Privacy Transformation - Issue 70
PRIVACY
Facebook launches High Court challenge to DPC's order to suspend EU-US data transfers
Facebook has launcheda High Court challenge to an order by the Data Protection Commission (DPC) telling the social media giant to suspend certain data transfers.
More info: See NOYBs statement on this development.
We're closer now than we have ever been to a major breakdown in how the internet works
So is this the big one? After years of courts cases and appeals and treaties and Austrian campaigners, are we finally on the brink of digital war between the EU and the US?
Ireland is quietly allowing private firms to gather and monetise Irish DNA
This week, the inadequate ethical and regulatory structures under which Ireland permits DNA research has been exposed yet again, raising persistent questions about why Ireland remains one of the few countries without a national public genomics programme.
YouTube faces legal battle over British children's privacy
Google, YouTube's parent company, is facing a landmark claim over the use of children's data in the UK. A claim lodged with the High Court accuses the firm of collecting children's data without parental consent.
SECURITY & TECH
Can synthetic data help organizations respond to 'Schrems II'?
Synthetic data has the potential to help address some of the most intractable privacy and security compliance challenges related to data analytics.
First decision on NOYB's streaming complaints
In cooperation with the Austrian Chamber of Labour, NOYB filed eight complaints against streaming services. A first decision has now been issued.
How the Trump Campaign’s Mobile App Is Collecting Huge Amounts of Voter Data
The app, which was developed by the ad broker and software company Phunware, gathers users’ data in an invasive way reminiscent of the methods of Cambridge Analytica.
DATA BREACH
Over 1 Million Patients and Donors Impacted by Inova Health System Data Breach
The aftermath of Blackbaud’s data breach continues to extend, with Inova Health System stepping forward as the latest victim of the ransomware incident announced by the US-based cloud computing provider in May 2020.
Coronavirus: 18,000 test results published by mistake
The details of more than 18,000 people who tested positive for coronavirus were published online by mistake by Public Health Wales. Full names were not published, but people living in care homes are more at risk of being identified.
ENFORCEMENT
Polish DPA fines Warsaw University of Life Sciences
Polish DPA has imposed a fine on of ca. 11,200EUR on Warsaw University of Life Sciences (SGGW) due to not implementing appropriate technical and organisational measures to ensure the security of the processing of personal data of candidates for studies.
SPANISH DPA: 3000EUR fine imposed the Barcelona Airport Security Guard Association ('AVSAB') in respect of a member of the AVSAB security committee using WhatsApp to send messages to private phone numbers containing personal information about employees. This was a violation of the confidentiality principle that, according to the AEPD, which must be respected not only by the data controller, but also by any other subject involved in any phase of the processing.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
DPC: Data Protection Considerations Relating to Receivership
This guidance sets out the general position of the Data Protection Commission regarding data protection issues that may arise in the course of a receivership.
CNIL warns against verification by automated reading of vehicle license plates
The CNIL has sent notification to municipalities that that under the current regulations, it is forbidden for municipalities to use automated ticketing devices based on the photographing of a vehicle and its license plate for the identification of infringements.
[Note: Statement is in French]