Privacy Transformation - Issue 3
This week in Privacy news Facebook lost its appeal in the Irish Supreme Court against a High Court referral regarding the validity of EU-US data transfers to the CJEU.
Max Schrems issued a statement in response to the decision noting that the case centres on a complaint he issued in 2013, and that after significant delays the CJEU is now planning to hear the case in July of this year after the Supreme Courts decision.
Having reached the CJEU, the case could have far-reaching remifications as the CJEU will also be validating whether the methods employed for data transfers including SCC's and Privacy Shield are legal.
Enjoy your round-up of Privacy news for the week.
- Alan
Facebook loses Supreme Court appeal in Max Schrems case
Facebook has lost its Supreme Court appeal against a High Court referral of key issues regarding the validity of EU-US data transfers to the Court of Justice of the EU.
CCPA Amendment Update June 2019 – Twelve Bills Survive Assembly and Move to the Senate
An update on the development of CCPA including amendments for consideration by the Senate such as a revision to the definition of personal information to that of information that is “reasonably linkable” to a consumer.
Microsoft quietly deletes largest public face recognition data set
Microsoft has quietly pulled from the internet its database of 10 million faces, which has been used to train facial recognition systems around the world, including by military researchers and Chinese firms such as SenseTime and Megvii.
Microsoft, which took down the database days after the Financial Times reported on its use by companies, said: “The site was intended for academic purposes. It was run by an employee that is no longer with Microsoft and has since been removed.”
Opinion of the Advocate General in the case C-18/18
In an Opinion issued by Advocate General Szpunar, Facebook can be ordered to seek and identify all comments identical to a defamatory comment that has been found to be illegal, and equivalent comments in so far as the latter originate from the same user, further putting the onus on the tech giant to put appropriate systems and processes in place to action data subject rights.
EDPS flags data protection issues on EU institutions’ websites
An inspection carried out by the European Data Protection Supervisor (EDPS) on the websites of major EU institutions and bodies revealed data protection and data security issues in seven out of the ten websites inspected.
EDPB Eleventh Plenary session: Guidelines on Codes of Conduct, annex to the Guidelines on Accreditation, annex to the Guidelines on Certification
On its Eleventh Plenary session, the EDPB adopted a final version of the Guidelines on Codes of Conduct, that should further act as a clear framework for all competent supervisory authorities, the Board and the European Commission to evaluate codes of conduct in a consistent manner and to streamline the procedures involved in the assessment process.
RESOURCES
Guidelines on the protection of personal data processed through web services provided by EU institutions
As part of the EDPS response to the inepection of institution websites that was carried out, reference to these guidelines were made. While written with EU Institution web services in mind, they can be similarly applied to other web services contexts.
Investigating Apps interactions with Facebook on Android
Privacy International has been investigating the proliferation of data tracking, brokerage and exchange between many tech companies, both as their primary business as well as value added services. You can read their report investigating App interactions with Facebook on the Android OS here.