Privacy Transformation - Issue 258
Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.
PRIVACY
Meta defends subscription model after ‘wishy-washy’ rebuke from top EU data agency
Ireland’s Data Protection Commission is currently assessing Meta’s pay or consent model – the legality of which has now been questioned by EU regulators.
US Senate Passes Two-Year Extension of Surveillance Law Just After It Expired
The law lapsed only briefly after a late-night deal that allowed votes on privacy advocates’ proposed changes, all of which were defeated.
Dutch privacy watchdog urges action on traffic light tracking
The Dutch data protection authority has urged the infrastructure ministry to take action about the growing number of traffic lights that have been fitted with software, allowing them to track road users.
✍🏻 A view from Brussels: Behavioural advertising and consent, signs of a tide
The EDPB issued its opinion on the pay-or-consent models being deployed by large online platforms as a legal construct to support behavioural advertising. This follows a January 2023 decision by Ireland's Data Protection Commission invalidating contract as a legal basis for the processing of personal data carried out for behavioural advertising. The DPC issued Meta a 390 million euro fine and forced the company to rethink its practice.
ENFORCEMENT
UK DPA: ICO fines two companies a total of £340,000 for making aggressive and unwanted marketing calls
The Information Commissioner’s Office has fined Cardiff-based Outsource Strategies Ltd £240,000 and London-based Dr Telemarketing Ltd £100,000 after the companies made a total of almost 1.43 million calls to people on the UK’s “do not call” register, the Telephone Preference Service.
Grindr sued for allegedly revealing users' HIV status
Grindr, the world's biggest dating app for the LGBT community, is being sued for allegedly sharing personal information such as people's HIV status with third parties. According to the claim, lodged at the High Court in London, "covert tracking technology" was deployed, and highly sensitive information was illegally shared with advertisers.
UK DPA: Dr Telemarketing fined £100,000 for unsolicited marketing calls
Dr Telemarketing made 80,240 unsolicited direct marketing calls to subscribers who were registered with the Telephone Preference Service and who had not notified the company that they were willing to receive such calls.
GUIDANCE & OPINIONS
EDPB: Rules of Procedure on the Data Protection Framework redress mechanism for national security purposes
Rules of Procedure on the cooperation and respective roles of national SAs and the EDPB Secretariat regarding the submission of complaints in the redress mechanism available to EU individuals in relation to alleged violations of U.S law with respect to their data collected by U.S. authorities competent for national security.
🔗 RELATED:
- Information Note on the Data Protection Framework redress mechanism for national security purposes
- Rules of Procedure for the “Informal Panel of EU DPAs” according to the EU-US Data Privacy Framework
- Template Complaint Form to the U.S. Office of the Director of National Intelligence’s Civil Liberties Protection Officer
RESOURCES
📗 EDPB Annual Report 2023: Safeguarding individuals’ digital rights
The EDPB has launched its 2023 Annual Report. The report provides an overview of the work carried out by the EDPB in the previous year and reflects on important milestones. In addition, it includes examples of enforcement by data protection authorities at national level.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!