Privacy Transformation - Issue 83

PRIVACY

Twitter fined €450,000 by data watchdog for GDPR breach

Twitter fined €450,000 by data watchdog for GDPR breach

Twitter has been fined EUR 450,000 by the Data Protection Commission for a data breach, marking the first time the regulator has penalised a big tech company under European GDPR rules.

Facebook will move UK users to US terms, avoiding EU privacy laws

Facebook will move UK users to US terms, avoiding EU privacy laws

Facebook will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook’s Irish unit and out of reach of Europe’s privacy laws.

State vetoed release of European court arguments on data retention

State vetoed release of European court arguments on data retention

The State vetoed the release of its arguments before a European court with regard to data retention so as not to compromise its case against convicted murderer Graham Dwyer.

EDPS: International data transfers top of the agenda for the 48th EDPS DPO meeting

EDPS: International data transfers top of the agenda for the 48th EDPS DPO meeting

The EDPS and the network of DPOs of the EU institutions held its 48th meeting on 11 December 2020. Our second online meeting since the outbreak of the COVID-19 pandemic coincided with the second anniversary of the EUDPR and focussed on the issue of international data transfers further to the “Schrems II” Judgement.

SECURITY & TECH

What you need to know about the FireEye hack: Cybersecurity attack against US government

What you need to know about the FireEye hack: Cybersecurity attack against US government

A sophisticated cybersecurity attack targeting major branches of the U.S. government has put an untold number of Americans at risk of compromise.

Related Stories

Malwarebytes detects leaked tools from FireEye breach

US treasury hacked by foreign government group

Backdoored SolarWinds software, linked to US govt hacks, in wide use throughout the British public sector

Backdoored SolarWinds software, linked to US govt hacks, in wide use throughout the British public sector

Concern is gathering over the effects of the backdoor inserted into SolarWinds' network monitoring software on Britain's public sector – as tight-lipped government departments refuse to say whether UK institutions were accessed by Russian spies.

EU reveals plan to regulate big tech

EU reveals plan to regulate big tech

Big tech firms face yearly checks on how they are tackling illegal and harmful content under new rules unveiled by the European Commission. Fresh restrictions are also planned to govern their use of customers' data, and to prevent the firms ranking their own services above competitors' in search results and app stores.

Apple forces apps to display what they do with data

Apple forces apps to display what they do with data

Apps on all of Apple's app stores will now have to show much more detail about what data they collect and what it is used for. From 14 December developers must show what information they gather, listed in terms of what is taken to track users and what is linked directly to them.

European Commission to outline proposal for EU cybersecurity strategy

European Commission to outline proposal for EU cybersecurity strategy

The new strategy aims to prepare the EU for future cyber threats through forward-looking horizontal legislation, cutting across different subjects of the cyber realm. Focus areas include threat response capacity, enhanced EU cooperation, and common standards.

ENFORCEMENT

Irish DPA: DPC announces decision in Twitter inquiry

Irish DPA: DPC announces decision in Twitter inquiry

The Irish Data Protection Commission has announced a conclusion to a GDPR investigation it conducted into Twitter International Company, imposing an administrative fine of €450,000 on organisation as an effective, proportionate and dissuasive measure.

Swedish DPA: University failed to sufficiently protect sensitive personal data

Swedish DPA: University failed to sufficiently protect sensitive personal data

Umeå University has processed special categories of personal data concerning sexual life and health through, amongst other, storage in a cloud service, without sufficiently protecting the data. The Swedish Data Protection Authority is therefore issuing a fine of ca. EUR 54,000 against the university.

Swedish DPA: 300,000 SEK fine against housing company

Swedish DPA: 300,000 SEK fine against housing company

The Swedish Data Protection Authority received a complaint concerning video surveillance in an apartment building belonging to the housing company Uppsalahem. The complainant claimed that there was a surveillance camera in the apartment house directed towards the complainant's front door and resulted in a ca. EUR30,000 fine.

Spanish DPA: Record fine of 5 million euros for the use of data without consent

The Spanish Agency for Data Protection (AEPD) has imposed on BBVA a sanction of EUR 5 million, the agency’s largest fine in its history. The action was taken on the back of complaints from users who received telephone calls by BBVA, despite the fact that they had denied the transfer of their data for advertising purposes.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

Irish DPC: Guidance on Transfers of Personal Data from Ireland to the UK at the end of the Transition Period

Irish DPC: Guidance on Transfers of Personal Data from Ireland to the UK at the end of the Transition Period

The Irish DPC has released guidance on transferring data between Ireland and the U.K. following the end of the Brexit transition period.

RESOURCES

EDPB - 43rd Plenary session

EDPB - 43rd Plenary session

The EDPB adopted its Strategy 2021-2023, which sets out the Board’s strategic objectives, grouped around four pillars, as well as three key actions per pillar to help achieve these objectives. The four main pillars of the EDPB Strategy are:

  • advancing harmonisation and facilitating compliance;
  • supporting effective enforcement and efficient cooperation between national supervisory authorities;
  • a fundamental rights approach to new technologies and;
  • the global dimension.