Privacy Transformation - Issue 86
PRIVACY
Concerns raised about cameras at self-service supermarket checkouts
Concerns have been raised about the installation of front-facing cameras at self-service checkouts at a number of Tesco stores in Ireland. The supermarket chain has claimed the move is an additional security feature for customers.
'Big rise' in complaints about domestic CCTV cameras, Data Protection Commissioner says
There has been a “big rise” in the number of complaints relating to CCTV cameras outside peoples’ homes, the Data Protection Commissioner has said.
Opinion: Snowden - "We Can Fix a Broken System"
This is a message from whistleblower Edward Snowden. His revelations about secret surveillance programs opened the world’s eyes to a new level of government misconduct, and reinvigorated EFF’s continuing work in the courts and with lawmakers to end unlawful mass spying.
France to keep list of people who have Covid vaccination
The new list will facilitate and monitor the campaign roll-out, health authorities say, but critics say it will also track those who do not get the jab.
Concerns about using such data beyond purpose are being borne out in similar contexts such as Singapore police accessing contact tracing data for criminal investigations.
SECURITY & TECH
EDPS: Personal Information Management Systems
Personal Information Management Systems (PIMS) are new products and services that help individuals to have more control over their personal data. PIMS enable individuals themselves to manage and control their online identity.
EDPS: What does COVID-19 reveal about our privacy engineering capabilities?
The public discussion about specific privacy features for a new application, which was only in the early phases of development, was a completely new phenomenon. This happened in the spring of 2020, when several groups of researchers spoke about possible privacy safeguards of Corona Tracing Apps, and their concerns and suggestions found a broad echo, even in general media.
DATA BREACH
Top data breaches of 2020
Major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. This article lists many significant incidents.
For an in-depth analysis of 2020 data breaches, see Verizon's 2020 Data Breach Investigations Report.
ENFORCEMENT
French DPA: CNIL fines food delivery startup for having sent 600,000 people emails without consent
The French supervisory authority has sanctioned Nestor, a startup of meal deliveries to employees a fine of EUR 20,000 concerning unlawful processing of personal data of prospects and customers.
More on the latest GDPR enforcement news can be found on:
RESOURCES
EDPB adopted documents - 42nd & 43rd plenary
During its 42nd and 43rd plenary, the EDPB adopted the following documents.
42nd plenary session:
43rd plenary session:
- EDPB Strategy 2021-2023
- EDPB Document on Terms of Reference of the EDPB Support Pool of Experts
- Statement on the end of the Brexit transition period
- Information note on data transfers under the GDPR after the Brexit transition period
- Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation
- Guidelines on the interplay of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation)
- Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies (following public consultation)
- Statement on the protection of personal data processed in relation with the prevention of money laundering and terrorist financing
- Article 64 Opinion on the draft decision regarding Equinix’s Controller BCRs
EDPB Strategy 2021-2023
The European Data Protection Board has published it's strategy through to 2023 setting out the four main pillars of their strategic objectives, as well as set of key actions to help achieve those objectives.
CONTRIBUTE
Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.