Privacy Transformation - Issue 4
Welcome to another issue of the Privacy Transformation newsletter.
One of the problems that privacy professionals face is keeping abreast of the news and information that benefit them in doing their jobs (and ultimately, in looking after the individuals that they are entrusted with protecting).
That's what this newsletter is for — a pointer toward the privacy news and resources that deserve attention and may merit a deeper dive.
Over time, it's my hope that it finds a place as a valuable resource for the privacy community. As it is intended as a community resource, I would warmly welcome any suggestions on how best I can shape it to deliver on that goal.
Please feel free to hit reply and leave me a note with your suggestions.
With that out of the way — enjoy your privacy roundup for the week!
- Alan
MI5 engaged in 'extraordinary and persistent illegality' whilst handling personal data, High Court hears
MI5 has been unlawfully holding people's data collected through surveillance or hacking programmes, the high court has been told.
The human rights organisation Liberty has taken the security service to court over the way that it gathers and stores information under the Investigatory Powers Act.
Children's personal data may have been stolen in FAI hacking scandal
The Data Protection Commission confirmed that it is investigating a potential breach of childrens personal data in a recent hacking incident involving the FAI.
The EU Cybersecurity Act: a new Era dawns on ENISA
The EU Cyber Security Act has been published and ENISA will now be known as the EU Agency for Cybersecurity.
The Act aims to strengthen the cybersecurity features of products & services and boost cyber resilience in the EU.
The EU Agency for Cybersecurity will have more resources at its disposal and new responsibilities for coordinating and supporting cybersecurity efforts across the EU.
U.S. Customs and Border Protection says photos of travelers were taken in a data breach
U.S. Customs and Border Protection (CBP) says photos of travelers have been compromised as part of a “malicious cyber-attack,” raising concerns over how expanding surveillance efforts could imperil privacy.
'Answers are overdue': Almost a year on, it's still unclear if probe into legality of PSC will be published
A draft of the report from the Data Protection Commissioner that looked into the legality of the controversial card was given to the Department of Social Protection in August 2018. Almost a year on from that delivery, the public are still awaiting the results.
For more background on the PSC, see the resources section below.
RESOURCES
Guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data.
These draft guidelines discuss the interaction of the contractual processing basis with other lawful bases, illustrating with examples how purpose limitation and necessity are critical considerations for processing that is determined to be under contractual terms.
The Public Services Card: Enforced Digital Identities for Social Protection Services
The Irish Council for Civil Liberties (ICCL) recently submitted a report to the UN on how the Public Services Card (PSC) impacts on privacy rights, specifically on the rights of those living in extreme poverty.
For those that would benefit from a background to the PSC controversy and the contention that it is not necessary or proportionate to the purposes it is intended for, this report is recommended reading.