Privacy Transformation - Issue 83
PRIVACY
Twitter fined €450,000 by data watchdog for GDPR breach
Twitter has been fined EUR 450,000 by the Data Protection Commission for a data breach, marking the first time the regulator has penalised a big tech company under European GDPR rules.
Facebook will move UK users to US terms, avoiding EU privacy laws
Facebook will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook’s Irish unit and out of reach of Europe’s privacy laws.
State vetoed release of European court arguments on data retention
The State vetoed the release of its arguments before a European court with regard to data retention so as not to compromise its case against convicted murderer Graham Dwyer.
EDPS: International data transfers top of the agenda for the 48th EDPS DPO meeting
The EDPS and the network of DPOs of the EU institutions held its 48th meeting on 11 December 2020. Our second online meeting since the outbreak of the COVID-19 pandemic coincided with the second anniversary of the EUDPR and focussed on the issue of international data transfers further to the “Schrems II” Judgement.
SECURITY & TECH
What you need to know about the FireEye hack: Cybersecurity attack against US government
A sophisticated cybersecurity attack targeting major branches of the U.S. government has put an untold number of Americans at risk of compromise.
Related Stories
Malwarebytes detects leaked tools from FireEye breach
US treasury hacked by foreign government group
Backdoored SolarWinds software, linked to US govt hacks, in wide use throughout the British public sector
Concern is gathering over the effects of the backdoor inserted into SolarWinds' network monitoring software on Britain's public sector – as tight-lipped government departments refuse to say whether UK institutions were accessed by Russian spies.
EU reveals plan to regulate big tech
Big tech firms face yearly checks on how they are tackling illegal and harmful content under new rules unveiled by the European Commission. Fresh restrictions are also planned to govern their use of customers' data, and to prevent the firms ranking their own services above competitors' in search results and app stores.
Apple forces apps to display what they do with data
Apps on all of Apple's app stores will now have to show much more detail about what data they collect and what it is used for. From 14 December developers must show what information they gather, listed in terms of what is taken to track users and what is linked directly to them.
European Commission to outline proposal for EU cybersecurity strategy
The new strategy aims to prepare the EU for future cyber threats through forward-looking horizontal legislation, cutting across different subjects of the cyber realm. Focus areas include threat response capacity, enhanced EU cooperation, and common standards.
ENFORCEMENT
Irish DPA: DPC announces decision in Twitter inquiry
The Irish Data Protection Commission has announced a conclusion to a GDPR investigation it conducted into Twitter International Company, imposing an administrative fine of €450,000 on organisation as an effective, proportionate and dissuasive measure.
Swedish DPA: University failed to sufficiently protect sensitive personal data
Umeå University has processed special categories of personal data concerning sexual life and health through, amongst other, storage in a cloud service, without sufficiently protecting the data. The Swedish Data Protection Authority is therefore issuing a fine of ca. EUR 54,000 against the university.
Swedish DPA: 300,000 SEK fine against housing company
The Swedish Data Protection Authority received a complaint concerning video surveillance in an apartment building belonging to the housing company Uppsalahem. The complainant claimed that there was a surveillance camera in the apartment house directed towards the complainant's front door and resulted in a ca. EUR30,000 fine.
Spanish DPA: Record fine of 5 million euros for the use of data without consent
The Spanish Agency for Data Protection (AEPD) has imposed on BBVA a sanction of EUR 5 million, the agency’s largest fine in its history. The action was taken on the back of complaints from users who received telephone calls by BBVA, despite the fact that they had denied the transfer of their data for advertising purposes.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
Irish DPC: Guidance on Transfers of Personal Data from Ireland to the UK at the end of the Transition Period
The Irish DPC has released guidance on transferring data between Ireland and the U.K. following the end of the Brexit transition period.
RESOURCES
EDPB - 43rd Plenary session
The EDPB adopted its Strategy 2021-2023, which sets out the Board’s strategic objectives, grouped around four pillars, as well as three key actions per pillar to help achieve these objectives. The four main pillars of the EDPB Strategy are:
- advancing harmonisation and facilitating compliance;
- supporting effective enforcement and efficient cooperation between national supervisory authorities;
- a fundamental rights approach to new technologies and;
- the global dimension.