Privacy Transformation - Issue 6

This week the EU Cybersecurity Act (CSA) entered into force and ENISA, having now been given a permanent mandate, has been renamed the European Union Agency for Cybersecurity. This is a step firming up Europe's approach to cyber security and will see it play an increasingly important role in providing guidance and certification frameworks for organisations to demonstrate compliance with.

In last weeks issue, one of the stories referred to the ICO website not providing a way to give valid consent for cookies. As in politics — a week is a long time in privacy, and they have now updated their website with a tool that better facilitates this.

Enjoy the rest of this weeks roundup in privacy news.

- Alan

PRIVACY

Criticism for BAI's plan to regulate online content and social media

Criticism for BAI's plan to regulate online content and social media

There is criticism for the Broadbasting Association of Irelands' (BAI) plan to regulate online content and social media, with many asking is it appropriate for such a body or even an achievable goal without harming the open nature of the open web.

This is after similar calls in the UK have resulted in the Online Harms Whitepaper which has been critisised as being a blueprint for establishing a new regulatory regime to reshape the open web based on subjective views of "harmful content" - not illegal actions.

The Irish Council of Civil Liberties made a submission to the public consultation on the regulation of online content, laying out their views.

The topic is explored further in the New York Times.

What Hong Kong's Protestors Can Teach Us About the Future of Privacy

What Hong Kong's Protestors Can Teach Us About the Future of Privacy

Something odd happened in Hong Kong last week. Protestors against a controversial proposed extradition bill were afraid to use their metro cards. Instead of swiping their cards through the turnstiles of the city’s subway system, they lined up to buy single-journey tickets with cash, apparently worried about “leaving a paper trail” that could prove their presence at the demonstration. An example of how privacy harms are often a time-shifted risk.

Online you're being weighed and measured and your data spread around

Online you're being weighed and measured and your data spread around

The practice of Real Time Bidding (RTB) and the profiling and privacy implications that come with it is gaining wider exposure thanks to the work of Dr. Johnny Ryan at Brave and others bringing this to the attention of regulators over the last year.

Florida town pays $600,000 virus ransom

Florida town pays $600,000 virus ransom

Computers for Riviera Beach have been locked up for more than three weeks following the attack.

There is a trend of acceptance by some paying such ransoms as being the cost of doing business. Heavier investment in security and training is needed to protect against the threat.

Garda body-cam plan raises "very significant privacy concerns," campaigners say

Garda body-cam plan raises "very significant privacy concerns," campaigners say

Campaigners are warning that the right to privacy must be respected under any plans to introduce body cameras for Gardaí.

It comes after the Cabinet this afternoon approved plans to roll-out the recording devices across the force.

EU-US Privacy Shield legal showdown now set for July 9th

A legal challenge to the Privacy Shield data transfer mechanism that’s used by thousands of companies to authorise transferring European citizens’ personal data to the US for processing will be heard on July 9th. It will be an important hearing that could result in companies rethinking their reliance on Privacy Shield as a transfer mechanism.

ENFORCEMENT

ICO fines telecoms company EE Limited for sending unlawful text messages

ICO fines telecoms company EE Limited for sending unlawful text messages

The ICO has fined telecoms company EE Limited £100,000 for sending over 2.5 million direct marketing messages to its customers, without consent.

Metropolitan Police Service

Enforcement notices have been served under the 1998 and 2018 Data Protection Acts for sustained failures to comply with individuals' rights in respect of subject access requests.

GUIDANCE

Spanish DPA issues drone guidance

The Spanish Data Protection Authority has issued guidance on data protection considerations with the use of drones.