Privacy Transformation - Issue 28
PRIVACY
How the ePrivacy Regulation talks failed again
This week, the Permanent Representatives Committee of the Council of the European Union once again rejected the latest draft of the ePrivacy Regulation. The Nov. 22 vote means that the member states still cannot agree on a common position.
MEPs choose Wiewiórowski to be the EU’s data protection watchdog
Mr Wojciech Wiewiórowski was selected by the Civil Liberties Committee as their top choice to become the next European Data Protection Supervisor.
Road surveillance system to give 100% video coverage of M50
Transport Infrastructure Ireland gives road monitoring system a €60m upgrade - every centimetre of the M50 will be available on camera 24 hours a day, seven days a week.
Chaayos cafe: Indian cafe's facial recognition use sparks anger
Indians have expressed concern after it emerged that a popular cafe chain - Chaayos - is using facial recognition software to bill customers. Experts are worried about private companies using the technology in the absence of privacy laws.
ICO Blog: Data ethics and the digital economy
The ICO have appointed their first data ethics adviser and in this post Simon McDougall, Executive Director for Technology Policy and Innovation at the ICO reflects on the overlap between ethics and data protection.
AI used for first time in job interviews in UK to find best applicants
Artificial intelligence (AI) and facial expression technology is being used for the first time in job interviews in the UK to identify the best candidates.
UK Department of Education criticised for secretly sharing children's data
he UK’s privacy regulator has criticised the Department for Education (DfE) for secretly sharing children’s personal data with the Home Office, triggering fears it could be used for immigration enforcement as part of the government’s hostile environment policy.
China Cables: The surveillance system behind the repression
Chinese government has massive data operation to monitor and police the mostly-Muslim ethnic population of Xinjiang.
Fifteenth Plenary Session: adopted documents
A list of the adopted documents from the fifteenth plenary session of the EDPB including:
- Report on the Third Annual Joint Review of the EU-US Privacy Shield
- Guidelines on the Territorial Scope of the GDPR (version following public consultation)
- Guidelines on Data Protection by Design and by Default
- Article 64 Opinion on ExxonMobil BCRs
- Response letter to LIBE on EU Information Systems
- Contribution to the consultation on a draft second additional protocol to the Budapest Convention on Cybercrime
Dept refuses to reveal lawyers' fees over Apple escrow fund
The Data Protection Commission has disagreed with claims by the Department of Finance that it cannot disclose details of fees paid to barristers because of data protection laws.
EDPS investigates European Parliament’s 2019 election activities and takes enforcement actions
The European Data Protection Supervisor (EDPS) is carrying out an investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary election, the Assistant EDPS announced today.
SECURITY & TECH
ENISA puts Cybersecurity in the driver's seat
ENISA, the European Union Agency for Cybersecurity highlights the importance of cybersecurity for connected cars in a new report.
The Hippocratic License: A new software license that prohibits uses that contravene the UN Universal Declaration of Human Rights
Coraline Ada Ehmke's Hippocratic License is a software license that permits the broad swathe of activities enabled by traditional free/open licenses, with one exception it bars use by: "individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of individuals or groups in violation of the United Nations Universal Declaration of Human Rights."
You can find the license here.
How can EU ports tackle new cyber threats?
ENISA, the European Union Agency for Cybersecurity publishes "Good practices for Cybersecurity in the Maritime Sector - Port Security", a report providing guidance for ports to strengthen their cybersecurity.
You can find the report itself linked in the Resources Section below.
ENISA publishes threat landscape of 5G networks - Digital Single Market
ENISA, the European Union Agency for Cybersecurity, publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecomunications networks (5G). This report complements the EU Member States report on EU-wide risk assessments on 5G security released in October 2019.
DATA BREACH
Criminal complaints to be lodged over personal data breaches in Turkey
The Turkish DPA will now be able to make criminal complaints against hackers.
Data Enrichment, People Data Labs and Another 622M Email Addresses
Troy Hunt, a security resercher examines the exposure of 622 million email addresses and enrished data profiles, including mine!
ENFORCEMENT
Spanish DPA issues 60K euro fine for GDPR violations
The Spanish data protection authority, the AEPD, fined Corporación de Radio y Televisión Española 60,000 euros for alleged violations of the EU General Data Protection Regulation. The AEPD found the company did not comply with Article 32 of the GDPR after it lost devices that contained sensitive personal information.
CNIL levies 500K euro fine for GDPR violations
France’s data protection authority, the CNIL, has fined Futura Internationale 500,000 euros for alleged violations of the EU General Data Protection Regulation.
COURTS
Resolution in AIB customer’s data breach action
A damages action by a man whose address was given by a then employee of the Department of Social Protection to a private detective hired by solicitors for AIB has been resolved at the High Court.
GUIDANCE
DPC - General Portable Storage Device Recommendations
The DPC has released guidance on portable device storage.
ICO - Guide to Law Enforcement Processing
The Guide to Law Enforcement Processing is part of our Guide to Data Protection. It is for those who have day-to-day responsibility for data protection in organisations with law enforcement functions.
RESOURCES
Privacy Not Included: A Buyer’s Guide for Connected Products
How creepy is that smart speaker, that fitness tracker, those wireless headphones? Mozilla created this guide to help you shop for safe, secure connected products.
Port Cybersecurity - Good practices for cybersecurity in the maritime sector
Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their cybersecurity strategy.