Privacy Transformation - Issue 38
PRIVACY
German regulator says Irish data protection commission is being 'overwhelmed'
Ireland’s Data Protection Commission (DPC) is overwhelmed with the task of regulating big tech, needs more resources and should accept outside help, according to Germany’s federal data commissioner.
Data Protection Commission launches separate probes into Google and Tinder
The Data Protection Commission has launched two separate statutory inquiries, into search firm Google and dating app Tinder.
Irish DPC launches Statutory Inquiry into Google’s processing of location data and transparency surrounding that processing
The Data Protection Commission, in its role as Lead Supervisory Authority for Google, has received a number of complaints from various Consumer Organisations across the EU, in which concerns were raised with regard to Google’s processing of location data. The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing.
Councils let firms track visits to webpages on benefits and disability
UK Councils are sharing information about users of their websites – including when they seek help with a benefit claim, or with a disability or alcoholism – with dozens of private companies.
This story is based on a report published by Brave.
Benefits of data protection regulation come at a price
The success of General Data Protection Regulation (GDPR) as a legislative firewall against the exploitation of individuals’ digital rights to privacy is critical if we are to avoid a dystopian future of constant government surveillance and corporate interests invading our very existence. Sadly, however, it is a few bad apples ruining it for everyone else because, believe it or not, some groups out there would like to use our data for good.
UK to diverge from EU data protection rules, Johnson confirms
The United Kingdom will seek to diverge from EU data protection rules and establish their own 'sovereign' controls in the field, the UK Prime Minister Boris Johnson said on Monday (3 February). His comments came despite the EU affirming that the UK should "fully respect EU data protection rules.
World Health Organization CIO on healthcare data, privacy, trust, and ethics
The CIO of WHO talks about the risks and opportunities of big data when it comes to health care. Large technology companies are important partners in building trust and advancing efforts around digital health. But determining how to partner is not always simple or easy.
Absent guidelines, many questions on facilitating DSARs
At present, companies acting as data controllers lack uniform interpretation of the rules that guide their compliance efforts to respond to data subject rights requests under the EU General Data Protection Regulation.
Welfare surveillance system violates human rights, Dutch court rules
Government told to halt use of AI to detect fraud in decision hailed by privacy campaigners.
SECURITY & TECH
‘Critical concern’ over Ireland’s cybersecurity
The Government should give careful consideration to the advice it has received from the Commission for Communications Regulation (ComReg) to allow intelligence on threats to national security to be shared between State agencies and the private sector.
Google's Proposed "Privacy Sandbox" Model Would Phase out Third Party Cookies in Two Years; Will It Improve User Privacy?
Google's privacy sandbox proposal now plans to phase out third party cookies from the Chrome browser by 2022, and has laid out what is at least a theoretical roadmap to preserving the targeted ad industry without the major incursions into user privacy that are so common today.
Will we just accept our loss of privacy, or has the techlash already begun?
Probably too late to ask, but was the past year the moment we lost our technological innocence? The Alexa in the corner of the kitchen monitoring your every word? The location-betraying device in your pocket? The dozen trackers on that web page you just opened? The thought that a 5G network could, in some hazily understood way, be hardwired back to Beijing? The spooky use of live facial recognition on CCTV cameras across London.
CERN drops Facebook's Slack competitor, citing privacy issues and low usage
CERN, the European Organization for Nuclear Research, on Friday ended its use of Workplace by Facebook, the company's communications tool for companies.
U.N. Hack Stemmed From Microsoft SharePoint Flaw
Reportedly, the bug wasn't patched, leading to a data breach in July.
ENFORCEMENT
Guess what? GDPR enforcement is on fire.
Data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities and here are some trends coming to surface.
Cypriot DPA - banned the processing of an automated tool, used for scoring sick leaves of employees
The Cypriot Supervisory Authority banned the processing of an automated tool, used for scoring sick leaves of employees, known as the "Bradford Factor’’ and subsequently fined the controller a total amount of EUR 82,000, concerning the lack of legal basis of “Bradford Factor” tool.
Italian DPA - Fine for promotional phone calls without consent
The DPA received complaints the telecommunications company made promotional phone calls without consent. The complainants either had their numbers on the Public Register do-not-call list or previously opted out of receiving phone calls from the company. The DPA estimates millions of individuals were affected by the illicit marketing practices. The DPA has issued a EUR 27.8 Million fine for alleged violations of the GDPR.
*Notice is in Italian*
UK DPA- Dixons Carphone fined for massive data breach
‘Systemic failures’ found in the retailer’s cybersecurity and management of customer data have resulted in a £500,000 fine issued by the UK ICO.
RESOURCES
Design guidelines for high assurance products
Approaches to the design, development and assessment of products capable of resisting elevated threats.
CISCO Report - From Privacy to Profit - Achieving Positive Returns on Privacy Investments
Data Privacy Benchmark Study 2020 - Over the last three years, Cisco has conducted privacy research by surveying thousands of organisations worldwide. Our research has demonstrated that – beyond meeting compliance requirements – good privacy is indeed good for business and individuals.
POTs: Protective Optimization Technologies
POTs provide means for affected parties to address the negative impacts of systems in the environment, expanding avenues for political contestation. POTs intervene from outside the system, do not require service providers to cooperate, and can serve to correct, shift, or expose harms that systems impose on populations and their environments. We illustrate the potential and limitations of POTs in two case studies: countering road congestion caused by traffic-beating applications, and recalibrating credit scoring for loan applicants.