Privacy Transformation - Issue 73

PRIVACY

EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy

EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy

The Court of Justice of the European Union issued judgments in three cases in the UK, France and Belgium. We answer some of the main questions.

Opinion: What to expect on revised standard contractual clauses

Opinion: What to expect on revised standard contractual clauses

In wake of the "Schrems II" decision, this is what companies should think about when the European Commission releases revised standard contractual clauses.

SECURITY & TECH

Commission presses Zoom for security assurances but continues to use platform

Commission presses Zoom for security assurances but continues to use platform

The European Commission is looking for further assurances from US video conferencing platform Zoom regarding the security of its technology, after concerns emerged earlier this year over the company's privacy protocols.

Amazon One is the company’s latest product to raise privacy concerns

Amazon One is the company’s latest product to raise privacy concerns

First came the always-on microphone, then the flying indoor surveillance drone and now a palm-reading payment system. Amazon has made a business of pushing privacy boundaries.

12 Accusations in the Damning House Report on Amazon, Apple, Facebook and Google

12 Accusations in the Damning House Report on Amazon, Apple, Facebook and Google

Lawmakers said they found multiple problems with each of the four giant tech companies. This is a summary of the accusations against each company in the report.

Instagram blames GDPR for failure to tackle rampant self-harm and eating-disorder images

Instagram blames GDPR for failure to tackle rampant self-harm and eating-disorder images

Telegraph investigation found Instagram's algorithms push dangerous content almost two years after it promised to crack down.

DATA BREACH

Major data breach at Limerick hospital under investigation

Major data breach at Limerick hospital under investigation

University Hospital Limerick (UHL) is in the process of contacting more than 600 patients following an alleged major data breach concerning patient data, including details of 95 children, which was then posted on social media.

ENFORCEMENT

ICO takes action against company for sending spam emails selling face masks during pandemic

ICO takes action against company for sending spam emails selling face masks during pandemic

A company that sent spam emails selling face masks during the pandemic has been fined £40,000 by the ICO and issued with an enforcement notice.

Belgian Data Protection Authority issues warning regional public institution for wrongful processing of personal data

Belgian Data Protection Authority issues warning regional public institution for wrongful processing of personal data

The Belgian Data Protection Authority has issued a warning and reprimand to a regional public environmental institution for wrongful processing of personal data from the National Register.

H&M fined for breaking GDPR over employee surveillance

H&M fined for breaking GDPR over employee surveillance

Following up on the original story reported in German in last weeks issue - H&M kept records on several hundred employees, including on family issues and religion.

ICO: Statement on the conclusion of the investigation into the use of personal data in political campaigning

ICO: Statement on the conclusion of the investigation into the use of personal data in political campaigning

There can be few cases that better illustrate how mainstream data protection has become than the ICO’s investigation into the use of personal data in political campaigning, including by the now defunct Cambridge Analytica.

ICO: Statement on the outcome of the compulsory audit of the Department for Education

ICO: Statement on the outcome of the compulsory audit of the Department for Education

The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education DFE carried out in February 2020. The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws. A total of 139 recommendations for improvement were found, with over 60% classified as urgent or high priority.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

CNIL publishes updated cookie guidelines and final version of recommendations on how to get users’ consent

On October 1, 2020, the French Data Protection Authority (the “CNIL”) published a revised version of its guidelines on cookies and similar technologies.

RESOURCES

Discover the advertising web with the files Ads.txt and Sellers.json

Discover the advertising web with the files Ads.txt and Sellers.json

CNIL, published case studies on direct marketing and cookies practices under the two standards put forth by the Interactive Advertisement Bureau. The studies show an ecosystem of "around 620 advertising systems and more than 6,000 intermediaries.

How to gain true compliance with cookie requirements

Monica Meiterman-Rodriguez and Dan Goldstein discuss how to achieve compliance with European Union and California cookie laws.