Privacy Transformation - Issue 88
PRIVACY
As Greece touts EU vaccine passports, privacy champions warn of risks
Proof of vaccination or immunity could help countries open up faster, but EU privacy activists are sounding the alarm.
It's time to tell the truth – give survivors their data
Ministor for Children, Roderic O’Gorman's claim that sealing the testimonies of mother and baby home survivors was a data protection issue was wrong and illegal.
DPC welcomes Schrems decision to drop legal case
The Data Protection Commissioner (DPC) has welcomed the move by Austrian privacy activist Max Schrems to drop his legal action against the Irish regulator.
EDPB & EDPS adopt joint opinions on new sets of SCCs
The EDPB and EDPS have adopted joint opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.
The Controller-Processor SCCs will have an EU-wide effect and aim to ensure full harmonisation and legal certainty across the EU when it comes to contracts between controllers and their processors.
SECURITY & TECH
France Bans Police Camera Drones Used to Enforce Lockdown
In France, the CNIL has told police to stop using drone-mounted cameras to enforce virus lockdowns, monitor protests, stake out drug deals and chase carjackers.
Apple's Silence on Chinese Censorship Raises Questions About the Company's Commitment to User Privacy and Human Rights
Apple's commitment to user privacy and human rights called into question by ignoring a second request to testify before Congress on Chinese censorship and a recent vote that saw over 40% of its shareholders express that the company should stop removing apps when the Chinese government demands it.
FTC settles with photo storage app that pivoted to facial recognition
The US Federal Trade Commission has reached a settlement with photo storage app Ever that it says used customers’ photos to develop facial recognition technology without telling them.
Whatsapp delays data-sharing update after user backlash over privacy concerns
WhatsApp has delayed a data-sharing change as users worried about privacy fled the Facebook-owned messaging service and flocked to rivals Telegram and Signal.
Related: Should you keep using WhatsApp? Plus five tips to start the year with your digital privacy intact
DATA BREACH
Over 6,600 data breaches notified to Irish Data Protection Commission in last 12 months according to survey by international law firm DLA Piper
According to DLA Piper’s latest annual General Data Protection Regulation (GDPR) Fines and Data Breach Survey, Ireland reported 6,615 data breaches in the past twelve months to the Irish Data Protection Commission. Ireland recorded the sixth highest level of breach notifications across Europe and third highest on a per capita basis.
Some of the reports findings:
- Ireland reported 6,615 data breaches notified to regulators, ranking it 6th overall in the survey and 3rd on a per capita basis.
- European Data Protection regulators have imposed EUR158.5 million of fines since 28 January 2020, a 39% increase on the previous 20-month period since the application of GDPR with the Irish Data Protection Commission issuing its first GDPR fines totaling EUR715,000.
- Italy has imposed the highest aggregate fines with France imposing the highest individual fine to date.
- Double digit growth for breach notifications for the second year running with 121,165 breaches notified since 28 January 2020 compared to 101,403 breaches notified in the previous year – a 19% increase.
- Per capita Denmark tops the rankings for data breach notifications.
See Resources section for link to the Report.
UK Police mistakenly deleted 150,000 arrest records in software glitch
The UK government has acknowledged that a technical glitch resulted in the accidental deletion of 150,000 arrest records from police databases across the country.
ENFORCEMENT
GDPR: German laptop retailer fined €10.4m for video-monitoring employees
The data regulator for the German state of Lower Saxony has fined a local laptop retailer a whopping €10.4 million ($12.5 million) for keeping its employees under constant video surveillance at all times for the past two years without a legal basis.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
EDPB adopts Guidelines on examples regarding data breach notification
EDPB adopts guidelines on examples regarding data breach notification.
The guidelines can be found here and more information about the public consultation are available here
RESOURCES
DLA Piper Report: GDPR fines and data breach survey, January 2021
EUR272.5 million of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to international law firm DLA Piper. The figure is taken from the law firm’s latest annual GDPR fines and data breach survey of the 27 European Union Member States plus the UK, Norway, Iceland and Liechtenstein.
EDPS - Website Evidence Collector Inspection Software
The European Data Protection Supervisor (EDPS) has developed "Website Evidence Collector" - an open source software tool for the automation of privacy and personal data protection inspections of websites.
UK ICO: Understanding the Age Appropriate Design Code
This webinar was about the ICO’s Age Appropriate Design Code, or Children’s Code.
CONTRIBUTE
Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.