Privacy Transformation - Issue 258

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.


PRIVACY

Meta defends subscription model after ‘wishy-washy’ rebuke from top EU data agency

Ireland’s Data Protection Commission is currently assessing Meta’s pay or consent model – the legality of which has now been questioned by EU regulators.

US Senate Passes Two-Year Extension of Surveillance Law Just After It Expired

The law lapsed only briefly after a late-night deal that allowed votes on privacy advocates’ proposed changes, all of which were defeated.

Dutch privacy watchdog urges action on traffic light tracking

The Dutch data protection authority has urged the infrastructure ministry to take action about the growing number of traffic lights that have been fitted with software, allowing them to track road users.

The EDPB issued its opinion on the pay-or-consent models being deployed by large online platforms as a legal construct to support behavioural advertising. This follows a January 2023 decision by Ireland's Data Protection Commission invalidating contract as a legal basis for the processing of personal data carried out for behavioural advertising. The DPC issued Meta a 390 million euro fine and forced the company to rethink its practice.


ENFORCEMENT

UK DPA: ICO fines two companies a total of £340,000 for making aggressive and unwanted marketing calls

The Information Commissioner’s Office has fined Cardiff-based Outsource Strategies Ltd £240,000 and London-based Dr Telemarketing Ltd £100,000 after the companies made a total of almost 1.43 million calls to people on the UK’s “do not call” register, the Telephone Preference Service.

Grindr sued for allegedly revealing users' HIV status

Grindr, the world's biggest dating app for the LGBT community, is being sued for allegedly sharing personal information such as people's HIV status with third parties. According to the claim, lodged at the High Court in London, "covert tracking technology" was deployed, and highly sensitive information was illegally shared with advertisers.

UK DPA: Dr Telemarketing fined £100,000 for unsolicited marketing calls

Dr Telemarketing made 80,240 unsolicited direct marketing calls to subscribers who were registered with the Telephone Preference Service and who had not notified the company that they were willing to receive such calls.


GUIDANCE & OPINIONS

EDPB: Rules of Procedure on the Data Protection Framework redress mechanism for national security purposes

Rules of Procedure on the cooperation and respective roles of national SAs and the EDPB Secretariat regarding the submission of complaints in the redress mechanism available to EU individuals in relation to alleged violations of U.S law with respect to their data collected by U.S. authorities competent for national security.

🔗 RELATED:

RESOURCES

📗 EDPB Annual Report 2023: Safeguarding individuals’ digital rights

The EDPB has launched its 2023 Annual Report. The report provides an overview of the work carried out by the EDPB in the previous year and reflects on important milestones. In addition, it includes examples of enforcement by data protection authorities at national level.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!