Privacy Transformation - Issue 77
PRIVACY
Data Commissioner faces large costs bill in ‘most unusual’ Facebook case
The Data Protection Commissioner has been ordered to pay the bulk of the substantial costs of long running litigation in the State and in Europe concerning the validity of decisions approving EU-US data transfer channels used by Facebook Ireland for data transfers to its US parent.
See NOYBs statement on this here.
Wilbur Ross warns Schrems II ruling could have ‘severe consequences’ for EU-US trade
The US secretary of commerce, Wilbur Ross, has warned that the Shrems II ruling could undermine transatlantic trade with “severe economic consequences” for Europe and the US.
German Presidency charts new COVID19 ‘metadata’ rules in leaked ePrivacy text
The German EU Council presidency is seeking to permit the processing of metadata in online communications for 'monitoring epidemics' or to help in 'natural or man-made disasters,' according to a leaked text on the ePrivacy regulation.
ENFORCEMENT
Cork hospital fined after patients' personal data found in public recycling facility
The DPC has handed down a €65,000 fine to Cork University Maternity Hospital after the personal data of 78 of its patients was discovered disposed of in a public recycling facility elsewhere in the county.
DPC Fine on Tusla Child and Family Agency Confirmed in Court
The DPC today had the decision to impose an administrative fine on Tusla Child and Family Agency confirmed in the Dublin Circuit Court. The application to confirm the decision to impose an administrative fine of €75,000 was made pursuant to Section 143 of the Data Protection Act 2018.
ICO fines Marriott International for failing to keep customers’ personal data secure
The ICO has fined Marriott International £18.4million for failing to keep millions of customers’ personal data secure.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
CNIL Issues Guidelines For Using Facial Recognition Technology At Airports
The French Data Protection Authority issued its guidelines on the use of facial recognition technologies in airports. According to the CNIL's guidance, the use of facial recognition in airports is permitted but only if the GDPR's conditions for the processing of special categories of data are met.
Find CNIL's guidance here (in French)
RESOURCES
China's Draft 'Personal Information Protection Law' - Full Translation
This translation is part of the DigiChina Project, based at the Stanford University Cyber Policy Center and a joint effort with New America.