Privacy Transformation - Issue 29
PRIVACY
Public Services Card: Doherty insists data commissioner misinterpreted law
Minister for Social Protection Regina Doherty has insisted the Data Protection Commissioner has misinterpreted the law governing the use of the Public Services Card.
Portland plans to propose the strictest facial recognition ban in the country
Portland, Oregon, aims to ban the use of the controversial technology not only by city government, but also by private companies. By taking such measures to preserve privacy, are cities such as Portland positioning themselves to be the surveillance-free santuary cities of the future?
Stepping up: Wiewiórowski voted next EDPS
Sometimes the best way to make progress is to stay the course. That appears to be a shared line of thinking between the European Council and European Parliament as it relates to the position of European data protection supervisor.
China brings in mandatory facial recognition for mobile phone users
All mobile phone users in China registering new SIM cards must submit to facial recognition scans, according to a new rule that went into effect across the country on Sunday.
EDPS looks back on a pivotal five years for data protection
The past five years have witnessed significant changes in European and international approaches to data protection. However, while considerable progress has been made towards ensuring that individuals are able to exercise and maintain control over their digital lives, many significant challenges still remain and must be overcome.
DPC Public Consultation on Target Outcomes
This consultation document the DPC's target outcomes is the first of two rounds of open public consultation, as part of the development of the new Regulatory Strategy.
SECURITY & TECH
How To Secure The Internet: Troy Hunt Talks Breaches, Passwords And IoT
The renowned security researcher and HaveIBeenPwned creator talks password security, IoT and details breaking down a very disturbing breach in an exclusive interview.
Cybersecurity certification: lifting the EU into the cloud
In accordance with article 48(2) of the EU Cybersecurity Act, the European Commission has requested ENISA to prepare a cybersecurity certification candidate scheme for cloud services, taking into account existing and relevant schemes and standards.
DATA BREACH
Millions of SMS messages exposed in database security lapse
A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online.
Washington State AG report shows data breaches increased in 2019
Washington State Attorney General Bob Ferguson released his fourth annual Data Breach Report. The report shows that data breaches increased by nearly 20 percent in 2019. The report also shows that breaches affected fewer Washingtonians in 2019 due to the relative size of the breaches.
Of note, 72% of data breaches are attributed to malicious cyber attack. The report can be found here.
ENFORCEMENT
Fine against hospital due to data protection deficits in patient management
The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate.
Belgian DPA issues €10,000 in administrative fines for misuse of personal data
The DPA issued the fines to punish the misuse of personal data by a mayor and an alderman with a view to aiding their re-election during the election campaign of October 2018. [story is in French]
RESOURCES
ENISA proposes Best Practices and Techniques for Pseudonymisation
The European Union Agency for Cybersecurity (ENISA) published a new report on “Pseudonymisation Techniques and Best Practices”, which explores the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice.
The report can be found here.
ICO, CNIL, German and Spanish DPA revised cookies guidelines: Convergence and divergence
The IAPP have updated their cookie comparison resource, highlighting the similarities and differences in approach to website cookie consent management. This latest update reflects the latest guidance issued by the Spanish data protection authority, the AEPD.