Privacy Transformation - Issue 84
Happy Christmas! Well we've finally made it to the end of what one could charitably call — an eventful year. While this unprecedented experience (at least in our lifetimes) was shared by all, it impacted everyone in different ways, and that impact will be with us for some time to come. I hope you and yours have made it through as unscathed as possible and share in the optimism that a new year, and new medicines can bring.
For privacy practitioners, 2020 has given us a lot to consider. From COVID-19 Tracking Apps to ePrivacy enforcement, Privacy Shield invalidation to post-Brexit data flows. From a data protection perspective, these developments have certainly set the scene for what to expect in 2021.
Wishing you a very happy and restful break and I hope you continue to find this roundup of privacy and data protection news and resources a useful friday flick-through.
Cheers,
- Alan
PRIVACY
Temporary Brexit Terms Will Keep EU-U.K. Data Flowing
Companies won’t have to scramble to find alternative solutions to keep data flowing between the European Union and the U.K. post Brexit after negotiators agreed to a temporary solution that will keep the current rules in place for several months.
EDPS Blog: Projecting our future: A privacy carol
European Data Protection Supervisor, Wojciech Wiewiórowski reflects on the year that's been for data protection practitioners and the world at large.
EDPB: Statement on the end of the Brexit transition period
The EDPB has just published its statement on the end of the Brexit transition period.
SECURITY & TECH
US cyber-attack: US energy department confirms it was hit by Sunburst hack
The agency is responsible for managing nuclear weapons, but said their security was not affected.
Facebook and Instagram disable features in Europe, blames ePrivacy Directive
Facebook is disabling several features in its Messenger and Instagram apps for people in Europe, to make sure they comply with a change in privacy rules.
How can homomorphic encryption address privacy in COVID-19 apps?
The avalanche of COVID-19 applications developed to manage the pandemic has caused debates over the balance of public interest and the basic human right to privacy.
Amazon Surpasses Facebook In Website Trackers
Research from Ghostery, a digital privacy company, found that in 2020 companies increased the number of website pages in which they track consumers, as the advertising industry prepared for the departure of third-party signals from Google and Apple.
Menstruation apps store excessive information, privacy charity says
Menstruation apps are unnecessarily storing personal data such as what medication women are on, their birth control habits and how hard women find it to reach orgasm, privacy campaigners have said.
France bans use of drones to police protests in Paris
France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris.
DATA BREACH
People's Energy data breach affects all 270,000 customers
The company People's Energy has contacted all its 270,000 current customers, following a data breach. Co-founder Karin Sode told BBC News an entire database had been stolen by hackers and included information on previous customers.
Microsoft identifies more than 40 organizations targeted in massive cyber breach
Microsoft has identified more than 40 of its customers around the world that had problematic versions of a third-party IT management program installed and that were specifically targeted by the suspected Russian hacking campaign disclosed this week.
ENFORCEMENT
The CNIL imposes two fines of 3,000 and 6,000 euros against two liberal doctors
The CNIL noted that these two health professionals have “ insufficiently protected the personal data of their patients ”, Besides forgetting to have notified a data breach to the commission. “ Thousands of medical images hosted on servers were freely accessible on the Internet.
Italian DPA opens proceedings on TikTok's children's privacy practices
Italy's data protection authority, the Garante, announced it has commenced proceedings against TikTok over its handling and protection of children's data.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
DPC: Children Front and Centre - Fundamentals for a Child-Oriented Approach to Data Processing
The DPC has published draft guidance (for public consultation) for organisations that collect and use children’s personal data. The Fundamentals give practical advice on how to process children’s personal data safely.
RESOURCES
Tracking The Trackers 2020: Web tracking’s opaque business model of selling users
The internet is not free. Yet billions of people unknowingly trade their data while they browse in what they think is a free ecosystem. Trackers are lurking everywhere. Web tracking by the likes of Google, Facebook, Amazon, and a host of other players has become so pervasive that it’s almost impossible to avoid.
Data Protection Commissioner report on the use of CCTV cameras by Kerry County Council
In 2018, the Data Protection Commissioner launched an investigation into the use of cameras by local authorities for law enforcement. This is the investigation report from the Data Protection Commissioner on use of those cameras.
ICO Webinar: AI and Individual Rights
This was the final webinar in the ICO's AI themed series, focusing on the subject of individual rights.
CONTRIBUTE
Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.