Privacy Transformation - Issue 59

PRIVACY

Inquiry into data gathered for child benefit applications

Inquiry into data gathered for child benefit applications

The Irish Data Protection Commission is set to review all data gathering pertaining to child benefit applications in the fallout from a contentious court case between itself and the Department of Employment Affairs and Social Protection.

EDPS: 2020-2024 Strategy — Shaping a safer digital future

The EDPS presents its 2020-2024 Strategy 'Shaping a Safer Digital Future: a new Strategy for a new decade' to the public.

Read the full text of the strategy.

Read speech by EDPS Supervisor, Wojciech Wiewiórowski.

Vienna Judge delivers "non-judgment" in Facebook case

Vienna Judge delivers "non-judgment" in Facebook case

Despite diving into detailed facts about Facebook's illegal data use, no real analysis under the GDPR was undertaken. The judge apparently wanted to leave these issues to the Superior Courts.

SECURITY & TECH

EU Commission must block Google's acquisition of Fitbit, says data protection NGO

EU Commission must block Google's acquisition of Fitbit, says data protection NGO

Privacy International, the European Consumer Organisation and some US lawmakers have raised concerns about Google's access to sensitive health data if it acquires Fitbit.

Tiktok to transfer data control to UK arm ahead of Brexit

Tiktok to transfer data control to UK arm ahead of Brexit

Tiktok has said it will be moving ownership of its users' data in Europe to local subsidiaries, in a boost to its British arm as it prepares for Brexit.

COVID-19 CONTACT TRACING APPS

Irish Covid Tracker App DPIA Released

The Irish Health Service Executive (HSE) have released the Data Protection Impact Assessment (DPIA) and source code of the Covid-19 tracker app.

The Irish Council for Civil Liberties has released a statement noting concerns about the efficacy of the App.

HSE's contact tracing app will be wound down in 90 days if it's deemed ineffective

HSE's contact tracing app will be wound down in 90 days if it's deemed ineffective

Ahead of the Covid Tracker App’s launch, the HSE has released documents detailing how the app will work. The HSE has said its contact tracing app will be wound down within 90 days if it’s deemed to not be effective.

Northern Ireland to launch separate contact-tracing app

Northern Ireland to launch separate contact-tracing app

The app, based on the Apple/Google model, will be released within weeks. If Northern Ireland does manage to release a functioning contact tracing app within weeks that will be a major embarrassment to the UK government.

ENFORCEMENT

Tusla fined €40,000 in second GDPR breach

Tusla fined €40,000 in second GDPR breach

Tusla, the Child and Family Agency, has been fined €40,000 by the Data Protection Commission (DPC) after it sent a letter containing allegations of abuse to a third party who then uploaded it to social media.

UK ICO: Decision Technologies - ePrivacy violation

Price comparison and technology company fined £90,000 for a contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

German State Data Protection Commissioner imposes 1.2 million

The German State Data Protection Commissioner of Baden-Württemberg imposed a fine of 1,200,000 EUR on the German statutory health insurance provider AOK Baden-Württemberg (“AOK”). They used the personal data of more than 500 lottery participants for advertising purposes without their consent.

Danish DPA - Non-compliance with general data processing principles

Danish DPA - Non-compliance with general data processing principles

The Danish DPA has fined a youth organisation 6,700 EUR for multiple violations of the GDPR. The organisation included the sensitive details of minors in the notes of meeting minutes which were subsequently made accessible to employees who should not have had access.

[Notice is in Danish]

More on the latest GDPR enforcement notices can be found on:

enforcementtracker.com

GUIDANCE

DPC: Return to Work Safely Protocol

DPC: Return to Work Safely Protocol

The purpose of this guidance document is to provide advice to employers on the implementation of the recommendations of the Protocol in a manner that complies with their obligations as data controllers under the GDPR and Data Protection Act, 2018.

CNIL adjusts cookie guidance following court's ruling

France's data protection authority, the Commission nationale de l'informatique et des libertés, said it will adhere to the decision made by the country's Council of State, the Conseil d’État, on cookie walls.

EDPS Opinion on the European Commission’s White Paper on Artificial Intelligence

EDPS Opinion on the European Commission’s White Paper on Artificial Intelligence

This Opinion presents the EDPS views on the White Paper as a whole, as well as on certain specific aspects, such as the proposed risk-based approach, the enforcement of AI regulation or the specific requirements for the remote biometric identification (including facial recognition).

[Read Opinion]

ICO: Contact tracing - protecting customer and visitor details

The ICO has published guidance for organisations collection personal data in support of contact tracing efforts.

RESOURCES

EDPS: Outcome of investigation into EU institutions’ use of Microsoft products and services

This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’ use of Microsoft products and services.

European Parliamentary Research Study: The impact of the GDPR on artificial intelligence

This study addresses the relationship between the GDPR and artificial intelligence.