Privacy Transformation - Issue 66
PRIVACY
Twitter privacy ruling delayed after dispute among EU regulators
The DPC has said that some European Union regulators objected to Ireland's preliminary ruling in a landmark privacy investigation of Twitter, triggering a process where a majority decision will be sought.
101 Complaints on EU-US transfers filed
NOYB has filed complaints against 101 EU controllers and the US entity of Google and Facebook over continuous EU-US data transfers.
UK ditches exam results generated by biased algorithm after student protests
The UK government has said that students in England and Wales will no longer receive exam results based on a controversial algorithm. The system developed by exam regulator Ofqual was accused of being biased.
Opinion: A forgotten right gets into action in UK A-Level controversy
Due to the COVID-19 crisis rampaging through the world and the lack of exams to decide A-Level grades, the process leading to that life-defining outcome has been very different.
EDPS Tribute to the life of Giovanni Buttarelli
On the occasion of the 41st International Conference of Data Protection and Privacy Commissioners in Tirana, Albania, the European Data Protection Supervisor presented a video tribute to the life of Giovanni Buttarelli.
SECURITY & TECH
NIST Publishes Zero Trust Framework
The National Institute of Standards and Technology (NIST) launched the final version of Special Publication (SP) 800-207 Zero Trust Architecture on August 11.
Blackbaud ransomware attack exposed donor data from two UK charities
Another UK charity has confirmed that the personal data of its donors has been compromised as a result of the Blackbaud ransomware attack earlier this year.
TikTok is being investigated by France’s data watchdog
CNIL has an open investigation into the social video app du jour.
DATA BREACH
Tusla suffers 23 'high risk' data breaches - including stolen files and loss of devices - since last year
The vast majority of the cases involved an “employee error or omission”.
Bank of Ireland to be investigated over reported online banking data breach
The alleged data breaches stem from the institution’s online self-service portal Banking365.
Ritz London suspects data breach, fraudsters pose as staff in credit card data scam
Scammers phoned guests to “confirm” their credit card details for reservations.
Experian South Africa discloses data breach impacting 24 million customers
Experian said the attacker was identified and its data deleted from the fraudster's devices.
Data Firm Exposes 235 Million Social Media Profiles
A social media data broker has exposed the public-facing profiles of 235 million users via a misconfigured online database, according to researchers.
9 GitHub Repositories Found Leaking Health Data from Over 150K Patients
A researchers discovered at least nine GitHub repositories leaking health data from at least 150,000 patients, most commonly caused by developer errors and improper access controls.
ENFORCEMENT
NORWEGIAN SUPERVISORY AUTHORITY
47,500 EUR administrative fine imposed on a municipality after data concerning health of children with special needs was processed using a digital learning platform. [more info]
SPANISH SUPERVISORY AUTHORITY
70,000 EUR fine against XFERA MOVILES for disclosing a customer’s personal data to a third party. [more info]
1,200 EUR fine against a company for calling the data subject, offering them a deal on hotels, while they were included in an advertisement exclusion system. [more info]
75,000 EUR fine against VODAFONE ESPAÑA for processing the claimant’s telephone number for marketing purposes after they had exercised their right to erasure in 2015. [more info]
BELGIAN SUPERVISORY AUTHORITY
20,000 EUR fine against telecom operator Proximus for several data protection infringements during the processing of personal data for the purpose of publishing public telephone directories. [more info]
More on the latest GDPR enforcement news can be found on:
GUIDANCE
EDPB: Opinion on the draft decision regarding the approval of the requirements for accreditation of a code of conduct monitoring body
The EDPB has published its opinion on draft accreditation requirements for the codes of conduct monitoring bodies pursuant to article 41 GDPR submitted by the Dutch data protection authority.
RESOURCES
Infographic: How to get started in Privacy Engineering
For those interested in the burgeoning area of Privacy Engineering, this is an IAPP infographic giving advice on a pathway to this rewarding career.