Privacy Transformation - Issue 81

PRIVACY

Swedish court rejects Google's appeal in RTBF case

Swedish court rejects Google's appeal in RTBF case

The Swedish Administrative Court of Stockholm confirmed Google violated the EU GDPR in several instances and rejected Google's motion that Sweden's data protection authority's decisions be repealed due to formal deficiencies. The court upheld the fine of ca. EUR 4.9 million, while the court lowered the fine for one violation from ca. EUR 2.4 million to ca. EUR 200,000.

'Antiquated process': ICO on obtaining Cambridge Analytica warrant

'Antiquated process': ICO on obtaining Cambridge Analytica warrant

The UK Information Commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.

Your data and how it is used to gain your vote

Your data and how it is used to gain your vote

How much do political parties know about you - and how is it used to try to sway your vote? The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool.  A report from the UK ICO puts the spotlight on the relationship between data brokers and the politicians here.

ICO report on Audits of data protection compliance by UK political parties available here.

SECURITY & TECH

German Presidency: Recommendations for a way forward on the topic of encryption

Along with a forthcoming Council Resolution on encryption, the German Presidency has produced "Recommendations for a way forward on the topic of encryption." Like the Resolution, the Recommendations underscore the importance of encryption whilst emphasising the need to find ways to circumvent it.

See copy of the letter here.

Amazon's Panorama box lets firms check if staff follow coronavirus rules

Amazon's Panorama box lets firms check if staff follow coronavirus rules

Amazon plans to sell companies a way to detect when staff are not wearing face masks or socially distancing. Beyond the pandemic, the system could also be used to track compliance of other workplace rules or to monitor the public - for example, to check the number of customers queuing in a store.


The UK NCSC Annual Review 2020

The UK NCSC Annual Review 2020

The UK National Cyber Security Centre 2020 Annual Review report looks back at some of the key developments and highlights from the NCSC’s work between 1st September 2019 and 31st August 2020.

DATA BREACH

Twitter data breach decision coming soon, DPC says

Twitter data breach decision coming soon, DPC says

The ruling in the case of a data breach that Twitter disclosed in January 2019 will include a fine, the leader of Ireland’s data protection office said.

ENFORCEMENT

Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

The Italian data protection supervisory authority ordered Vodafone to pay a fine in excess of EUR 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

Spanish DPA imposes fine on Telefónica Móviles España

Spanish DPA imposes fine on Telefónica Móviles España

The Spanish Data Protection Authority imposed a fine of EUR 75,000 on Telefónica Móviles España, S.A.U., for unlawfully processing the claimant’s personal data by charging them several invoices corresponding to a third person.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679

Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679

Adopted during the EDPBs 39th plenary session: Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

Adopted during the EDPBs 40th plenary session after public consultation: Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

EDPS Opinion on the European Commission proposal on the New Pact on Migration and Asylum.

The EDPS released its opinion on data protection considerations related to the European Commission's New Pact on Migration and Asylum. While it supports a new management system for migrants and asylum seekers, the EDPS explains data protection is "one of the last lines of defence for vulnerable individuals" and needs to be included in any framework.

RESOURCES

Paper: Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels

Paper: Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels

Web tracking has been extensively studied over the last decade. To detect tracking, previous studies and user tools rely on filter lists. However, it has been shown that filter lists miss trackers. In this paper, we propose an alternative method to detect trackers inspired by analyzing behavior of invisible pixels.

IAB: Guide for conducting DPIAs for Digital Advertising under GDPR

Interactive Advertising Bureau Europe has developed guidance on how to conduct a Data Protection Impact Assessment in the context of processing data for digital advertising.