Privacy Transformation - Issue 33

PRIVACY

‘We have a huge problem’: European regulator despairs over lack of enforcement

More than 18 months after the European Union began implementing the world’s toughest privacy law, the bloc's ability to rein in Big Tech is increasingly in doubt amid growing frustration over a lack of enforcement actions and weak cooperation on investigations.

Privacy and data in 2019: We deserve better than surveillance capitalism

In terms of privacy and data protection, 2019 was another bumper year of issues, arguments, frustrations and weary resignation, eased by a (very) few reasons to be cheerful.

PPS numbers to verify voters’ identity in electoral register

Voters’ personal public service (PPS) numbers will be used to verify their identity as part of the most significant modernisation of the electoral register in more than a century.

Britain is running out of time to agree a data deal with Brussels

Britain is at “the end of the queue” for a deal with Brussels that would allow for the free flow of data across borders, an EU official has warned.

The many faces of facial recognition in the EU

Live facial recognition technology is increasingly used to identify people in public, often without their knowledge or properly-informed consent. Sometimes referred to as face surveillance, concerns about the use of these technologies in public places is gaining attention across Europe.

What Does California’s New Data Privacy Law Mean? Nobody Agrees

The statute was meant to standardise how companies disclose their consumer data-mining practices. So far, not so much.

A similar question is explored in a piece on The Guardian.

Colleges are turning students’ phones into surveillance machines, tracking the locations of hundreds of thousands

The systems highlight how widespread surveillance has increasingly become a fact of life: Students “should have all the rights, responsibilities and privileges that an adult has. So why do we treat them so differently?”

In 2020, let’s stop AI ethics-washing and actually do something

There’s more talk of AI ethics than ever before. But talk is just that—it’s not enough.

Exclusive: Pentagon warns military members DNA kits pose ‘personal and operational risks’

The Pentagon is advising members of the military not to use consumer DNA kits, saying the information collected by private companies could pose a security risk, according to a memo co-signed by the Defense Department’s top intelligence official.

SECURITY & TECH

Ireland - National Cyber Security Strategy

Ireland publishes updated national cyber security strategy.

Document available here.

Blocked in U.S., Huawei Touts ‘Shared Values’ to Compete in Europe

The Chinese tech giant is spending millions of dollars on a charm offensive in Brussels, hoping for a leading role in building 5G networks. It seems to be working.

UN gives green light to draft treaty to combat cybercrime

The U.N. General Assembly approved a resolution Friday that will start the process of drafting a new international treaty to combat cybercrime over objections from the European Union, the United States and other countries.

The millennium bug was real – and 20 years later we face the same threats

The Y2K problem is now seen as a bit of a joke – but only a fool would be complacent about the vulnerability of IT systems.

We've spent the decade letting our tech define us. It's out of control

We may come to remember this decade as the one when human beings finally realised we are up against something. We’re just not quite sure what it is.

In Stores, Secret Bluetooth Surveillance Tracks Your Every Move

As you shop, “beacons” are watching you, using hidden technology in your phone.

Ireland - GovTech Report

This report sets out the aspirations for GovTech for the next number of years and identifies measures that would show progress. The report then sets out eight summary actions that would be required to turn the aspirations into realities.

DATA BREACH

Government exposes addresses of new year honours recipients

Cabinet Office apologises after details of more than 1,000 people posted online in error.

Attack on Virgin Mobile Poland

Telecommunication services provider, Virgin Mobile informed their clients in Poland about unauthorized access to their systems and breach of personal data.

ENFORCEMENT

Cookies: Merry Christmas? New decision by litigation chamber of the Belgian data protection authority

The Belgian data protection authority (BDPA) has published a decision of 17 December 2019 of its litigation chamber in a case that relates to infringements of data protection & cookie consent rules to the tune of a 15,000 EUR fine.

CONVERSATIONS

Nicholas Vinocur (Politico) on Twitter - GDPR Enforcement

In this thread, Nicholas traces the implementation (or perceived lack thereof) of the GDPR, noting how big tech are still skirting the law, with a lack of enforcement contributing to their preference to flout it, rather than fundamentally change their practices.

GUIDANCE

Guidance from Data Protection Authorities in 2019

A list of guidance issued by various European data protection authorities in 2019.

ICO consultation on the draft right of access guidance

The ICO has drafted more detailed guidance which explains in greater detail the rights that individuals have to access their personal data and the obligations on controllers. The draft guidance also explores the special rules involving certain categories of personal data, how to deal with requests involving the personal data of others, and the exemptions that are most likely to apply in practice when handling a request.

Consultation closes on 12 February 2020.

Draft Guidance available here & you can access the survey here.