Privacy Transformation - Issue 73
PRIVACY
EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy
The Court of Justice of the European Union issued judgments in three cases in the UK, France and Belgium. We answer some of the main questions.
Opinion: What to expect on revised standard contractual clauses
In wake of the "Schrems II" decision, this is what companies should think about when the European Commission releases revised standard contractual clauses.
SECURITY & TECH
Commission presses Zoom for security assurances but continues to use platform
The European Commission is looking for further assurances from US video conferencing platform Zoom regarding the security of its technology, after concerns emerged earlier this year over the company's privacy protocols.
Amazon One is the company’s latest product to raise privacy concerns
First came the always-on microphone, then the flying indoor surveillance drone and now a palm-reading payment system. Amazon has made a business of pushing privacy boundaries.
12 Accusations in the Damning House Report on Amazon, Apple, Facebook and Google
Lawmakers said they found multiple problems with each of the four giant tech companies. This is a summary of the accusations against each company in the report.
Instagram blames GDPR for failure to tackle rampant self-harm and eating-disorder images
Telegraph investigation found Instagram's algorithms push dangerous content almost two years after it promised to crack down.
DATA BREACH
Major data breach at Limerick hospital under investigation
University Hospital Limerick (UHL) is in the process of contacting more than 600 patients following an alleged major data breach concerning patient data, including details of 95 children, which was then posted on social media.
ENFORCEMENT
ICO takes action against company for sending spam emails selling face masks during pandemic
A company that sent spam emails selling face masks during the pandemic has been fined £40,000 by the ICO and issued with an enforcement notice.
Belgian Data Protection Authority issues warning regional public institution for wrongful processing of personal data
The Belgian Data Protection Authority has issued a warning and reprimand to a regional public environmental institution for wrongful processing of personal data from the National Register.
H&M fined for breaking GDPR over employee surveillance
Following up on the original story reported in German in last weeks issue - H&M kept records on several hundred employees, including on family issues and religion.
ICO: Statement on the conclusion of the investigation into the use of personal data in political campaigning
There can be few cases that better illustrate how mainstream data protection has become than the ICO’s investigation into the use of personal data in political campaigning, including by the now defunct Cambridge Analytica.
ICO: Statement on the outcome of the compulsory audit of the Department for Education
The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education DFE carried out in February 2020. The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws. A total of 139 recommendations for improvement were found, with over 60% classified as urgent or high priority.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
CNIL publishes updated cookie guidelines and final version of recommendations on how to get users’ consent
On October 1, 2020, the French Data Protection Authority (the “CNIL”) published a revised version of its guidelines on cookies and similar technologies.
RESOURCES
Discover the advertising web with the files Ads.txt and Sellers.json
CNIL, published case studies on direct marketing and cookies practices under the two standards put forth by the Interactive Advertisement Bureau. The studies show an ecosystem of "around 620 advertising systems and more than 6,000 intermediaries.
How to gain true compliance with cookie requirements
Monica Meiterman-Rodriguez and Dan Goldstein discuss how to achieve compliance with European Union and California cookie laws.