Privacy Transformation - Issue 76
PRIVACY
Prison security systems violate data law, DPC rules
The Prison Service is illegally compelling prison officers to provide thumbprints in order to operate security systems, the Data Protection Commissioner (DPC) has found.
EDPS Statement: Strategy for EU institutions to comply with “Schrems II” Ruling
The European Data Protection Supervisor issued a strategic document aiming to monitor compliance of European institutions, bodies, offices and agencies (EUIs) with the “Schrems II” Judgement in relation to transfers of personal data to third countries, and in particular, the United States.
The EDPSs Strategy Document can be found here.
Political and legal framework of German DPAs: The question of centralization
The question around harmonization and centralization of federal and state DPAs in Germany is a politically charged debate that continues to play out.
SECURITY & TECH
Opinion: Online Harms - Encryption under attack
The UK government wants to make the web “safer” by using the Online Harms Bill to weaken encryption of private messages.
Uber drivers union asks EU court to overrule 'robo-firing' by algorithm
Former Uber drivers have filed a legal challenge against the company in Europe, arguing that its "robo-firing" practices contravene GDPR.
Opinion: Digital Contact Tracing May Protect Privacy, But It Is Unlikely to Stop the Pandemic
While many computer scientists are looking to technology for privacy-protective ways to track COVID-19 exposure, Privacy-enhancing technologies (PETs) may prove ineffective without more widely available COVID-19 tests, human-centered design, and complementary laws and policies.
Google removes 3 Android apps for children, with 20M+ downloads between them, over data collection violations
When it comes to apps, Android leads the pack with nearly 3 million apps in its official Google Play store. The sheer volume also means that sometimes iffy apps slip through the cracks.
Social Media Companies Top Data Grabber List
When it comes to an appetite for data, social media outfits are the most voracious, according to a recent study released by cybersecurity company Clario Tech. The analysis of nearly 50 of the world's biggest brands found that Facebook collects more than 70 percent of all the data it can collect legally about someone using its service.
DATA BREACH
Loss of USB key with sexual abuse case info among 130 data breaches
A total of 130 data protection breaches involving sensitive information held by the Department of Justice and Equality were reported last year - more than three times the number that occurred in 2018.
Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts
The response to a data breach at a prominent Finnish psychotherapy practice intensified over the weekend after cybercriminals reportedly posted batches of patient information on the dark web.
Amazon sacks insiders over data leak, alerts customers
Amazon has recently dismissed multiple employees for leaking customer data including their email addresses to an unaffiliated third-party. The company has sent out an email announcement to the affected customers following the incident.
ENFORCEMENT
ICO orders Experian Limited to make fundamental changes
The Information Commissioner’s Office (ICO) orders Experian Limited to make fundamental changes to how it handles people’s personal data within its direct marketing services.
Norwegian DPA fines organisation for performing a credit check of a sole proprietorship without a lawful basis
The Norwegian Data Protection Authority has issued Odin Flissenter AS (Tile distributor) an administrative fine of EUR 13 905 for performing a credit check of a sole proprietorship without having a lawful basis for the processing.
Greater Manchester claims management company fined £250,000 for making millions of nuisance calls
The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
CNIL offers guidance on handling data of the deceased
France's data protection authority, the CNIL, released guidance regarding data of deceased individuals.
RESOURCES
ICO Webinar: Ensuring lawfulness, fairness, and transparency in AI systems
This webinar (from 22 October 2020) was the second of four webinars focusing on the ICO's new AI and data protection guidance and guidance on explaining decisions made with AI.