Privacy Transformation - Issue 81
PRIVACY
Swedish court rejects Google's appeal in RTBF case
The Swedish Administrative Court of Stockholm confirmed Google violated the EU GDPR in several instances and rejected Google's motion that Sweden's data protection authority's decisions be repealed due to formal deficiencies. The court upheld the fine of ca. EUR 4.9 million, while the court lowered the fine for one violation from ca. EUR 2.4 million to ca. EUR 200,000.
'Antiquated process': ICO on obtaining Cambridge Analytica warrant
The UK Information Commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.
Your data and how it is used to gain your vote
How much do political parties know about you - and how is it used to try to sway your vote? The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. A report from the UK ICO puts the spotlight on the relationship between data brokers and the politicians here.
ICO report on Audits of data protection compliance by UK political parties available here.
SECURITY & TECH
German Presidency: Recommendations for a way forward on the topic of encryption
Along with a forthcoming Council Resolution on encryption, the German Presidency has produced "Recommendations for a way forward on the topic of encryption." Like the Resolution, the Recommendations underscore the importance of encryption whilst emphasising the need to find ways to circumvent it.
Amazon's Panorama box lets firms check if staff follow coronavirus rules
Amazon plans to sell companies a way to detect when staff are not wearing face masks or socially distancing. Beyond the pandemic, the system could also be used to track compliance of other workplace rules or to monitor the public - for example, to check the number of customers queuing in a store.
The UK NCSC Annual Review 2020
The UK National Cyber Security Centre 2020 Annual Review report looks back at some of the key developments and highlights from the NCSC’s work between 1st September 2019 and 31st August 2020.
DATA BREACH
Twitter data breach decision coming soon, DPC says
The ruling in the case of a data breach that Twitter disclosed in January 2019 will include a fine, the leader of Ireland’s data protection office said.
ENFORCEMENT
Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA
The Italian data protection supervisory authority ordered Vodafone to pay a fine in excess of EUR 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.
Spanish DPA imposes fine on Telefónica Móviles España
The Spanish Data Protection Authority imposed a fine of EUR 75,000 on Telefónica Móviles España, S.A.U., for unlawfully processing the claimant’s personal data by charging them several invoices corresponding to a third person.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679
Adopted during the EDPBs 39th plenary session: Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
Adopted during the EDPBs 40th plenary session after public consultation: Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
EDPS Opinion on the European Commission proposal on the New Pact on Migration and Asylum.
The EDPS released its opinion on data protection considerations related to the European Commission's New Pact on Migration and Asylum. While it supports a new management system for migrants and asylum seekers, the EDPS explains data protection is "one of the last lines of defence for vulnerable individuals" and needs to be included in any framework.
RESOURCES
Paper: Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels
Web tracking has been extensively studied over the last decade. To detect tracking, previous studies and user tools rely on filter lists. However, it has been shown that filter lists miss trackers. In this paper, we propose an alternative method to detect trackers inspired by analyzing behavior of invisible pixels.
IAB: Guide for conducting DPIAs for Digital Advertising under GDPR
Interactive Advertising Bureau Europe has developed guidance on how to conduct a Data Protection Impact Assessment in the context of processing data for digital advertising.