Privacy Transformation - Issue 36

PRIVACY

Irish organisations struggle to comply fully with GDPR

Just 8 per cent of Irish organisations believe they are fully compliant with EU digital privacy regulations, according to a new survey.

18 months after the introduction of the GDPR, the study shows that companies are still struggling to come to grips with the legislation. The number of organisations reporting a data breach to authorities rose to 71 per cent among those surveyed, up from 51 per cent last year.

62% of organisations say regulation places excessive administrative burden on them.

44% feel their chief executives are fully engaged with the law and its possible impact on their organisation.

SECURITY & TECH

Facial recognition: EU considers ban of up to five years

The European Commission wants time to work out how to prevent the technology being abused.

Techradar is also reporting on this story.

Facebook blocks the Spinner's 'brainwashing' tech

Social network orders the Spinner to stop targeting its users with "disguised" ads.

Tech Products, Culture Are 'Designed Intentionally for Mass Deception': Ex-Google Ethicist Testifies

An ex-Google ethicist warns Congress that tech products and culture are "designed intentionally for mass deception" and the entire digital space has become a "dark infrastructure."

Brave Opinion - The ICO’s failure to act on RTB, the largest data breach ever recorded in the UK

The UK Information Commissioner has announced that it will be taking no substantive action to end the largest data breach ever recorded in the UK. The “Real-Time Bidding” data breach at the heart of RTB market exposes every person in the UK to mass profiling, and the attendant risks of manipulation and discrimination. Regulatory ambivalence cannot continue.

The Secretive Company That Might End Privacy as We Know It

A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.

Engadget also has reporting on this story.

Exclusive: Apple dropped plan for encrypting backups after FBI complained

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

Amazon Echo’s privacy issues go way beyond voice recordings

Amazon Echo and the Alexa voice assistant have had widely publicised issues with privacy. Whether it is the amount of data they collect or the fact that they reportedly pay employees and, at times, external contractors from all over the world to listen to recordings to improve accuracy, the potential is there for sensitive personal information to be leaked through these devices.

Privacy Perspectives - Why this risk management best practice is not fit for digital innovation

Innovation requires a culture of openness and transparency, where mistakes can be made, dilemmas raised and discussed, and joint decisions about the design of new services and the risks that need to be taken.

DATA BREACH

6,716 data breaches notified Data Protection Commission

A total of 6,716 data breaches were reported to the Irish Data Protection Commissioner last year, making the office one of the busiest in Europe.

DLA Piper GDPR Data Breach Survey 2020

According to a new data breach survey, over 160,000 data breach notifications have been reported across the 28 European Union Member States plus Norway, Iceland and Liechtenstein since the GDPR came into force on 25 May 2018.

The full Report can be accessed here.

Australian P&N Bank data breach may have impacted 100,000

The Australian P&N Bank is notifying its customers a data breach that has exposed personal and sensitive account data.

Thousands of Chinese Students’ Data Exposed on Internet

A Chinese facial-recognition database with information on thousands of children was stored with no protection on the internet, a researcher discovered, raising questions about school surveillance and cybersecurity in China.

Big Microsoft data breach – 250 million records exposed

Microsoft has announced a data breach that affected one of its customer databases.

ENFORCEMENT

Italian DPA - Fine for unlawful processing & activation of unsolicited contracts

The Italian supervisory authority imposed two fines totalling EUR 11,5 million on Eni Gas and Luce (Egl) for unlawful processing of personal data in the context of advertising activities and activation of unsolicited contracts.

Greek DPA - Fine for illegally operated CCTV system

Investigation regarding access to and inspection by the employer of an employee’s emails on a company server, illegal installation and operation of a closed-circuit video-surveillance system and infringement of the right of access, resulting in a EUR 15,000 fine for the unlawful operation of CCTV.

RESOURCES

NIST Publishes Privacy Framework

The National Institute of Standards and Technology, an arm of the U.S. Department of Commerce, has published version 1.0 of a privacy framework to help organizations think through the process of securing personal data.