Privacy Transformation - Issue 75

PRIVACY

EU regulator warns Europol could be breaking data rules

Law enforcement agency Europol is likely to have mishandled troves of personal data in breach of the agency's own rules, according to the data protection agency in charge of policing EU institutions.

European Regulator Turns Up Heat on Ad Tactics Used by Google and Rivals

Tactics Google and other large online-ad players use in digital ad auctions violate EU privacy law, investigators for Belgium’s privacy regulator wrote in an internal report, a preliminary finding with implications across the continent.

See Irish Council for Civil Liberties statement.

As US sues Google, a sense of déjà-vu in Europe

The U.S. Department of Justice filed its long-awaited antitrust lawsuit against Google on Tuesday, accusing the tech giant of abusing its dominance in online search, and sparking a sense of déjà-vu in Europe.

NOYB: Wizz Air: €1 for a flight, €35 for your GDPR right

NOYB filed a GDPR complaint against Wizz Air, as the airline failed to update a customer’s basic personal data - despite the right to free rectifications under the GDPR.

EDPB: 40th Plenary session

During their 40th plenary session, the EDPB adopted the final version of Guidelines on Data Protection by Design & Default, decided to set up a Coordinated Enforcement Framework (CEF) and adopted a letter responding to a submission made concerning the data protection implications of Art.17 of the Copyright Directive.

TECH

Google Analytics Gets A Major Privacy And Machine Learning-Focused Overhaul

Google is revamping Google Analytics for a world in which privacy plays center stage and identifiers are exiting stage left. The new version of Google Analytics was in beta for more than a year, and will now be the default experience for all users.

ENFORCEMENT

UK’s ICO reduces British Airways data breach fine to £20M, after originally setting it at £184M

One of the biggest data breaches in U.K. corporate history has been closed off by regulators not with a bang, but a whimper. Today the Information Commissioner’s Office, the U.K.’s data watchdog, announced that it would be fining British Airways £20 million (22 EUR million) for a data breach in which the personal details of more than 400,000 customers were leaked. It had originally planned to fine BA nearly £184 million.

Irish Data Protection Commission investigating Instagram over handling of children's personal data

Instagram is being investigated by Ireland’s privacy regulators over how the site handles children’s personal data.

Lithuanian DPA imposes fine for improperly processed personal data of the parents of an adopted child

Lithuanian DPA imposes 15,000 EUR fine for improperly processed personal data of the parents of an adopted child relating to the failure to implement appropriate technical and organisational measures.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

ICO: Simplifying subject access requests – new detailed DSARs guidance

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The guidance can be found here.

UK Gov: Using personal data in your business or other organisation after the transition period

The UK Government has published updated guidance on actions UK businesses need to take regarding data protection and data flows with the EU/EEA after the end of the transition period.

This guidance asserts confidence that a positive outcome will arise from the adequacy decision process. Failing that, SCCs are to be relied on as valid data transfer mechanism in the event that no adequacy decision is granted. In light of the recent Schrems II judgement and the invalidation of the Privacy Shield, businesses should consider that SCCs as a transfer mechanism are likely to come under further scrutiny.