Privacy Transformation - Issue 66

PRIVACY

Twitter privacy ruling delayed after dispute among EU regulators

Twitter privacy ruling delayed after dispute among EU regulators

The DPC has said that some European Union regulators objected to Ireland's preliminary ruling in a landmark privacy investigation of Twitter, triggering a process where a majority decision will be sought.

101 Complaints on EU-US transfers filed

101 Complaints on EU-US transfers filed

NOYB has filed complaints against 101 EU controllers and the US entity of Google and Facebook over continuous EU-US data transfers.

UK ditches exam results generated by biased algorithm after student protests

UK ditches exam results generated by biased algorithm after student protests

The UK government has said that students in England and Wales will no longer receive exam results based on a controversial algorithm. The system developed by exam regulator Ofqual was accused of being biased.

Opinion: A forgotten right gets into action in UK A-Level controversy

Opinion: A forgotten right gets into action in UK A-Level controversy

Due to the COVID-19 crisis rampaging through the world and the lack of exams to decide A-Level grades, the process leading to that life-defining outcome has been very different.

EDPS Tribute to the life of Giovanni Buttarelli

EDPS Tribute to the life of Giovanni Buttarelli

On the occasion of the 41st International Conference of Data Protection and Privacy Commissioners in Tirana, Albania, the European Data Protection Supervisor presented a video tribute to the life of Giovanni Buttarelli.

SECURITY & TECH

NIST Publishes Zero Trust Framework

NIST Publishes Zero Trust Framework

The National Institute of Standards and Technology (NIST) launched the final version of Special Publication (SP) 800-207 Zero Trust Architecture on August 11.

Blackbaud ransomware attack exposed donor data from two UK charities

Blackbaud ransomware attack exposed donor data from two UK charities

Another UK charity has confirmed that the personal data of its donors has been compromised as a result of the Blackbaud ransomware attack earlier this year.

TikTok is being investigated by France’s data watchdog

TikTok is being investigated by France’s data watchdog

CNIL has an open investigation into the social video app du jour.

DATA BREACH

Tusla suffers 23 'high risk' data breaches - including stolen files and loss of devices - since last year

Tusla suffers 23 'high risk' data breaches - including stolen files and loss of devices - since last year

The vast majority of the cases involved an “employee error or omission”.

Bank of Ireland to be investigated over reported online banking data breach

Bank of Ireland to be investigated over reported online banking data breach

The alleged data breaches stem from the institution’s online self-service portal Banking365.

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

Scammers phoned guests to “confirm” their credit card details for reservations.

Experian South Africa discloses data breach impacting 24 million customers

Experian South Africa discloses data breach impacting 24 million customers

Experian said the attacker was identified and its data deleted from the fraudster's devices.

Data Firm Exposes 235 Million Social Media Profiles

Data Firm Exposes 235 Million Social Media Profiles

A social media data broker has exposed the public-facing profiles of 235 million users via a misconfigured online database, according to researchers.

9 GitHub Repositories Found Leaking Health Data from Over 150K Patients

9 GitHub Repositories Found Leaking Health Data from Over 150K Patients

A researchers discovered at least nine GitHub repositories leaking health data from at least 150,000 patients, most commonly caused by developer errors and improper access controls.

ENFORCEMENT

NORWEGIAN SUPERVISORY AUTHORITY

47,500 EUR administrative fine imposed on a municipality after data concerning health of children with special needs was processed using a digital learning platform. [more info]

SPANISH SUPERVISORY AUTHORITY

70,000 EUR fine against XFERA MOVILES for disclosing a customer’s personal data to a third party. [more info]

1,200 EUR fine against a company for calling the data subject, offering them a deal on hotels, while they were included in an advertisement exclusion system. [more info]

75,000 EUR fine against VODAFONE ESPAÑA for processing the claimant’s telephone number for marketing purposes after they had exercised their right to erasure in 2015. [more info]

BELGIAN SUPERVISORY AUTHORITY

20,000 EUR fine against telecom operator Proximus for several data protection infringements during the processing of personal data for the purpose of publishing public telephone directories. [more info]

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

EDPB: Opinion on the draft decision regarding the approval of the requirements for accreditation of a code of conduct monitoring body

EDPB: Opinion on the draft decision regarding the approval of the requirements for accreditation of a code of conduct monitoring body

The EDPB has published its opinion on draft accreditation requirements for the codes of conduct monitoring bodies pursuant to article 41 GDPR submitted by the Dutch data protection authority.

RESOURCES

Infographic: How to get started in Privacy Engineering

Infographic: How to get started in Privacy Engineering

For those interested in the burgeoning area of Privacy Engineering, this is an IAPP infographic giving advice on a pathway  to this rewarding career.