Privacy Transformation - Issue 26
PRIVACY
DNA collection firm focus of data protection inquiry
A State-backed company that plans to collect the DNA of hundreds of thousands of Irish people is being probed by the Data Protection Commissioner, following complaints about the way it gathers information.
Archiving and Accountability: The 46th EDPS-DPO meeting
The essence of data protection is of course about protecting the rights and freedoms of individuals, but this does not mean that data protection and archiving in the public interest have to be at odds. On the contrary, archives keep public administrations, governments and society at large accountable, and efficient data protection safeguards support effective records and archives management.
European Data Protection Board Fifteenth Plenary session
Fifteenth Plenary session: Privacy Shield Review, Guidelines on Territorial Scope, Guidelines on Data Protection by Design & Default, Art. 64 Opinion on Exxon Mobil BCRs, Response letter to LIBE, Additional Protocol Budapest Convention
New ePrivacy draft released ahead of WP TELE meetings
Ahead of meetings with the Working Party on Telecommunications and Information Society, the Finnish Presidency of the Council of the European Union has released a new version of the proposed ePrivacy Regulation.
Pulling mandatory PSC for passports had 'whole of government repercussions', civil servants warned
New documents have shown how the Passport Office considered its options before pulling the PSC as a mandatory requirement.
PAC rightly refuses to swallow ‘blame it on GDPR’ excuse
Data Protection Commissioner Helen Dixon has provided information to this newspaper showing how her office had continued to publish or release details of payments to third parties, including barristers, even after the introduction of GDPR, in sharp contrast to the position taken by the Department of Finance
Unpacking the FTC's comments on NIST's draft Privacy Framework
The U.S. Federal Trade Commission recently voted unanimously in support of the submission of staff comments on the National Institute of Standards and Technology’s preliminary draft "Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management."
SECURITY & TECH
Data Protection Commission engaging with Revolut as a "matter of urgency" over privacy changes
The Irish Data Protection Commission (DPC) has said that it will be engaging with financial technology company Revolut as "a matter of urgency" over their new policy changes.
Move Over Chrome, Brave May Just be The Coolest Privacy Focused Browser You Need
The browser has emerged out of the beta test phase, and already has 8.7 million users.
Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans
Google is teaming with one of the country’s largest health-care systems on an ambitious project named “Project Nightingale” to collect and crunch detailed health information of millions of Americans across 21 states.
One of the world’s most advanced hacking groups debuts new Titanium backdoor
Malware hides at every step by mimicking common software in long multi-stage execution.
DATA BREACH
Breach of Leading Domain Name Registrar Could Lead to an Explosion in Phishing Scams
Domain name registrar Web.com announced a data breach that could lead to an explosion of phishing scams as the exposed personal information can be connected directly to websites and their owners.
ENFORCEMENT
Spanish DPA issues 12K euro fine for GDPR violations
The Spanish data protection authority, the Agencia Española de Protección de Datos, has fined Madrileña Red de Gas 12,000 euros for alleged violations of the EU General Data Protection Regulation.
GUIDELINES
Spanish DPA releases guide on cookies
The Spanish data protection authority, the AEPD, released a new guide on the use of cookies that is inconsistent with other Data Protection Authorities. In summary, the guidance states:
- browsing another webpage
- scrolling a website
- closing a cookie banner
- clicking on content
amounts to an “affirmative action” and hence is valid consent. This is in contrast to guidance from CNIL, the ICO, the Irish Data Protection Commission and others.
CNIL Adopts List of Processing Operations not Requiring a DPIA
The GDPR provides that data protection authorities can compile a list of treatments for which a data protection impact assessment is not mandatory. The CNIL adopted its final list on September 12, after submitting a draft to the European Data Protection Board.