Privacy Transformation - Issue 55
PRIVACY
EDPB Signals Efforts on International Data Transfers as CJEU Review of Current Tools Draws Near
The European Court of Justice recently published plans to issue its much awaited decision in CJEU case C-311/18 on July 16. The ruling will impact how organisations lawfully transfer personal data from the EEA to jurisdictions not providing an “adequate” level of data protection in accordance with the GDPR.
PSNI to begin 'real-time' deletion of DNA records in September
Police in Northern Ireland will begin "real-time" deletion of DNA records in September. The indefinite storage of a convicted drink driver's profile, photo and fingerprints by officers is a breach of human rights, the European Court of Human Rights ruled earlier this year.
Thirtieth Plenary session: EDPB response to NGOs on Hungarian Decrees and statement on Article 23 GDPR
During its 30th plenary session, the EDPB adopted a statement on data subject rights in connection to the state of emergency in Member States. The Board also adopted a letter in response to a letter from Civil Liberties Union for Europe, Access Now and the Hungarian Civil Liberties Union (HCLU) regarding the Hungarian Government’s Decree 179/2020 of 4 May.
Despite economic downturn, privacy jobs seem to be (mostly) safe
Privacy and those who make a career from it were thriving prior to COVID-19. The job market and job security for highly trained professionals within the space were on the upswing as privacy made its ascension to being a mainstream topic.
COVID-19 PRIVACY NEWS
HSE's Covid-19 app to begin testing this week
The HSE will begin testing its Covid-19 contact tracing app in the coming week, however it will be some time more before it is available to the wider public.
Privacy concerns and technical doubts dull hopes of HSE Covid-19 app's value
A smartphone app that warns when a user has made contact with a Covid-19 sufferer was meant to help suppress the virus - but doubts have been cast doubt its effectiveness even before it has been launched.
NHS app paves the way for 'immunity passports'
"Passports" showing individuals' health status could become the next front for fighting the pandemic.
Members of US Congress to unveil bipartisan bill to regulate contact-tracing apps, fearing potential privacy abuses
Senate lawmakers plan to unveil a bipartisan bill on Monday that would regulate contact-tracing and exposure-notification apps, seeking to ensure new digital tools meant to combat the coronavirus don’t come at the expense of users’ privacy.
SECURITY & TECH
Zoom CEO explains stance on encryption, says he wants to 'work together' with law enforcement
Rather than deliver end-to-end call encryption for every user, Zoom plans to provide that protection for certain paying customers.
Student finds privacy flaws in connected security and doorbell cameras
Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to "systemic design flaws" discovered by a Florida Tech computer science student.
ENISA: Dependency of Energy Operators on time sensitive services
The EU Agency for Cybersecurity analyses the cyber risks of the dependency of energy operators on time sensitive services and proposes mitigation measures.
ENFORCEMENT
Belgian DPA - Insufficient fulfilment of data subjects rights
The Belgian data protection authority has imposed a fine of EUR 1000 on a non-profit organisation for sending out direct marketing messages, despite the fact that data subjects had exercised their right to erasure and objection. The organisation claimed that it was relying on legitimate interests as a legal basis and not on the explicit consent of the data subjects. The data protection authority, however, denied the existence of any outweighing of legitimate interests. [Notice]
Dundee firm Alliance Trust Savings censured after whistleblower's 'spying' concerns
A Dundee-based financial firm has been censured by the Information Commissioner over the use of a mobile app which allowed it to access an “excessive amount” of employees’ sensitive personal data.
More on the latest GDPR enforcement notices can be found on: