Privacy Transformation - Issue 70

PRIVACY

Facebook launches High Court challenge to DPC's order to suspend EU-US data transfers

Facebook launches High Court challenge to DPC's order to suspend EU-US data transfers

Facebook has launcheda High Court challenge to an order by the Data Protection Commission (DPC) telling the social media giant to suspend certain data transfers.

More info: See NOYBs statement on this development.

We're closer now than we have ever been to a major breakdown in how the internet works

We're closer now than we have ever been to a major breakdown in how the internet works

So is this the big one? After years of courts cases and appeals and treaties and Austrian campaigners, are we finally on the brink of digital war between the EU and the US?

Ireland is quietly allowing private firms to gather and monetise Irish DNA

Ireland is quietly allowing private firms to gather and monetise Irish DNA

This week, the inadequate ethical and regulatory structures under which Ireland permits DNA research has been exposed yet again, raising persistent questions about why Ireland remains one of the few countries without a national public genomics programme.

YouTube faces legal battle over British children's privacy

Google, YouTube's parent company, is facing a landmark claim over the use of children's data in the UK. A claim lodged with the High Court accuses the firm of collecting children's data without parental consent.

SECURITY & TECH

Can synthetic data help organizations respond to 'Schrems II'?

Can synthetic data help organizations respond to 'Schrems II'?

Synthetic data has the potential to help address some of the most intractable privacy and security compliance challenges related to data analytics.

First decision on NOYB's streaming complaints

First decision on NOYB's streaming complaints

In cooperation with the Austrian Chamber of Labour, NOYB filed eight complaints against streaming services. A first decision has now been issued.

How the Trump Campaign’s Mobile App Is Collecting Huge Amounts of Voter Data

How the Trump Campaign’s Mobile App Is Collecting Huge Amounts of Voter Data

The app, which was developed by the ad broker and software company Phunware, gathers users’ data in an invasive way reminiscent of the methods of Cambridge Analytica.

DATA BREACH

Over 1 Million Patients and Donors Impacted by Inova Health System Data Breach

Over 1 Million Patients and Donors Impacted by Inova Health System Data Breach

The aftermath of Blackbaud’s data breach continues to extend, with Inova Health System stepping forward as the latest victim of the ransomware incident announced by the US-based cloud computing provider in May 2020.

Coronavirus: 18,000 test results published by mistake

Coronavirus: 18,000 test results published by mistake

The details of more than 18,000 people who tested positive for coronavirus were published online by mistake by Public Health Wales. Full names were not published, but people living in care homes are more at risk of being identified.

ENFORCEMENT

Polish DPA fines Warsaw University of Life Sciences

Polish DPA fines Warsaw University of Life Sciences

Polish DPA has imposed a fine on of ca. 11,200EUR on Warsaw University of Life Sciences (SGGW) due to not implementing appropriate technical  and organisational measures to ensure the security of the processing of personal data of candidates for studies.

SPANISH DPA: 3000EUR fine imposed the Barcelona Airport Security Guard Association ('AVSAB') in respect of a member of the AVSAB security committee using WhatsApp to send messages to private phone numbers containing personal information about employees. This was a violation of the confidentiality principle that, according to the AEPD, which must be respected not only by the data controller, but also by any other subject involved in any phase of the processing.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

DPC: Data Protection Considerations Relating to Receivership

DPC: Data Protection Considerations Relating to Receivership

This guidance sets out the general position of the Data Protection Commission regarding data protection issues that may arise in the course of a receivership.

CNIL warns against verification by automated reading of vehicle license plates

CNIL warns against verification by automated reading of vehicle license plates

The CNIL has sent notification to municipalities that that under the current regulations, it is forbidden for municipalities to use automated ticketing devices based on the photographing of a vehicle and its license plate for the identification of infringements.

[Note: Statement is in French]