Privacy Transformation - Issue 84

Happy Christmas! Well we've finally made it to the end of what one could charitably call — an eventful year. While this unprecedented experience (at least in our lifetimes) was shared by all, it impacted everyone in different ways, and that impact will be with us for some time to come. I hope you and yours have made it through as unscathed as possible and share in the optimism that a new year, and new medicines can bring.

For privacy practitioners, 2020 has given us a lot to consider. From COVID-19 Tracking Apps to ePrivacy enforcement, Privacy Shield invalidation to post-Brexit data flows. From a data protection perspective, these developments have certainly set the scene for what to expect in 2021.

Wishing you a very happy and restful break and I hope you continue to find this roundup of privacy and data protection news and resources a useful friday flick-through.

Cheers,

- Alan

PRIVACY

Temporary Brexit Terms Will Keep EU-U.K. Data Flowing

Temporary Brexit Terms Will Keep EU-U.K. Data Flowing

Companies won’t have to scramble to find alternative solutions to keep data flowing between the European Union and the U.K. post Brexit after negotiators agreed to a temporary solution that will keep the current rules in place for several months.

EDPS Blog: Projecting our future: A privacy carol

EDPS Blog: Projecting our future: A privacy carol

European Data Protection Supervisor, Wojciech Wiewiórowski reflects on the year that's been for data protection practitioners and the world at large.

EDPB: Statement on the end of the Brexit transition period

The EDPB has just published its statement on the end of the Brexit transition period.

SECURITY & TECH

US cyber-attack: US energy department confirms it was hit by Sunburst hack

US cyber-attack: US energy department confirms it was hit by Sunburst hack

The agency is responsible for managing nuclear weapons, but said their security was not affected.

Facebook and Instagram disable features in Europe, blames ePrivacy Directive

Facebook and Instagram disable features in Europe, blames ePrivacy Directive

Facebook is disabling several features in its Messenger and Instagram apps for people in Europe, to make sure they comply with a change in privacy rules.

How can homomorphic encryption address privacy in COVID-19 apps?

How can homomorphic encryption address privacy in COVID-19 apps?

The avalanche of COVID-19 applications developed to manage the pandemic has caused debates over the balance of public interest and the basic human right to privacy.

Amazon Surpasses Facebook In Website Trackers

Amazon Surpasses Facebook In Website Trackers

Research from Ghostery, a digital privacy company, found that in 2020 companies increased the number of website pages in which they track consumers, as the advertising industry prepared for the departure of third-party signals from Google and Apple.

Menstruation apps store excessive information, privacy charity says

Menstruation apps store excessive information, privacy charity says

Menstruation apps are unnecessarily storing personal data such as what medication women are on, their birth control habits and how hard women find it to reach orgasm, privacy campaigners have said.

France bans use of drones to police protests in Paris

France bans use of drones to police protests in Paris

France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris.

DATA BREACH

People's Energy data breach affects all 270,000 customers

People's Energy data breach affects all 270,000 customers

The company People's Energy has contacted all its 270,000 current customers, following a data breach. Co-founder Karin Sode told BBC News an entire database had been stolen by hackers and included information on previous customers.

Microsoft identifies more than 40 organizations targeted in massive cyber breach

Microsoft identifies more than 40 organizations targeted in massive cyber breach

Microsoft has identified more than 40 of its customers around the world that had problematic versions of a third-party IT management program installed and that were specifically targeted by the suspected Russian hacking campaign disclosed this week.

ENFORCEMENT

The CNIL imposes two fines of 3,000 and 6,000 euros against two liberal doctors

The CNIL imposes two fines of 3,000 and 6,000 euros against two liberal doctors

The CNIL noted that these two health professionals have “ insufficiently protected the personal data of their patients ”, Besides forgetting to have notified a data breach to the commission. “ Thousands of medical images hosted on servers were freely accessible on the Internet.

Italian DPA opens proceedings on TikTok's children's privacy practices

Italian DPA opens proceedings on TikTok's children's privacy practices

Italy's data protection authority, the Garante, announced it has commenced proceedings against TikTok over its handling and protection of children's data.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

DPC: Children Front and Centre - Fundamentals for a Child-Oriented Approach to Data Processing

DPC: Children Front and Centre - Fundamentals for a Child-Oriented Approach to Data Processing

The DPC has published draft guidance (for public consultation) for organisations that collect and use children’s personal data. The Fundamentals give practical advice on how to process children’s personal data safely.

RESOURCES

Tracking The Trackers 2020: Web tracking’s opaque business model of selling users

Tracking The Trackers 2020: Web tracking’s opaque business model of selling users

The internet is not free. Yet billions of people unknowingly trade their data while they browse in what they think is a free ecosystem. Trackers are lurking everywhere. Web tracking by the likes of Google, Facebook, Amazon, and a host of other players has become so pervasive that it’s almost impossible to avoid.

[Download Report]

Data Protection Commissioner report on the use of CCTV cameras by Kerry County Council

Data Protection Commissioner report on the use of CCTV cameras by Kerry County Council

In 2018, the Data Protection Commissioner launched an investigation into the use of cameras by local authorities for law enforcement. This is the investigation report from the Data Protection Commissioner on use of those cameras.

ICO Webinar: AI and Individual Rights

ICO Webinar: AI and Individual Rights

This was the final webinar in the ICO's AI themed series, focusing on the subject of individual rights.

CONTRIBUTE

Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.