Privacy Transformation - Issue 53

PRIVACY

Tusla becomes first organisation fined for GDPR rule breach

Tusla becomes first organisation fined for GDPR rule breach

The child and family agency, Tusla, has become the first organisation in the State fined for a breach of the General Data Protection Regulation (GDPR).

The agency was fined €75,000 arising out of an investigation into three cases where information about children was wrongly disclosed to unauthorised parties.

EU data watchdog ‘very worried’ by Hungary’s GDPR suspension

EU data watchdog ‘very worried’ by Hungary’s GDPR suspension

The European Data Protection Board, the EU's umbrella organisation overseeing the application of EU data protection rules on the bloc, has voiced its concern over the suspension of EU data protection rights in Hungary.

COVID-19 NEWS

HSE to stop sharing COVID-19 test results with employers before telling staff

HSE to stop sharing COVID-19 test results with employers before telling staff

The HSE says it will suspend the practice of telling employers about the COVID-19 test results of workers before the staff themselves are informed.

Secret NHS files reveal plans for coronavirus contact tracing app

Secret NHS files reveal plans for coronavirus contact tracing app

Documents left unsecured on Google Drive reveal the NHS could in the future ask people to post their health status to its Covid-19 contact tracing app.

Blog: COVID-19 and contact tracing: a call for digital diligence

Blog: COVID-19 and contact tracing: a call for digital diligence

A Red Cross and Red Crescent Movement perspective on how the humanitarian principle of ‘do no harm’ means ‘do no digital harm’ in containing COVID-19.

SECURITY & TECH

Security flaws found in NHS contact-tracing app

Security flaws found in NHS contact-tracing app

The UK's National Cyber Security Centre acknowledges problems identified by an independent report.

Security analysis of the NHS COVID-19 App

Security analysis of the NHS COVID-19 App

Detailed security analysis of the NHS COVID-19 App by Chris Culnane and Vanessa Teague

“Siri: Are you recording me?” “No, but I am listening to you”

“Siri: Are you recording me?” “No, but I am listening to you”

After lack of reaction: former Apple employee presents letter to DPAs, asking them to investigate Siri recording the users. noyb.eu will be looking into the case.

The Guardian also covered this story.

Google and Apple launch contact-tracing platform that will be used in Irish app

Google and Apple launch contact-tracing platform that will be used in Irish app

US TECH GIANTS Apple and Google have launched their contact tracing technology, which is being used for the Irish cotact tracing app, due to be published at the end of the month.

Facebook’s Giphy acquisition might have big implications for iMessage and Twitter

Facebook’s Giphy acquisition might have big implications for iMessage and Twitter

Now that Facebook is buying Giphy, how you send and receive GIFs on the internet could change forever. Some of the most popular apps and services rely on Giphy’s API and archives to let users share and post GIFs, and we’ve collected all of the services that we’re aware of in this post.

With Facebook aquiring Giphy,  which many messaging services use to allow users to embed animated gifs in their messaging. This means that Apps like Signal, who focus on privacy, now have a Facebook product built in. Signal themselves explored the implications of embedding Giphy in their platform in 2016. It will be interesting to see if Giphy's new owner now prompts a review by platforms that integrate with the service.

DATA BREACH

The Unattributable "db8151dd" Data Breach

The Unattributable "db8151dd" Data Breach

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine.

Irish health service data breach bodes ill for contact tracing app

Irish health service data breach bodes ill for contact tracing app

The HSE’s ineptitude this week in releasing sensitive Covid-19 test result data to employers, rather than to the affected individual employees, immediately raises further concern about the app and the HSE’s ability to see, much less address, valid ethical concerns about data gathering at population-wide scale.

EasyJet admits data of nine million hacked

EasyJet admits data of nine million hacked

EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers. The attack was "sophisticated" the airline said, adding that some credit card details had been accessed.

Outsourcing firm Serco apologises for sharing contact tracers' email addresses

Outsourcing firm Serco apologises for sharing contact tracers' email addresses

Outsourcing giant Serco has apologised for the data breach, which affects almost 300 people. The company is training staff to trace cases of Covid-19 for the UK government.

ENFORCEMENT

What can we take from the Data Protection Commission’s first fine?

What can we take from the Data Protection Commission’s first fine?

The child and family agency, Tusla, has become the first organisation in Ireland to be fined by the Data Protection Commission  for breaches of the GDPR.

The fine totalled €75,000. What can we take from this fine?

Danish DPA: Fine proposed for Danish recruitment company

Danish DPA: Fine proposed for Danish recruitment company

The Danish Data Protection Authority considers that in a case on the right of access, the Danish recruitment company JobTeam has not met the basic requirements of the GDPR that personal data must be processed lawfully, fairly and transparently.

ICO’s BA and Marriott Fines Likely to Be Pushed Back Again

ICO’s BA and Marriott Fines Likely to Be Pushed Back Again

Legal experts have warned of more potential delays to the official GDPR fines set to be handed down to British Airways and Marriott International, potentially undermining the authority of the UK regulator.

More GDPR enforcement information can be found on:

enforcementtracker.com

COURTS, JUDGEMENTS & OPINIONS

CJEU's 'Schrems II' decision slated for July 16

CJEU's 'Schrems II' decision slated for July 16

In one of the most highly anticipated court cases in data protection, the Court of Justice of the European Union has announced that case C-311/18 — Facebook Ireland and Schrems — will be delivered July 16.