Privacy Transformation - Issue 64
PRIVACY
The demise of Privacy Shield may be the end of US-Europe data transfers
Increasing restrictions on data worldwide are prompting companies to rethink how they do business.
Why a Data Breach at a Genealogy Site Has Privacy Experts Worried
Nearly two-thirds of GEDmatch’s users opt out of helping law enforcement. For a brief window this month, that didn’t matter.
In related news, the Blackstone Group is set to acquire Ancestry.com.
Privacy advocates sound alarm as thousands of Chinese facial recognition cameras head for Belgrade
Hundreds of facial recognition cameras, supplied by Huawei, are currently deployed in Serbia’s capital Belgrade, and thousands more are on their way, as part of an initiative police officials have said will make the capital safer.
Credit Scoring: Negative credit rating generated without data
NOYB files complaint against CRIF. "Pulling a name from a hat is fairer than these credit scores".
SECURITY & TECH
UK National Trust joins victims of Blackbaud hack
The charity says a database containing details of its volunteers and fundraisers has been affected.
TikTok to open $500m data centre in Ireland
The firm says the move represents its "long-term commitment to Europe".
Twitter reveals how Bitcoin scammers hijacked celebrities' accounts
Twitter has revealed how accounts belonging to celebrities including Barack Obama, Jeff Bezos and Kim Kardashian were hijacked by Bitcoin scammers two weeks ago.
DATA BREACH
What’s New in the 2020 Cost of a Data Breach Report?
Now in its 15th year, the annual Cost of a Data Breach Report, with research by the Ponemon Institute and published by IBM Security, continues to provide a detailed view of the financial impacts security incidents can have on organizations, with historical data revealing trends in data breach causes and consequences.
ENFORCEMENT
British Airways banking on drastic reduction of record GDPR fine
British Airways has hinted that it will qualify for a nearly 90 percent reduction of its original GDPR fine (U.S. $230 million) and end up paying just $26 million.
National Credit Register (BKR) fined for personal data access charges
The National Credit Register (BKR) in the Netherlands can no longer charge people who wish to access the personal data it holds on them. The BKR had created too many obstacles for people wishing to access their data. Under privacy legislation, this is not permitted. As a result, the Dutch Data Protection Authority (Dutch DPA) issued the BKR with a €830,000 fine.
DANISH SUPERVISORY AUTHORITY
147,000 EUR for Non-compliance with general data processing principles [more info]
FRENCH SUPERVISORY AUTHORITY
250,000 EUR sanction has been issued by CNIL to an online shoe retailer for breaches of data protection principles [more info]
ROMANIAN SUPERVISORY AUTHORITY
2,000 EUR for insufficient fulfilment of data subjects rights [more info]
2,000 EUR for insufficient technical and organisational measures to ensure information security [more info]
5,000 EUR for insufficient technical and organisational measures to ensure information security [more info]
More on the latest GDPR enforcement news can be found on:
GUIDANCE
IAPP: DPA and government guidance on ‘Schrems II’
This IAPP Resource Center page collects together DPA and government guidance on 'Schrems II' as it comes out.
RESOURCES
Deloitte: Cookie Benchmark Study
How are organisations navigating their way towards cookie compliance in this changing legal environment? The European regulators are focusing on cookies: the rules under the ePrivacy Directive are being updated to be incorporated in its successor, the ePrivacy Regulation.