Privacy Transformation - Issue 253
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
Oireachtas Justice Committee raises concerns over plans to reform key data protection laws
The Oireachtas Justice Committee has written to European Commission chief Ursula von der Leyen to raise concerns over plans to reform key data protection laws. Proposals to reform the General Data Protection Regulation came in mid-2023, with the European Commission seeking to deal with issues related to ‘cross-border’ investigations into data protection breaches.
ECJ rules against EU law on fingerprints in national IDs
The European Court of Justice has ruled that a 2019 EU regulation obliging EU citizens to give their fingerprints for national identification cards was founded on the wrong legal basis, declaring the EU law entirely invalid.
DPC: Launch of coordinated enforcement action on the right of access
The Irish Data Protection Commission has announced its participation in the European Data Protection Board’s 2024 Coordinated Enforcement Framework. 31 Supervisory Authorities across the European Economic Area will take part in the CEF throughout 2024 which is focussing on the “right of access” in accordance with Article 15 of the General Data Protection Regulation.
✍🏻 Opinion: Pressure is on Ireland to appoint AI regulator as EU passes AI Act
The far-reaching law on artificial intelligence is expected to come into force in May, but as yet there is no indication of who will be responsible for regulating AI in Ireland.
Meta offers to slash fees for ads-free Facebook and Instagram to avert EU privacy concerns
Meta Platforms has offered to almost halve its monthly subscription fee for Facebook and Instagram to €5.99 from €9.99, a senior Meta executive has said, a move that aims to address concerns from privacy and competition regulators.
SECURITY & TECH
AI Act’s global effects might be overstated, experts say
The policymakers behind the EU’s AI Act, passed by the European Parliament with a large majority on 13 March, aimed to set a new global standard for regulating the technology, but not everyone agrees the impact will be as vast as promised.
Ireland gambles on China’s big tech billions
Just as Western security chiefs are cracking down on Chinese tech giants like TikTok, the Irish government is opening its arms to more. Booming Chinese-owned companies like the popular e-commerce apps Temu and Shein have joined a wave of new tech firms from China that are now helping drive Ireland’s economy. It’s all quite deliberate. It’s also potentially risky.
🔗 RELATED: Should governments ban TikTok - and can they really ban an app?
Airbnb bans hosts from using indoor security cameras in rentals
Airbnb is banning the use of indoor security cameras in rentals around the world by the end of next month. The San Francisco-based online rental platform said it is seeking to “simplify” its security-camera policy while prioritizing privacy. [Read Airbnb Statement]
DATA BREACH
Ireland: Prevention guide for data leak was available one year before HSE vaccine portal compromised
A prevention guide for the HSE data leak that left the vaccination information of one million people available was published one year before the incident, according to the security researcher who brought it to light. A computer glitch meant the HSE’s Covid vaccination portal left the data of one million people vulnerable.
UK watchdog to assess Princess of Wales medical record breach claim
Britain's data watchdog said it was looking into a report that staff at the hospital where Catherine, Princess of Wales, underwent abdominal surgery in January, had attempted to access her private health records. The report in the Daily Mirror said managers at The London Clinic, where King Charles was also treated in January, were investigating claims that at least one member of staff had been caught trying to access Kate's medical notes.
🔗 RELATED: ICO statement in response to reports of data breach at The London Clinic
How TechCrunch verifies a data breach
Every data breach is different and requires a unique approach to determine the validity of the data. Verifying a data breach as authentic will require using different tools and techniques, and looking for clues that can help identify where the data came from.
ENFORCEMENT
UK DPA: ICO issues enforcement notice for failing to assess privacy risks posed to people arriving in the UK by unauthorised means
An enforcement notice and a warning have been issued to the Home Office for failing to assess the privacy risks posed by the electronic monitoring of people arriving in the UK by unauthorised means.
GUIDANCE & OPINIONS
UK DPA: ICO publishes new fining guidance
The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines. The guidance provides greater transparency for organisations about how the ICO goes about using its fining power.
RESOURCES
▶ EDPS Talk: With the vast amount of data collected and the powerful data analytics at disposal, we are on the path to a privacy dystopia
“20 Talks” is a series of insightful discussions with experts and influential personalities across diverse domains, looking into the profound implications of privacy and data protection within their specific spheres. In this episode, our guest is Daniel J. Solove, Professor of Intellectual Property and Technology Law, George Washington University Law School and President & CEO of TeachPrivacy.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!