Privacy Transformation - Issue 53
PRIVACY
Tusla becomes first organisation fined for GDPR rule breach
The child and family agency, Tusla, has become the first organisation in the State fined for a breach of the General Data Protection Regulation (GDPR).
The agency was fined €75,000 arising out of an investigation into three cases where information about children was wrongly disclosed to unauthorised parties.
EU data watchdog ‘very worried’ by Hungary’s GDPR suspension
The European Data Protection Board, the EU's umbrella organisation overseeing the application of EU data protection rules on the bloc, has voiced its concern over the suspension of EU data protection rights in Hungary.
COVID-19 NEWS
HSE to stop sharing COVID-19 test results with employers before telling staff
The HSE says it will suspend the practice of telling employers about the COVID-19 test results of workers before the staff themselves are informed.
Secret NHS files reveal plans for coronavirus contact tracing app
Documents left unsecured on Google Drive reveal the NHS could in the future ask people to post their health status to its Covid-19 contact tracing app.
Blog: COVID-19 and contact tracing: a call for digital diligence
A Red Cross and Red Crescent Movement perspective on how the humanitarian principle of ‘do no harm’ means ‘do no digital harm’ in containing COVID-19.
SECURITY & TECH
Security flaws found in NHS contact-tracing app
The UK's National Cyber Security Centre acknowledges problems identified by an independent report.
Security analysis of the NHS COVID-19 App
Detailed security analysis of the NHS COVID-19 App by Chris Culnane and Vanessa Teague
“Siri: Are you recording me?” “No, but I am listening to you”
After lack of reaction: former Apple employee presents letter to DPAs, asking them to investigate Siri recording the users. noyb.eu will be looking into the case.
The Guardian also covered this story.
Google and Apple launch contact-tracing platform that will be used in Irish app
US TECH GIANTS Apple and Google have launched their contact tracing technology, which is being used for the Irish cotact tracing app, due to be published at the end of the month.
Facebook’s Giphy acquisition might have big implications for iMessage and Twitter
Now that Facebook is buying Giphy, how you send and receive GIFs on the internet could change forever. Some of the most popular apps and services rely on Giphy’s API and archives to let users share and post GIFs, and we’ve collected all of the services that we’re aware of in this post.
With Facebook aquiring Giphy, which many messaging services use to allow users to embed animated gifs in their messaging. This means that Apps like Signal, who focus on privacy, now have a Facebook product built in. Signal themselves explored the implications of embedding Giphy in their platform in 2016. It will be interesting to see if Giphy's new owner now prompts a review by platforms that integrate with the service.
DATA BREACH
The Unattributable "db8151dd" Data Breach
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine.
Irish health service data breach bodes ill for contact tracing app
The HSE’s ineptitude this week in releasing sensitive Covid-19 test result data to employers, rather than to the affected individual employees, immediately raises further concern about the app and the HSE’s ability to see, much less address, valid ethical concerns about data gathering at population-wide scale.
EasyJet admits data of nine million hacked
EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers. The attack was "sophisticated" the airline said, adding that some credit card details had been accessed.
Outsourcing firm Serco apologises for sharing contact tracers' email addresses
Outsourcing giant Serco has apologised for the data breach, which affects almost 300 people. The company is training staff to trace cases of Covid-19 for the UK government.
ENFORCEMENT
What can we take from the Data Protection Commission’s first fine?
The child and family agency, Tusla, has become the first organisation in Ireland to be fined by the Data Protection Commission for breaches of the GDPR.
The fine totalled €75,000. What can we take from this fine?
Danish DPA: Fine proposed for Danish recruitment company
The Danish Data Protection Authority considers that in a case on the right of access, the Danish recruitment company JobTeam has not met the basic requirements of the GDPR that personal data must be processed lawfully, fairly and transparently.
ICO’s BA and Marriott Fines Likely to Be Pushed Back Again
Legal experts have warned of more potential delays to the official GDPR fines set to be handed down to British Airways and Marriott International, potentially undermining the authority of the UK regulator.
More GDPR enforcement information can be found on:
COURTS, JUDGEMENTS & OPINIONS
CJEU's 'Schrems II' decision slated for July 16
In one of the most highly anticipated court cases in data protection, the Court of Justice of the European Union has announced that case C-311/18 — Facebook Ireland and Schrems — will be delivered July 16.