Privacy Transformation - Issue 68
PRIVACY
UK ICO says Children’s Code will help protect children online
A statutory code requiring organisations to provide better online privacy protections for children has come into force, triggering the start of a 12 month transition period. The Age Appropriate Design Code or Children’s Code applies to organisations providing online services and products likely to be accessed by children up to age 18, and gives organisations a year to make the necessary changes to put children’s privacy at the heart of their design.
The Age Appropriate Design Code is not without its critics.
Flood of Privacy Complaints Following Schrems II
Max Schrems, chairperson of NOYB, has directed his organisation to file over 100 privacy complaints against major businesses engaging in data transfers with the US.
In related news, the European Parliament's Committee on Civil Liberties, Justice and Home Affairs met to dicuss the path forward for EU-US data transfers.
Coronavirus: Pubs, restaurants concerned over record-keeping regulations
Restaurants and pubs serving food have expressed concern about new regulations that will oblige them to keep a record of what substantial meals customers have ordered for 28 days.
SECURITY & TECH
Department of Social Protection and An Post issue warnings over scam text messages
Health officials are warning anyone who thinks they’ve been affected to contact their bank.
IT blunder permanently erases 145,000 users' personal chats in KPMG's Microsoft Teams deployment
The personal chat histories of 145,000 Microsoft Teams users at KPMG were inadvertently and permanently deleted this month, thanks to an IT blunder.
Amazon’s Halo health wearable judges your voice and your body
The Halo Band listens to your conversations so its AI can tell you how you sound to others. And its app scans your body three-dimensionally to measure fat.
Facebook apologizes to users, businesses for Apple’s monstrous efforts to protect its customers' privacy
Facebook has apologized to its users and advertisers for being forced to respect people’s privacy in an upcoming update to Apple’s mobile operating system – and promised it will do its best to invade their privacy on other platforms.
Google and Apple to roll out phase two of contact-tracing system
Operating system update will allow opt-in to coronavirus exposure notifications without need of an app.
Commission will ‘not exclude’ potential ban on facial recognition technology
The European Commission has not ruled out a future ban on the use of facial recognition technology in Europe, as the EU executive mulls the findings of a recent public consultation on Artificial Intelligence.
Microsoft: How statistical noise is protecting your data privacy
Differential privacy allows the collection and sharing of data while safeguarding individual identities from being revealed. Microsoft has created an open source differential privacy tool, so researchers and data scientists can test new algorithms and techniques that enable data to be used more widely and securely.
ENFORCEMENT
POLISH SUPERVISORY AUTHORITY
Polish DPA imposes a Penalty of a Reprimand for the Processing of Students’ Personal Data
The Polish DPA has imposed a penalty of a reprimand for the processing of students’ personal data without legal basis in connection with survey carried out by a school in the school year 2019/2020. The survey entitled “Diagnosis of student’s home and school situation” examined personal situation of students.
Polish DPA imposes fine on the Surveyor General of Poland
Polish DPA imposes ca. 22,500 EUR fine on the Surveyor General of Poland for infringement of the principle of lawfulness of personal data processing by making intentionally available personal data obtained from land and property registers.
NORWEGIAN SUPERVISORY AUTHORITY
Norwegian DPA issues GDPR fine relating to purpose limitation
Norway's data protection authority, Datatilsynet, fined the Norwegian Public Roads Administration ca. 38,000 EUR for violating the princple of purpose limitation relating to the use of CCTV recordings.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
Irish DPC: Guidance relating to third parties accidentally in receipt of personal data relating to other individuals
The Irish Data Protection Commision has released updated guidance relating to third parties accidentally in receipt of personal data relating to other individuals.
EDPS: Body temperature checks by EU institutions in the context of the COVID-19 crisis
Body temperature checks by EU institutions in the context of the COVID-19 crisis.