Privacy Transformation - Issue 59
PRIVACY
Inquiry into data gathered for child benefit applications
The Irish Data Protection Commission is set to review all data gathering pertaining to child benefit applications in the fallout from a contentious court case between itself and the Department of Employment Affairs and Social Protection.
EDPS: 2020-2024 Strategy — Shaping a safer digital future
The EDPS presents its 2020-2024 Strategy 'Shaping a Safer Digital Future: a new Strategy for a new decade' to the public.
Read the full text of the strategy.
Read speech by EDPS Supervisor, Wojciech Wiewiórowski.
Vienna Judge delivers "non-judgment" in Facebook case
Despite diving into detailed facts about Facebook's illegal data use, no real analysis under the GDPR was undertaken. The judge apparently wanted to leave these issues to the Superior Courts.
SECURITY & TECH
EU Commission must block Google's acquisition of Fitbit, says data protection NGO
Privacy International, the European Consumer Organisation and some US lawmakers have raised concerns about Google's access to sensitive health data if it acquires Fitbit.
Tiktok to transfer data control to UK arm ahead of Brexit
Tiktok has said it will be moving ownership of its users' data in Europe to local subsidiaries, in a boost to its British arm as it prepares for Brexit.
COVID-19 CONTACT TRACING APPS
Irish Covid Tracker App DPIA Released
The Irish Health Service Executive (HSE) have released the Data Protection Impact Assessment (DPIA) and source code of the Covid-19 tracker app.
The Irish Council for Civil Liberties has released a statement noting concerns about the efficacy of the App.
HSE's contact tracing app will be wound down in 90 days if it's deemed ineffective
Ahead of the Covid Tracker App’s launch, the HSE has released documents detailing how the app will work. The HSE has said its contact tracing app will be wound down within 90 days if it’s deemed to not be effective.
Northern Ireland to launch separate contact-tracing app
The app, based on the Apple/Google model, will be released within weeks. If Northern Ireland does manage to release a functioning contact tracing app within weeks that will be a major embarrassment to the UK government.
ENFORCEMENT
Tusla fined €40,000 in second GDPR breach
Tusla, the Child and Family Agency, has been fined €40,000 by the Data Protection Commission (DPC) after it sent a letter containing allegations of abuse to a third party who then uploaded it to social media.
UK ICO: Decision Technologies - ePrivacy violation
Price comparison and technology company fined £90,000 for a contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
German State Data Protection Commissioner imposes 1.2 million
The German State Data Protection Commissioner of Baden-Württemberg imposed a fine of 1,200,000 EUR on the German statutory health insurance provider AOK Baden-Württemberg (“AOK”). They used the personal data of more than 500 lottery participants for advertising purposes without their consent.
Danish DPA - Non-compliance with general data processing principles
The Danish DPA has fined a youth organisation 6,700 EUR for multiple violations of the GDPR. The organisation included the sensitive details of minors in the notes of meeting minutes which were subsequently made accessible to employees who should not have had access.
[Notice is in Danish]
More on the latest GDPR enforcement notices can be found on:
GUIDANCE
DPC: Return to Work Safely Protocol
The purpose of this guidance document is to provide advice to employers on the implementation of the recommendations of the Protocol in a manner that complies with their obligations as data controllers under the GDPR and Data Protection Act, 2018.
CNIL adjusts cookie guidance following court's ruling
France's data protection authority, the Commission nationale de l'informatique et des libertés, said it will adhere to the decision made by the country's Council of State, the Conseil d’État, on cookie walls.
EDPS Opinion on the European Commission’s White Paper on Artificial Intelligence
This Opinion presents the EDPS views on the White Paper as a whole, as well as on certain specific aspects, such as the proposed risk-based approach, the enforcement of AI regulation or the specific requirements for the remote biometric identification (including facial recognition).
ICO: Contact tracing - protecting customer and visitor details
The ICO has published guidance for organisations collection personal data in support of contact tracing efforts.
RESOURCES
EDPS: Outcome of investigation into EU institutions’ use of Microsoft products and services
This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’ use of Microsoft products and services.
European Parliamentary Research Study: The impact of the GDPR on artificial intelligence
This study addresses the relationship between the GDPR and artificial intelligence.