Privacy Transformation - Issue 76

PRIVACY

Prison security systems violate data law, DPC rules

Prison security systems violate data law, DPC rules

The Prison Service is illegally compelling prison officers to provide thumbprints in order to operate security systems, the Data Protection Commissioner (DPC) has found.

EDPS Statement: Strategy for EU institutions to comply with “Schrems II” Ruling

EDPS Statement: Strategy for EU institutions to comply with “Schrems II” Ruling

The European Data Protection Supervisor issued a strategic document aiming to monitor compliance of European institutions, bodies, offices and agencies (EUIs) with the “Schrems II” Judgement in relation to transfers of personal data to third countries, and in particular, the United States.

The EDPSs Strategy Document can be found here.

Political and legal framework of German DPAs: The question of centralization

The question around harmonization and centralization of federal and state DPAs in Germany is a politically charged debate that continues to play out.

SECURITY & TECH

Opinion: Online Harms - Encryption under attack

Opinion: Online Harms - Encryption under attack

The UK government wants to make the web “safer” by using the Online Harms Bill to weaken encryption of private messages.

Uber drivers union asks EU court to overrule 'robo-firing' by algorithm

Uber drivers union asks EU court to overrule 'robo-firing' by algorithm

Former Uber drivers have filed a legal challenge against the company in Europe, arguing that its "robo-firing" practices contravene GDPR.

Opinion: Digital Contact Tracing May Protect Privacy, But It Is Unlikely to Stop the Pandemic

Opinion: Digital Contact Tracing May Protect Privacy, But It Is Unlikely to Stop the Pandemic

While many computer scientists are looking to technology for privacy-protective ways to track COVID-19 exposure, Privacy-enhancing technologies (PETs) may prove ineffective without more widely available COVID-19 tests, human-centered design, and complementary laws and policies.

Google removes 3 Android apps for children, with 20M+ downloads between them, over data collection violations

Google removes 3 Android apps for children, with 20M+ downloads between them, over data collection violations

When it comes to apps, Android leads the pack with nearly 3 million apps in its official Google Play store. The sheer volume also means that sometimes iffy apps slip through the cracks.

Social Media Companies Top Data Grabber List

Social Media Companies Top Data Grabber List

When it comes to an appetite for data, social media outfits are the most voracious, according to a recent study released by cybersecurity company Clario Tech. The analysis of nearly 50 of the world's biggest brands found that Facebook collects more than 70 percent of all the data it can collect legally about someone using its service.

DATA BREACH

Loss of USB key with sexual abuse case info among 130 data breaches

Loss of USB key with sexual abuse case info among 130 data breaches

A total of 130 data protection breaches involving sensitive information held by the Department of Justice and Equality were reported last year - more than three times the number that occurred in 2018.

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts

The response to a data breach at a prominent Finnish psychotherapy practice intensified over the weekend after cybercriminals reportedly posted batches of patient information on the dark web.

Amazon sacks insiders over data leak, alerts customers

Amazon sacks insiders over data leak, alerts customers

Amazon has recently dismissed multiple employees for leaking customer data including their email addresses to an unaffiliated third-party. The company has sent out an email announcement to the affected customers following the incident.

ENFORCEMENT

ICO orders Experian Limited to make fundamental changes

The Information Commissioner’s Office (ICO) orders Experian Limited to make fundamental changes to how it handles people’s personal data within its direct marketing services.

Norwegian DPA fines organisation for performing a credit check of a sole proprietorship without a lawful basis

Norwegian DPA fines organisation for performing a credit check of a sole proprietorship without a lawful basis

The Norwegian Data Protection Authority has issued Odin Flissenter AS (Tile distributor) an administrative fine of EUR 13 905 for performing a credit check of a sole proprietorship without having a lawful basis for the processing.

Greater Manchester claims management company fined £250,000 for making millions of nuisance calls

Greater Manchester claims management company fined £250,000 for making millions of nuisance calls

The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

CNIL offers guidance on handling data of the deceased

CNIL offers guidance on handling data of the deceased

France's data protection authority, the CNIL, released guidance regarding data of deceased individuals.

RESOURCES

ICO Webinar: Ensuring lawfulness, fairness, and transparency in AI systems

ICO Webinar: Ensuring lawfulness, fairness, and transparency in AI systems

This webinar (from 22 October 2020) was the second of four webinars focusing on the ICO's new AI and data protection guidance and guidance on explaining decisions made with AI.