Privacy Transformation - Issue 261

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.


PRIVACY & SECURITY

European privacy regulator blasts Meta’s ‘pay-or-okay’

The European Data Protection Board is issuing a negative opinion on Meta’s pay-or-okay revenue model, where users pay a subscription to opt out of targeted advertising. The EDPB believes that choice is unfair and has argued that the privacy risk of the current and model is too great as most users are either unclear about or don’t know how their data is collected and used.

✍🏻 UK NCSC: "What's happened to my data?"

The UK National Cyber Security Centre has published a blog post on ransomware attacks. It sets out the tactics used by cybercriminals including the emerging trend of data theft and extortion.


DATA BREACH

Helsinki suffers data breach after hackers exploit unpatched flaw

The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024, the city's authorities have now shared more details.

Dell data breach involves customers’ physical addresses

The company issued an email to customers alerting them of the breach but said it believes there is ‘not a significant risk’ due to the type of information involved.


ENFORCEMENT

Meta appeal against €265m DPC fine adjourned until after EU decision

An appeal made by Meta against a €265m fine has been adjourned by the High Court until a related case is resolved in the EU courts. In a judgement published 10th May, Justice Garrett Simons of the High Court said that the €265m fine imposed by the Irish Data Protection Commission in November 2022 will not be legally effective until the EU Court of Justice resolves another appeal made by Meta against a €225m fine imposed by the DPC on WhatsApp.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!