Privacy Transformation - Issue 58
PRIVACY
Businesses face privacy minefield over contact-tracing rules
Bars, restaurants, hairdressers and churches face a minefield, privacy campaigners have warned, after the government instructed them to record people’s contact details in case they need to assist with test-and-trace efforts.
EDPB responds to open letter on “confidential” dealings in Facebook case
In May, we published an open letter describing the Irish DPA’s (DPC) “Kafkaesque” procedure for its handling of the Facebook case. Now, we received an answer by the EDPB.
EDPB publishes new register containing One-Stop-Shop decisions
The EDPB has published a new register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Art. 60 GDPR).
The register can be accessed here.
Catholic Church says data laws ‘detrimental to efforts to safeguard children’
Report confirms the church sought to have data protection legislation amended but failed
‘Vast majority’ of Irish adults willing to download Covid-19 contact tracing app
The vast majority of Irish adults are willing to download a contact tracing app to their smartphone to curb the Covid-19 pandemic, according to a study.
Researchers from Lero, the Science Foundation Ireland Research Centre for Software, University of Limerick, and National University of Ireland Galway found that 82% of adults are willing to download such an app.
SECURITY & TECH
Antitrust case against Facebook’s ‘super profiling’ back on track after German federal court ruling
A landmark regulatory intervention that seeks to apply structural antitrust remedies to cut big (ad)tech’s rights-hostile surveillance business models down to size has been revived after Germany’s federal court overturned an earlier ruling that had suspended enforcement of a ban on Facebook combining user data into so called ‘super profiles’.
Malicious Chrome Extensions Used in Global Surveillance Campaign
Malicious Chrome extensions employed in a massive global surveillance campaign have been downloaded by millions before their removal.
EU Cybersecurity: A newly-formed stakeholders group will work on the cybersecurity certification framework
The Commission and the European Agency for Cybersecurity (ENISA) announced today the creation of the Stakeholders Cybersecurity Certification Group (SCCG), which will advise them on strategic issues regarding cybersecurity certification, while at the same time it will assist the Commission in the preparation of the Union rolling work programme.
COVID-19 CONTACT TRACING APPS
Does anyone have a working contact-tracing app?
The claim: No country in the world has a working contact-tracing app.
Verdict: There are certainly countries in the world that would dispute that. Germany's app is up and running and India says its app has had 131 million downloads and traced 900,000 people to tell them to isolate.
What went wrong with the UK's contact tracing app?
After months of work the UK has ditched the way its current coronavirus-tracing app works. So what went wrong?
Coronavirus: Ireland set to launch contact-trace app
The Republic's health authority presses ahead with Apple-Google tech, despite the UK being unready.
Best Practices for Operation Security in Proximity Tracing
The group responsible for the development of DP-3T, the decentralised contact tracing protocol, has released a best practice guide for decentralised privacy-preserving proximity tracing.
DATA BREACH
Twitter apologises for business data breach
The social media firm says personal information of business advertisers' clients may be affected.
ENFORCEMENT
GDPR enforcement amid COVID-19: Will DPAs be 'strong' enough?
The COVID-19 pandemic has affected both EU data protection authorities and the organizations they oversee, finding themselves in uncharted territory. DPAs have been left to choose how they'll go about handling their enforcement work in an unparalleled time of hardship and technological uptake for companies — all while the pressure's on for critics who say DPA's enforcement of the EU General Data Protection Regulation has been weak to date.
Housing association banned from using video surveillance in entrance and stairwell
The Swedish Data Protection Authority (DPA) has investigated a co-operative housing association’s use of video surveillance on its property. The DPA concludes that the association has gone too far when using video surveillance in the main entrance and the stairwell and when recording audio. The DPA has issued an administrative fine of approximately 2,000 EUR against the association, taking into account the small size of the body.
More on the latest GDPR enforcement notices can be found on:
COURTS, JUDGEMENTS & OPINIONS
French Highest Administrative Court Partially Annuls CNIL Cookie Guidelines
On June 19, 2020, France’s Highest Administrative Court issued a decision partially annulling the guidelines of the French Data Protection Authority on cookies and similar technologies.
RESOURCES
Two years of application of the General Data Protection Regulation
European Commission review of the implementation of the GDPR.
IAPP commentary on the on the review can be found here.
Are cookie banners indeed compliant with the law?
An interdisciplinary collaboration paper examining the 22 legal and technical requirements for valid cookie banners.
DPC Ireland 2018-2020 Regulatory Activity Under GDPR
The DPC has published a two year Regulatory Activities report under the GDPR to assess the range of regulatory tasks over the period 25 May 2018 to 25 May 2020.
EDPB: 32nd Plenary Session: adopted documents
During its 32nd Plenary Session, the EDPB adopted the following documents:
- EDPB statement on the interoperability of contact tracing applications
- EDPB statement on the processing of personal data in the context of reopening the Schengen borders
- EDPB letter to MEP Körner on the relevance of encryption bans in third countries for assessing the level of data protection
- EDPB letter to MEP Körner on laptop camera covers
- EDPB letter to the Committee of European Auditor Oversight Bodies
ECHR Factsheet: Personal data protection case law
European Court of Human Rights factsheet 'Personal data protection', summarising important case law, updated May 2020.