Privacy Transformation - Issue 29

PRIVACY

Public Services Card: Doherty insists data commissioner misinterpreted law

Minister for Social Protection Regina Doherty has insisted the Data Protection Commissioner has misinterpreted the law governing the use of the Public Services Card.

Portland plans to propose the strictest facial recognition ban in the country

Portland, Oregon, aims to ban the use of the controversial technology not only by city government, but also by private companies. By taking such measures to preserve privacy, are cities such as Portland positioning themselves to be the surveillance-free santuary cities of the future?

Stepping up: Wiewiórowski voted next EDPS

Sometimes the best way to make progress is to stay the course. That appears to be a shared line of thinking between the European Council and European Parliament as it relates to the position of European data protection supervisor.

China brings in mandatory facial recognition for mobile phone users

All mobile phone users in China registering new SIM cards must submit to facial recognition scans, according to a new rule that went into effect across the country on Sunday.

EDPS looks back on a pivotal five years for data protection

The past five years have witnessed significant changes in European and international approaches to data protection. However, while considerable progress has been made towards ensuring that individuals are able to exercise and maintain control over their digital lives, many significant challenges still remain and must be overcome.

DPC Public Consultation on Target Outcomes

This consultation document the DPC's target outcomes is the first of two rounds of open public consultation, as part of the development of the new Regulatory Strategy.

SECURITY & TECH

How To Secure The Internet: Troy Hunt Talks Breaches, Passwords And IoT

The renowned security researcher and HaveIBeenPwned creator talks password security, IoT and details breaking down a very disturbing breach in an exclusive interview.

Cybersecurity certification: lifting the EU into the cloud

In accordance with article 48(2) of the EU Cybersecurity Act, the European Commission has requested ENISA to prepare a cybersecurity certification candidate scheme for cloud services, taking into account existing and relevant schemes and standards.

DATA BREACH

Millions of SMS messages exposed in database security lapse

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online.

Washington State AG report shows data breaches increased in 2019

Washington State Attorney General Bob Ferguson released his fourth annual Data Breach Report. The report shows that data breaches increased by nearly 20 percent in 2019. The report also shows that breaches affected fewer Washingtonians in 2019 due to the relative size of the breaches.

Of note, 72% of data breaches are attributed to malicious cyber attack. The report can be found here.

ENFORCEMENT

Fine against hospital due to data protection deficits in patient management

The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate.

Belgian DPA issues €10,000 in administrative fines for misuse of personal data

The DPA issued the fines to punish the misuse of personal data by a mayor and an alderman with a view to aiding their re-election during the election campaign of October 2018. [story is in French]

RESOURCES

ENISA proposes Best Practices and Techniques for Pseudonymisation

The European Union Agency for Cybersecurity (ENISA) published a new report on “Pseudonymisation Techniques and Best Practices”, which explores the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice.

The report can be found here.

ICO, CNIL, German and Spanish DPA revised cookies guidelines: Convergence and divergence

The IAPP have updated their cookie comparison resource, highlighting the similarities and differences in approach to website cookie consent management. This latest update reflects the latest guidance issued by the Spanish data protection authority, the AEPD.