Privacy Transformation - Issue 27

PRIVACY

DPAs from DPC stage: Fines don't mean everything

DPAs from DPC stage: Fines don't mean everything

Concerns that the EU General Data Protection Regulation "isn't working" based on the fact there hasn't been a bevy of massive fines are ill informed.

Privacy 2030: A New Vision for Europe

Privacy 2030: A New Vision for Europe

Prior to his untimely death earlier this year, former European Data Protection Supervisor Giovanni Buttarelli shared his vision with friend, colleague and ally, Christian D'Cunha, who documents his thinking in "Privacy 2030: A Vision for Europe."

Spain starts tracking mobiles but denies spying

Spain starts tracking mobiles but denies spying

Millions of phone users in Spain are being followed this week but critics fear it is a step closer to spying.

I'm the Google whistleblower. The medical data of millions of Americans is at risk

When I learned that Google was acquiring the intimate medical records of 50 million patients, I couldn’t stay silent. I didn’t decide to blow the whistle on Google’s deal, known internally as the Nightingale Project, glibly. The decision came to me slowly, creeping on me through my day-to-day work as one of about 250 people in Google and Ascension working on the project.

SECURITY & TECH

Firefox’s fight for the future of the web

Two-thirds of us have been funnelled into using Google’s Chrome, but browser choice also hides a contest about the openness of the web and how data is collected about users. One organisation that has always put such issues to the forefront is Mozilla.

Microsoft updates terms on data privacy amid EU inquiry

Microsoft updates terms on data privacy amid EU inquiry

Microsoft said yesterday it was updating the privacy provisions of its commercial cloud contracts, after European regulators found its deals with European Union institutions that use its software products and services failed to protect data in line with EU law.

Brave warns US Senate & Congress: foreign state actors can use targeted ads to run code on US government computers, exploiting conventional browsers

Brave warns US Senate & Congress: foreign state actors can use targeted ads to run code on US government computers, exploiting conventional browsers

Brave has written to the US Senate and Congress Homeland Security Committees about a serious national security vulnerability.

Ad tech industry questions intentions behind Google’s latest privacy moves

Ad tech industry questions intentions behind Google’s latest privacy moves

Google announced last week that it will strip contextual content categories from the bid requests it sends to buyers via Google Ad Manager beginning February, which left some online advertising execs scratching their heads.

DATA BREACH

Liver patients exposed in data breach

Liver patients exposed in data breach

Patients at a Dublin-based company, which conducts liver scanning procedures, have been informed of a significant data breach affecting the company's email system.

Breach affecting 1 million was caught only after hacker maxed out target’s storage

Breach affecting 1 million was caught only after hacker maxed out target’s storage

The US Federal Trade Commission has sued an IT provider for failing to detect 20 hacking intrusions over a 22-month period, allowing the hacker to access the data for 1 million consumers. The provider only discovered the breach when the hacker maxed out the provider’s storage system.

GUIDANCE

ICO Blog: Why special category personal data needs to be handled even more carefully

ICO Blog: Why special category personal data needs to be handled even more carefully

The ICO has updated their guidance on special category data. This is their accompanying blog post.

The updated special category data guidance can be found here.

The guidance also references a useful Appropriate Policy Document template to aid in documenting a substantial public interest assessment.

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

The EDPB has published updated guidelines on Article 25 — Data Protection by Design and by Default

Guidance for Organisations on Phishing and Social Engineering Attacks

Guidance for Organisations on Phishing and Social Engineering Attacks

The Irish DPC has released updated guidance on Phishing and Social Engineering attacks.

Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)

Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)

The EDPB have published updated guidelines on the territorial scope of the GDPR, including clarifications on the data protection obligations of EU-based processors acting on behalf of non EU-based controllers.

Icelandic DPA offers children's privacy ruling

Icelandic DPA offers children's privacy ruling

The Icelandic Data Protection Authority has ruled Icelandic Health Insurance was right to request child custody verification in exchange for access to a child's personal information.

Guidelines on Privacy by Design - Spanish Data Protection Authority

The AEPD (the Spanish Data Protection Authority), has released guidance on Privacy by Design.

RESOURCES

White Paper – Talking Tech for Privacy Pros: The Organic Chemistry of Computer Science

White Paper – Talking Tech for Privacy Pros: The Organic Chemistry of Computer Science

In this fourth part in a series of white papers for technology pros, we’ll explore the organic chemistry of computer science, specifically data structures.