Privacy Transformation - Issue 47
PRIVACY
DPC Report on the use of cookies and other tracking technologies
The Irish Data Protection Commission released its report on the use of cookies and other tracking technologies. The DPC audited 38 organisations against the e-Privacy Directive which has had lax enforcement with respect to the use of cookies and similar technologies.
This report would seem to press the reset button and gives organisations a six-month period from its release to comply with the requirements of the Directive and the need to obtain consent when required that meets the standard of GDPR.
EU privacy experts push a decentralized approach to COVID-19 contacts tracing
A group of European privacy experts has proposed a decentralized system for Bluetooth-based COVID-19 contacts tracing which they argue offers greater protection against abuse and misuse of people’s data than apps which pull data into centralized pots. The protocol — which they’re calling Decentralized Privacy-Preserving Proximity Tracing (DP-PPT) — has been designed by around 25 academics from at least seven research institutions across Europe.
EDPS - 'EU Digital Solidarity: a call for a pan-European approach against pandemic'
Video address by Wojciech Wiewiórowski, European Data Protection Supervisor - 'EU Digital Solidarity: a call for a pan-European approach against the pandemic'.
Opinion: Why data protection law is uniquely equipped to let us fight a pandemic with personal data
Data protection law is different than “privacy”. We, data protection lawyers, have been complacent recently and have failed to clarify this loud and clear for the general public. Perhaps happy to finally see this field of law taking the front stage of public debate through the GDPR, we have not stopped anyone from saying that the GDPR is a privacy law.
SECURITY & TECH
The NHS coronavirus app could track how long you spend outside
The UK government is considering plans to use the contact-tracing app to boost social distancing.
Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself - TidBITS
The videoconferencing service Zoom has seen a 20-fold increase in usage during the coronavirus pandemic. That extra attention has put a spotlight on poor technical and policy decisions that have exposed Zoom’s users to harm and revealed personal data unnecessarily. But hope blooms with the company’s latest comprehensive apology and roadmap.
See how your community is moving around differently due to COVID-19
Giving insights into the scale of location data that Google routinely collects, they have produced country reports showing how communities and business sectors have been affected by restrictions on movement due to COVID-19.
DATA BREACH
Email provider got hacked, data of 600,000 users now sold on the dark web
The data of more than 600,000 Email.it users is currently being sold on the dark web.
GUIDANCE
Report by the DPC on the use of cookies and other tracking technologies
So good we're mentioning it twice — This report, as well as being an indictment of the restaurant and food ordering sector regarding their use of cookies, includes the latest guidance from the DPC on their use, and controllers should examine it closely to make sure that they are in alignment.
RESOURCES
DPA COVID-19 Comparison Tables
A resource setting out the guidance provided by data protection authorities in relation to the processing of personal data in the context of the fight against the coronavirus across various jurisdictions.
COVID-19 & Privacy & Data Protection chart
COVID-19 has had an unprecedented impact on businesses. Many employers have deployed business continuity plans to help mitigate the effect of the virus, which include measures to protect the health and safety of employees. Discharging that duty is not easy, particularly when navigating the varying guidance from regulators around the world on what an employer can and can't do with its employees' personal data. Our comparative chart contains a traffic light system and explanations to help you answer important questions, such as whether you can ask employees about symptoms, or whether you can take temperature readings from employees.