Privacy Transformation - Issue 54
PRIVACY
Open Letter on “confidential” dealings in Facebook case
DPC had "confidential" meetings with Facebook on bypassing the GDPR before it became applicable in 2018. NOYB discloses the details after two years of a Kafkaesque procedure.
Related Reading:
Irish Times: Schrems letter turns up heat on Data Protection Commissioner
Irish Times: Schrems calls on EU authorities to intervene in ‘Kafkaesque’ DPC case
RTE News: DPC legal bill for Schrems case tops €2.9m
DPC Statement: Irish DPC submits Article 60 draft decision on inquiry into Twitter International Company’s compliance
2 Years Since GDPR
Enforcement proves the Achilles heel for GDPR
Only two years in, landmark EU regulation on data protection needs rebuilding to deliver on objectives.
Hamburg privacy boss calls for overhaul of EU privacy rules
Johannes Caspar said the failure of EU agencies to cooperate has undermined the GDPR.
GDPR - An Implementation Progress Report
Assess Now have published a report looking at how crises of the last year have impacted the application of the GDPR including enforcement mechanism limitations, The report suggests a list of recommendations to enable the European Commission, EU states, and DPAs to address the hurdles they identify.
Other News
Grandmother ordered to delete Facebook photos under GDPR
Privacy laws mean a grandmother needs her daughter's permission to post photos of her grandchildren.
SECURITY & TECH
Opinion: The Public Is Being Misled by Pandemic Technology That Won’t Keep Them Safe
The lockdown on commercial industry and personal activity in response to the global Covid-19 pandemic has been in place for almost two months in many parts of the U.S. Due to financial desperation and frustration with isolation, nonessential businesses are starting to reopen and more people are going out in public despite ongoing health concerns.
DATA BREACH
Identities of 150 survivors of historical abuse exposed in major data breach
The identities of 150 survivors of historical institutional abuse (HIA) have been exposed in a data breach, it has been confirmed.
Inquiry into Twitter data breach completed, says Data Protection Commission
Decision could pave the way for first fines against ‘big tech’ firm by Irish watchdog.
Massive political data leak in Malta
A massive leak of the voter’s list show the voting preferences, addresses, phones and dates of birth of a majority of the Maltese population.
EasyJet faces £18 billion class-action lawsuit over data breach
UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.
ENFORCEMENT
Tusla issued with second fine for data protection rules breach
Tusla has been issued with a second fine by the Data Protection Commission (DPC) for a breach of data protection rules.The decision was issued to the Child and Family Agency yesterday, following the completion of an inquiry that began last year.
First major GDPR decisions looming on Twitter and Facebook
The lead data regulator for much of big tech in Europe is moving inexorably towards issuing its first major cross-border GDPR decision — saying today it’s submitted a draft decision related to Twitter’s business to its fellow EU watchdogs for review.
FINLAND DPA
€100,000 fine issued to company that sent direct marketing to data subjects who had requested that their postal data be deleted. Investigations also revealed that the data protection information provided by the company was not transparent enough. [read notice here]
€16,000 fine for failure to carry out a data protection impact assessment for the processing of location data of employees with a vehicle information system. [read notice here]
More GDPR enforcement information can be found on:
GUIDANCE
DPC: Data Breaches and Email Correspondence
We are the national independent authority responsible for upholding the fundamental right of the individual in the EU to have their personal data protected.
DPC: FAQ on Consent for Electronic Direct Marketing
The GDPR applies directly in Ireland to most kinds of data processing and is read in conjunction with the Data Protection Act 2018. However, in addition to these general rules, there are rules which specifically apply to electronic direct marketing (marketing conducted by phone, fax, text message, and email), which are set out in the ‘ePrivacy Regulations’.
RESOURCES
EDPB Annual Report
The EDPB has released its annual report for 2019.