Privacy Transformation - Issue 69

PRIVACY

Ireland to Order Facebook to Stop Sending User Data to U.S.

Ireland’s privacy regulator is seeking Facebook’s response to a preliminary order to suspend the company’s data transfers to the U.S. because of concerns over American government surveillance practices.

See NOYBs statement relating to this story.

FDPIC considers CH-US Privacy Shield does not provide adequate level of data protection

Switzerland's Federal Data Protection and Information Commissioner determined the Swiss-U.S. Privacy Shield agreement does not properly protect citizens' information when it travels to the United States.

Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers

On September 3rd, Max Schrems, participated in a hearing of the European Parliament to discuss the judgment of EU-US data transfers which invalidated Privacy Shield and defined the validity of standard contractual clauses.

EDPS: Artificial Intelligence, data and our values – on the path to the EU’s digital future

COVID-19 has absorbed, as normal and justifiable, most of the data protection community’s attention on pandemic related matters, namely contact tracing apps. The judgment of the Court of Justice in the so-called Schrems II case has dominated our discussions this summer. Nevertheless, Artificial Intelligence (AI) occupies a privileged seat among the data protection hot topics of 2020.

DATA BREACH

A data fail left banks and councils exposed with a quick Google search

Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Details about everything from insolvency to final reminders of unpaid council tax and mortgage holidays were left available for anyone to view since June.

ENFORCEMENT

Hungarian DPA Fines Forbes

The Hungarian DPA imposed a total of ca. 12,500 EUR in data protection fines on the publisher of the Hungarian Forbes magazine in two cases.

ICO fines company £130,000 for unauthorised pensions cold calls

The UK Information Commissioner’s Office has issued a fine under a law brought in to stop scammers defrauding people out of their pensions.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

EDPB: Guidelines on the targeting of social media users

Guidelines 08/2020 on the targeting of social media users, currently open for public consultation.

EDPB: Guidlines on the concepts of controller and processor in the GDPR

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

RESOURCES

UNICEF - Good governance of children’s data

The fluidity of children’s attitudes, preferences and identity, along with the lower capacity of younger children to make informed decisions and have full agency presents unique challenges to children’s data security and privacy.