Privacy Transformation - Issue 28

PRIVACY

How the ePrivacy Regulation talks failed again

How the ePrivacy Regulation talks failed again

This week, the Permanent Representatives Committee of the Council of the European Union once again rejected the latest draft of the ePrivacy Regulation. The Nov. 22 vote means that the member states still cannot agree on a common position.

MEPs choose Wiewiórowski to be the EU’s data protection watchdog

MEPs choose Wiewiórowski to be the EU’s data protection watchdog

Mr Wojciech Wiewiórowski was selected by the Civil Liberties Committee as their top choice to become the next European Data Protection Supervisor.

Road surveillance system to give 100% video coverage of M50

Road surveillance system to give 100% video coverage of M50

Transport Infrastructure Ireland gives road monitoring system a €60m upgrade - every centimetre of the M50 will be available on camera 24 hours a day, seven days a week.

Chaayos cafe: Indian cafe's facial recognition use sparks anger

Chaayos cafe: Indian cafe's facial recognition use sparks anger

Indians have expressed concern after it emerged that a popular cafe chain - Chaayos - is using facial recognition software to bill customers. Experts are worried about private companies using the technology in the absence of privacy laws.

ICO Blog: Data ethics and the digital economy

ICO Blog: Data ethics and the digital economy

The ICO have appointed their first data ethics adviser and in this post Simon McDougall, Executive Director for Technology Policy and Innovation at the ICO reflects on the overlap between ethics and data protection.

AI used for first time in job interviews in UK to find best applicants

AI used for first time in job interviews in UK to find best applicants

Artificial intelligence (AI) and facial expression technology is being used for the first time in job interviews in the UK to identify the best candidates.

UK Department of Education criticised for secretly sharing children's data

he UK’s privacy regulator has criticised the Department for Education (DfE) for secretly sharing children’s personal data with the Home Office, triggering fears it could be used for immigration enforcement as part of the government’s hostile environment policy.

China Cables: The surveillance system behind the repression

China Cables: The surveillance system behind the repression

Chinese government has massive data operation to monitor and police the mostly-Muslim ethnic population of Xinjiang.

Fifteenth Plenary Session: adopted documents

Fifteenth Plenary Session: adopted documents

A list of the adopted documents from the fifteenth plenary session of the EDPB including:

Dept refuses to reveal lawyers' fees over Apple escrow fund

Dept refuses to reveal lawyers' fees over Apple escrow fund

The Data Protection Commission has disagreed with claims by the Department of Finance that it cannot disclose details of fees paid to barristers because of data protection laws.

EDPS investigates European Parliament’s 2019 election activities and takes enforcement actions

EDPS investigates European Parliament’s 2019 election activities and takes enforcement actions

The European Data Protection Supervisor (EDPS) is carrying out an investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary election, the Assistant EDPS announced today.

SECURITY & TECH

ENISA puts Cybersecurity in the driver's seat

ENISA puts Cybersecurity in the driver's seat

ENISA, the European Union Agency for Cybersecurity highlights the importance of cybersecurity for connected cars in a new report.

The Hippocratic License: A new software license that prohibits uses that contravene the UN Universal Declaration of Human Rights

The Hippocratic License: A new software license that prohibits uses that contravene the UN Universal Declaration of Human Rights

Coraline Ada Ehmke's Hippocratic License is a software license that permits the broad swathe of activities enabled by traditional free/open licenses, with one exception it bars use by: "individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of individuals or groups in violation of the United Nations Universal Declaration of Human Rights."

You can find the license here.

How can EU ports tackle new cyber threats?

How can EU ports tackle new cyber threats?

ENISA, the European Union Agency for Cybersecurity publishes "Good practices for Cybersecurity in the Maritime Sector - Port Security", a report providing guidance for ports to strengthen their cybersecurity.

You can find the report itself linked in the Resources Section below.

ENISA publishes threat landscape of 5G networks - Digital Single Market

ENISA, the European Union Agency for Cybersecurity, publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecomunications networks (5G). This report complements the EU Member States report on EU-wide risk assessments on 5G security released in October 2019.

DATA BREACH

Criminal complaints to be lodged over personal data breaches in Turkey

Criminal complaints to be lodged over personal data breaches in Turkey

The Turkish DPA will now be able to make criminal complaints against hackers.

Data Enrichment, People Data Labs and Another 622M Email Addresses

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt, a security resercher examines the exposure of 622 million email addresses and enrished data profiles, including mine!

ENFORCEMENT

Spanish DPA issues 60K euro fine for GDPR violations

Spanish DPA issues 60K euro fine for GDPR violations

The Spanish data protection authority, the AEPD, fined Corporación de Radio y Televisión Española 60,000 euros for alleged violations of the EU General Data Protection Regulation. The AEPD found the company did not comply with Article 32 of the GDPR after it lost devices that contained sensitive personal information.

CNIL levies 500K euro fine for GDPR violations

CNIL levies 500K euro fine for GDPR violations

France’s data protection authority, the CNIL, has fined Futura Internationale 500,000 euros for alleged violations of the EU General Data Protection Regulation.

COURTS

Resolution in AIB customer’s data breach action

Resolution in AIB customer’s data breach action

A damages action by a man whose address was given by a then employee of the Department of Social Protection to a private detective hired by solicitors for AIB has been resolved at the High Court.

GUIDANCE

DPC - General Portable Storage Device Recommendations

The DPC has released guidance on portable device storage.

ICO - Guide to Law Enforcement Processing

The Guide to Law Enforcement Processing is part of our Guide to Data Protection. It is for those who have day-to-day responsibility for data protection in organisations with law enforcement functions.

RESOURCES

Privacy Not Included: A Buyer’s Guide for Connected Products

Privacy Not Included: A Buyer’s Guide for Connected Products

How creepy is that smart speaker, that fitness tracker, those wireless headphones? Mozilla created this guide to help you shop for safe, secure connected products.

Port Cybersecurity - Good practices for cybersecurity in the maritime sector

Port Cybersecurity - Good practices for cybersecurity in the maritime sector

Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their cybersecurity strategy.