Privacy Transformation - Issue 5

With this issue of the newsletter I'm going to begin formatting it in a way that will hopefully be more useful to its readers. Beneath the initial headline story, you will now find other news items categorised to better identify the areas of privacy and data protection news that they relate to.

Hopefully this makes it easier to digest and focus in on the content that matters most to you.

If you have any feedback on how the format can improve, please feel free to get in touch.

Enjoy your weeks round-up of privacy news.

- Alan.

ICO Adtech update report published following industry engagement

ICO Adtech update report published following industry engagement

The ICO has produced a report into AdTech and Real Time Bidding (RTB). The report clarifies the ICO's views on adtech, with a specific focus on how personal data is used in RTB.

The reports conclusions are stark, among them:

  • processing of personal data is taking place unlawfully;
  • special category data is being processed unlawfully;
  • legimitate interest is relied on where consent is the appropriate basis;
  • risks have not been adequately assessed;
  • transparency requirements are not being met;
  • detailed profiling of individuals and subsequent sharing of that data is taking place without their knowledge;
  • technical and organisational measures to secure the data are insufficient.

This report has been a long time in the making, with many industry experts leading the charge against AdTech and RTB prior to this point. This is, however, a significant shot across the bow of those in the AdTech industry and a signal of follow-up actions to come.

You can read the full report here.

PRIVACY

Danish DPA approves Automated Facial Recognition

Danish DPA approves Automated Facial Recognition

The Danish football club Brøndby IF announced that automated facial recognition technology will be deployed at their stadium, to identify persons that have been banned from attending football matches.However, this technology is simply not a reliable and accurate for identifying persons in a large crowd.

Facebook usage falling after privacy scandals, data suggests

Facebook usage falling after privacy scandals, data suggests

Since April 2018, the first full month after news of the Cambridge Analytica scandal broke in the Observer, actions on Facebook such as likes, shares and posts have dropped by almost 20%, according to the business analytics firm Mixpanel.

ICO admits its own website fails to comply with GDPR

ICO admits its own website fails to comply with GDPR

The ICO has been forced to own up to the fact that its current consent notice relating to the use of cookies on mobile devices failed "to meet the required GDPR standard".

SECURITY

Polymorphic Phishing Attacks Now Make Up Almost Half of All Phishing Attempts

Polymorphic Phishing Attacks Now Make Up Almost Half of All Phishing Attempts

Polymorphic phishing attacks are highly effective as they use randomization of email components which are hard to be detected by signature-based email security tools.

DATA BREACHES

Parents’ anger as child sex change charity puts private emails online

Parents’ anger as child sex change charity puts private emails online

Mermaids reports itself to information watchdog after Sunday Times investigation finds families’ personal data on internet

Dozens of HIV patients identified in NHS email blunder

Dozens of HIV patients identified in NHS email blunder

Dozens of HIV patients identified in NHS email blunder. 37 people living with HIV received an invitation from NHS Highland with other recipients visible.

ENFORCEMENT

Danish DPA set to fine furniture company

Danish DPA set to fine furniture company

he Danish Data Protection Agency has reported IDDesign A/S and proposed a fine of DKK 1,5 million for failure to delete data about 385.000 customers.

ICO fines home security company for making thousands of nuisance calls

ICO fines home security company for making thousands of nuisance calls

The Information Commissioner’s Office (ICO) has fined Smart Home Protection Ltd £90,000 for making nuisance calls to people registered with the Telephone Preference Service (TPS).