Privacy Transformation - Issue 82
PRIVACY
French privacy regulator readies fines for Google, Amazon
The French data protection authority CNIL is set to impose multimillion euro fines on Google and Amazon for violations of EU privacy rules.
DPC: EU-US Data Transfers - Judicial Review Proceedings
The DPC has issued a press release stating that it will be defending the judicial review proceedings brought by Facebook, listed for a hearing in the Irish High Court on 15 December 2020.
Opinion: Our personal health history is too valuable to be harvested by the tech giants
Health data paints a rich picture of our lives. Even if you remove your name, date of birth and NHS number to “anonymise” yourself, a full health history will reveal your age, gender, the places where you have lived, your family relationships and aspects of your lifestyle.
Senate hearing ponders US remedies for Privacy Shield invalidation
The U.S. Senate Committee on Commerce, Science, and Transportation explored potential avenues to solve EU-U.S. data transfer issues.
Opinion: Key data protection challenges for 2021
2021 will bring its own challenges and in the area of data protection, those challenges are not insubstantial. Here is a select list of challenges that will surely require our attention in the coming year.
SECURITY & TECH
Apple could block apps that don't comply with new privacy feature
Apple has threatened to remove apps from its widely-used App Store if they don't comply with an upcoming private feature allowing users to block advertisers from tracking them across different applications.
How to Switch to Signal and Bring All your Texts With You
Thinking of boosting your SMS security by switching to Signal? These tips make sure your messages come with you—even to a new phone.
Cloudflare and Apple design a new privacy-friendly internet protocol
Engineers at Cloudflare and Apple say they’ve developed a new internet protocol that will shore up one of the biggest holes in internet privacy that many don’t know even exists. Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it more difficult for internet providers to know which websites you visit.
DPC: Twitter data breach decision due on December 17
Despite "very divergent views" between EU data protection authorities over a case of data breaches by Twitter, a final decision on the bloc's first major cross-border online privacy case is due to be published on December 17th, it has been revealed.
ENFORCEMENT
French DPA: Fines for Google €100M and Amazon €35M for dropping tracking cookies without consent
France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent. Google has been hit with a total of €100 million for dropping cookies on Google.fr and Amazon €35M for doing so on the Amazon .fr domain under the penalty notices issued today.
Swedish DPA: Deficiencies in how healthcare providers control staff access to patient electronic medical records
The Swedish Data Protection Authority has audited eight health care providers in how they govern and restrict personnel’s access to the main systems for electronic health records. The DPA has discovered insufficiencies that in seven of the eight cases lead to administrative fines of up to EUR 3 Million.
Estonian DPA: Access to prescription information
The Estonian Data Protection Inspectorate obliged three e-pharmacies to immediately terminate access that was being allowed peoples' current prescription information in the e-pharmacy system without their consent.
Belgian DPA to take down websites infringing GDPR
The Belgian DPA has signed a cooperation agreement with DNS Belgium, the organization managing the “.be” country code top-level domain name. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the GDPR.
ICO fines mortgage broker for sending thousands of nuisance texts
The UK ICO has fined OSL Financial Consultancy Limited (a mortgage broker) £50,000 for illegally sending 174,342 nuisance marketing texts.
More on the latest GDPR enforcement news can be found on:
RESOURCES
ICO Webinar: Keep data flowing
This ICO webinar aimed at small and medium organisations discusses the key data protection requirements to consider at the end of the transition period for leaving the EU.
ICO launches tool to help police forces using data analytics
The ICO is urging police forces to build in data protection from the start when considering data analytics projects. A toolkit designed to help the law enforcement sector comply with data protection law when using data analytics has been created by the ICO and is launched today.