Privacy Transformation - Issue 75
PRIVACY
EU regulator warns Europol could be breaking data rules
Law enforcement agency Europol is likely to have mishandled troves of personal data in breach of the agency's own rules, according to the data protection agency in charge of policing EU institutions.
European Regulator Turns Up Heat on Ad Tactics Used by Google and Rivals
Tactics Google and other large online-ad players use in digital ad auctions violate EU privacy law, investigators for Belgium’s privacy regulator wrote in an internal report, a preliminary finding with implications across the continent.
See Irish Council for Civil Liberties statement.
As US sues Google, a sense of déjà-vu in Europe
The U.S. Department of Justice filed its long-awaited antitrust lawsuit against Google on Tuesday, accusing the tech giant of abusing its dominance in online search, and sparking a sense of déjà-vu in Europe.
NOYB: Wizz Air: €1 for a flight, €35 for your GDPR right
NOYB filed a GDPR complaint against Wizz Air, as the airline failed to update a customer’s basic personal data - despite the right to free rectifications under the GDPR.
EDPB: 40th Plenary session
During their 40th plenary session, the EDPB adopted the final version of Guidelines on Data Protection by Design & Default, decided to set up a Coordinated Enforcement Framework (CEF) and adopted a letter responding to a submission made concerning the data protection implications of Art.17 of the Copyright Directive.
TECH
Google Analytics Gets A Major Privacy And Machine Learning-Focused Overhaul
Google is revamping Google Analytics for a world in which privacy plays center stage and identifiers are exiting stage left. The new version of Google Analytics was in beta for more than a year, and will now be the default experience for all users.
ENFORCEMENT
UK’s ICO reduces British Airways data breach fine to £20M, after originally setting it at £184M
One of the biggest data breaches in U.K. corporate history has been closed off by regulators not with a bang, but a whimper. Today the Information Commissioner’s Office, the U.K.’s data watchdog, announced that it would be fining British Airways £20 million (22 EUR million) for a data breach in which the personal details of more than 400,000 customers were leaked. It had originally planned to fine BA nearly £184 million.
Irish Data Protection Commission investigating Instagram over handling of children's personal data
Instagram is being investigated by Ireland’s privacy regulators over how the site handles children’s personal data.
Lithuanian DPA imposes fine for improperly processed personal data of the parents of an adopted child
Lithuanian DPA imposes 15,000 EUR fine for improperly processed personal data of the parents of an adopted child relating to the failure to implement appropriate technical and organisational measures.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
ICO: Simplifying subject access requests – new detailed DSARs guidance
The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The guidance can be found here.
UK Gov: Using personal data in your business or other organisation after the transition period
The UK Government has published updated guidance on actions UK businesses need to take regarding data protection and data flows with the EU/EEA after the end of the transition period.
This guidance asserts confidence that a positive outcome will arise from the adequacy decision process. Failing that, SCCs are to be relied on as valid data transfer mechanism in the event that no adequacy decision is granted. In light of the recent Schrems II judgement and the invalidation of the Privacy Shield, businesses should consider that SCCs as a transfer mechanism are likely to come under further scrutiny.
RESOURCES
New Zealand Privacy Commissioner - Data Breach Tool
The Office of the Privacy Commissioner in New Zealand has released a data breach notification and self-assessment tool.
The Spanish Supervisory Authority (AEPD) has also released a similar tool.
Proposal: Privacy-preserving presence tracing system
This GitHub repository puts forward a proposal for a secure, decentralized, privacy-preserving presence tracing system.