a web glitch that potentially revealed the personal information of people who were complaining about the Metropolitan Police Service.
Italian DPA: Italy's data watchdog looks into Open AI tool that turns text into video
Italy's data protection agency said on Friday it had opened an investigation into a service developed by Microsoft-backed Open AI that can generate videos based on text prompts. The regulator, known as Garante, asked Open AI to clarify whether the way it informs users and non users about the data it employs for its product, known as Sora, is in line with European Union regulations.
RESOURCES
📕 ENISA: Remote ID Proofing - Good practices
Through this report, ENISA aims to enhance stakeholder awareness, facilitate risk analysis in evolving threat landscapes, and bolster trustworthiness in remote identity proofing methods.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!