Privacy Transformation - Issue 27
PRIVACY
DPAs from DPC stage: Fines don't mean everything
Concerns that the EU General Data Protection Regulation "isn't working" based on the fact there hasn't been a bevy of massive fines are ill informed.
Privacy 2030: A New Vision for Europe
Prior to his untimely death earlier this year, former European Data Protection Supervisor Giovanni Buttarelli shared his vision with friend, colleague and ally, Christian D'Cunha, who documents his thinking in "Privacy 2030: A Vision for Europe."
Spain starts tracking mobiles but denies spying
Millions of phone users in Spain are being followed this week but critics fear it is a step closer to spying.
I'm the Google whistleblower. The medical data of millions of Americans is at risk
When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent. I didn’t decide to blow the whistle on Google’s deal, known internally as the Nightingale Project, glibly. The decision came to me slowly, creeping on me through my day-to-day work as one of about 250 people in Google and Ascension working on the project.
SECURITY & TECH
Firefox’s fight for the future of the web
Two-thirds of us have been funnelled into using Google’s Chrome, but browser choice also hides a contest about the openness of the web and how data is collected about users. One organisation that has always put such issues to the forefront is Mozilla.
Microsoft updates terms on data privacy amid EU inquiry
Microsoft said yesterday it was updating the privacy provisions of its commercial cloud contracts, after European regulators found its deals with European Union institutions that use its software products and services failed to protect data in line with EU law.
Brave warns US Senate & Congress: foreign state actors can use targeted ads to run code on US government computers, exploiting conventional browsers
Brave has written to the US Senate and Congress Homeland Security Committees about a serious national security vulnerability.
Ad tech industry questions intentions behind Google’s latest privacy moves
Google announced last week that it will strip contextual content categories from the bid requests it sends to buyers via Google Ad Manager beginning February, which left some online advertising execs scratching their heads.
DATA BREACH
Liver patients exposed in data breach
Patients at a Dublin-based company, which conducts liver scanning procedures, have been informed of a significant data breach affecting the company's email system.
Breach affecting 1 million was caught only after hacker maxed out target’s storage
The US Federal Trade Commission has sued an IT provider for failing to detect 20 hacking intrusions over a 22-month period, allowing the hacker to access the data for 1 million consumers. The provider only discovered the breach when the hacker maxed out the provider’s storage system.
GUIDANCE
ICO Blog: Why special category personal data needs to be handled even more carefully
The ICO has updated their guidance on special category data. This is their accompanying blog post.
The updated special category data guidance can be found here.
The guidance also references a useful Appropriate Policy Document template to aid in documenting a substantial public interest assessment.
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
The EDPB has published updated guidelines on Article 25 — Data Protection by Design and by Default
Guidance for Organisations on Phishing and Social Engineering Attacks
The Irish DPC has released updated guidance on Phishing and Social Engineering attacks.
Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)
The EDPB have published updated guidelines on the territorial scope of the GDPR, including clarifications on the data protection obligations of EU-based processors acting on behalf of non EU-based controllers.
Icelandic DPA offers children's privacy ruling
The Icelandic Data Protection Authority has ruled Icelandic Health Insurance was right to request child custody verification in exchange for access to a child's personal information.
Guidelines on Privacy by Design - Spanish Data Protection Authority
The AEPD (the Spanish Data Protection Authority), has released guidance on Privacy by Design.
RESOURCES
White Paper – Talking Tech for Privacy Pros: The Organic Chemistry of Computer Science
In this fourth part in a series of white papers for technology pros, we’ll explore the organic chemistry of computer science, specifically data structures.