Privacy Transformation - Issue 58

PRIVACY

Businesses face privacy minefield over contact-tracing rules

Businesses face privacy minefield over contact-tracing rules

Bars, restaurants, hairdressers and churches face a minefield, privacy campaigners have warned, after the government instructed them to record people’s contact details in case they need to assist with test-and-trace efforts.

EDPB responds to open letter on “confidential” dealings in Facebook case

EDPB responds to open letter on “confidential” dealings in Facebook case

In May, we published an open letter describing the Irish DPA’s (DPC) “Kafkaesque” procedure for its handling of the Facebook case. Now, we received an answer by the EDPB.

EDPB publishes new register containing One-Stop-Shop decisions

EDPB publishes new register containing One-Stop-Shop decisions

The EDPB has published a new register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Art. 60 GDPR).

The register can be accessed here.

Catholic Church says data laws ‘detrimental to efforts to safeguard children’

Catholic Church says data laws ‘detrimental to efforts to safeguard children’

Report confirms the church sought to have data protection legislation amended but failed

‘Vast majority’ of Irish adults willing to download Covid-19 contact tracing app

‘Vast majority’ of Irish adults willing to download Covid-19 contact tracing app

The vast majority of Irish adults are willing to download a contact tracing app to their smartphone to curb the Covid-19 pandemic, according to a study.

Researchers from Lero, the Science Foundation Ireland Research Centre for Software, University of Limerick, and National University of Ireland Galway found that 82% of adults are willing to download such an app.

SECURITY & TECH

Antitrust case against Facebook’s ‘super profiling’ back on track after German federal court ruling

Antitrust case against Facebook’s ‘super profiling’ back on track after German federal court ruling

A landmark regulatory intervention that seeks to apply structural antitrust remedies to cut big (ad)tech’s rights-hostile surveillance business models down to size has been revived after Germany’s federal court overturned an earlier ruling that had suspended enforcement of a ban on Facebook combining user data into so called ‘super profiles’.

Malicious Chrome Extensions Used in Global Surveillance Campaign

Malicious Chrome Extensions Used in Global Surveillance Campaign

Malicious Chrome extensions employed in a massive global surveillance campaign have been downloaded by millions before their removal.

EU Cybersecurity: A newly-formed stakeholders group will work on the cybersecurity certification framework

EU Cybersecurity: A newly-formed stakeholders group will work on the cybersecurity certification framework

The Commission and the European Agency for Cybersecurity (ENISA) announced today the creation of the Stakeholders Cybersecurity Certification Group (SCCG), which will advise them on strategic issues regarding cybersecurity certification, while at the same time it will assist the Commission in the preparation of the Union rolling work programme.

COVID-19 CONTACT TRACING APPS

Does anyone have a working contact-tracing app?

Does anyone have a working contact-tracing app?

The claim: No country in the world has a working contact-tracing app.

Verdict: There are certainly countries in the world that would dispute that. Germany's app is up and running and India says its app has had 131 million downloads and traced 900,000 people to tell them to isolate.

[Read more]

What went wrong with the UK's contact tracing app?

What went wrong with the UK's contact tracing app?

After months of work the UK has ditched the way its current coronavirus-tracing app works. So what went wrong?

Coronavirus: Ireland set to launch contact-trace app

Coronavirus: Ireland set to launch contact-trace app

The Republic's health authority presses ahead with Apple-Google tech, despite the UK being unready.

Best Practices for Operation Security in Proximity Tracing

Best Practices for Operation Security in Proximity Tracing

The group responsible for the development of  DP-3T, the decentralised contact tracing protocol, has released a best practice guide for decentralised privacy-preserving proximity tracing.

DATA BREACH

Twitter apologises for business data breach

Twitter apologises for business data breach

The social media firm says personal information of business advertisers' clients may be affected.

ENFORCEMENT

GDPR enforcement amid COVID-19: Will DPAs be 'strong' enough?

GDPR enforcement amid COVID-19: Will DPAs be 'strong' enough?

The COVID-19 pandemic has affected both EU data protection authorities and the organizations they oversee, finding themselves in uncharted territory. DPAs have been left to choose how they'll go about handling their enforcement work in an unparalleled time of hardship and technological uptake for companies — all while the pressure's on for critics who say DPA's enforcement of the EU General Data Protection Regulation has been weak to date.

Housing association banned from using video surveillance in entrance and stairwell

Housing association banned from using video surveillance in entrance and stairwell

The Swedish Data Protection Authority (DPA) has investigated a co-operative housing association’s use of video surveillance on its property. The DPA concludes that the association has gone too far when using video surveillance in the main entrance and the stairwell and when recording audio. The DPA has issued an administrative fine of approximately 2,000 EUR against the association, taking into account the small size of the body.

More on the latest GDPR enforcement notices can be found on:

enforcementtracker.com

COURTS, JUDGEMENTS & OPINIONS

French Highest Administrative Court Partially Annuls CNIL Cookie Guidelines

On June 19, 2020, France’s Highest Administrative Court issued a decision partially annulling the guidelines of the French Data Protection Authority on cookies and similar technologies.

RESOURCES

Two years of application of the General Data Protection Regulation

European Commission review of the implementation of the GDPR.

IAPP commentary on the on the review can be found here.

Are cookie banners indeed compliant with the law?

An interdisciplinary collaboration paper examining the 22 legal and technical requirements for valid cookie banners.

DPC Ireland 2018-2020 Regulatory Activity Under GDPR

The DPC has published a two year Regulatory Activities report under the GDPR to assess the range of regulatory tasks over the period 25 May 2018 to 25 May 2020.

EDPB: 32nd Plenary Session: adopted documents

EDPB: 32nd Plenary Session: adopted documents

During its 32nd Plenary Session, the EDPB adopted the following documents:


  • EDPB statement on the interoperability of contact tracing applications
  • EDPB statement on the processing of personal data in the context of reopening the Schengen borders
  • EDPB letter to MEP Körner on the relevance of encryption bans in third countries for assessing the level of data protection
  • EDPB letter to MEP Körner on laptop camera covers
  • EDPB letter to the Committee of European Auditor Oversight Bodies

ECHR Factsheet: Personal data protection case law

European Court of Human Rights factsheet 'Personal data protection',  summarising important case law, updated May 2020.