Privacy Transformation - Issue 89

PRIVACY

Majority of Irish businesses unsure of data protection landscape

Majority of Irish businesses unsure of data protection landscape

More than three-quarters (76%) of Irish businesses have experienced growing uncertainty across the data protection spectrum over the last 12 months with no signs of this abating according to a new survey from the Association of Compliance Officers Ireland (ACOI).

Germany’s data strategy to tackle discrimination, encourage competition

Germany’s data strategy to tackle discrimination, encourage competition

On 27 January the German government adopted its new data strategy. Among other things, citizens should be able to have more confidence that their data is in good hands with the state and companies, according to the document.

The end of dark patterns in “cookie walls”: German court bans deceptive designs

The end of dark patterns in “cookie walls”: German court bans deceptive designs

Website operators are not permitted to use cookies and similar tracking technologies for analysis and marketing purposes without the informed consent of users, if this involves sharing...

More background info on the case can be found here.

VIDEO: Happy 40th Anniversary Convention 108!

VIDEO: Happy 40th Anniversary Convention 108!

40 members of the Data Protection Community in the world have recorded Happy Anniversary messages, emphasizing how Convention 108 is important for their respective country or organisation and their work. Be ready to witness their energy and get inspiration from this global community.

NOYB files appeal against decisions of the Luxemburg DPA against their dismissal of complaints against US-based data controllers

NOYB files appeal against decisions of the Luxemburg DPA against their dismissal of complaints against US-based data controllers

NOYB filed an appeal against two decisions of the Luxemburg Data Protection Authority on a fundamental matter: the authority dismissed two complaints lodged against US-based data controllers.

SECURITY & TECH

UK resumes privacy oversight of adtech, warns platform audits are coming

UK resumes privacy oversight of adtech, warns platform audits are coming

The U.K.’s data watchdog has restarted an investigation of adtech practices that, since 2018, have been subject to scores of complaints across Europe under the bloc’s General Data Protection Regulation.

Read the ICOs statement on the reopening of the investigation.

UK ICO Statement: Adtech investigation resumes

UK ICO Statement: Adtech investigation resumes

In May 2020, the ICO paused their investigation into real time bidding (RTB) and the adtech industry. They have now resumed the investigation.

Apple CEO escalates battle with Facebook over online privacy

Apple CEO escalates battle with Facebook over online privacy

Apple CEO Tim Cook has fired off a series of thinly veiled shots at Facebook and other social media companies Thursday, escalating an online privacy battle pitting the iPhone maker against digital services that depend on tracking people to help sell ads.

Data transfers to the US and insufficient cookie information: NOYB files complaint on behalf of six MEPs against the European Parliament

NOYB has filed a complaint, representing 6 Members of the European Parliament in their complaint concerning the Parliament’s coronavirus testing website and its data processing practices.

Clearview AI’s biometric photo database deemed illegal in the EU, but only partial deletion ordered

Clearview AI’s biometric photo database deemed illegal in the EU, but only partial deletion ordered

The Hamburg Data Protection Authority  deemed biometric profiles of Europeans illegal and ordered US-company Clearview AI to delete the biometric profile of the complainant.

UK NCSC - Weekly Threat Report

UK NCSC - Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Brazil's Health Ministry's website data leak exposed 243 million medical records for more than 6 months

Brazil's Health Ministry's website data leak exposed 243 million medical records for more than 6 months

Personal information of more than 243 million Brazilians was exposed for more than six months thanks to weakly encoded credentials stored in the source code of the Brazilian Ministry of Health’s website.

ENFORCEMENT

German Regional DPA: 10.4EUR million fine against company using video surveillance to monitor its employees for at least two years with no legal justification

The State Commissioner for Data Protection in Lower Saxony has imposed a fine of 10.4 million euros against notebooksbilliger.de AG. The company had been using video surveillance to monitor its employees for at least two years with no legal justification. Some of the areas recorded by the illegal cameras included workspaces, sales floors, warehouses and staff rooms.

Dutch DPA: Issued formal warning to a supermarket for its use of Facial Recognition Technology

Dutch DPA: Issued formal warning to a supermarket for its use of Facial Recognition Technology

The Dutch Data Protection Authority (DPA) has issued a formal warning to a supermarket for its use of facial recognition technology. Although the facial recognition technology has been disabled since December 2019, the supermarket wished to turn it back on.

Polish DPA: University Fined for the lack of Data Breach Notifications

Polish DPA: University Fined for the lack of Data Breach Notifications

The President of the Personal Data Protection Office (UODO) imposed a fine of over EUR 5,850 on the Medical University of Silesia, as there was a data protection breach at the university, of which the controller should notify not only the supervisory authority but also the persons affected by the incident.

Norwegian DPA: Intention to issue € 10 million fine to Grindr LLC

Norwegian DPA: Intention to issue € 10 million fine to Grindr LLC

The Norwegian Data Protection Authority has notified Grindr LLC (Grindr) that it intends to issue an administrative fine of EUR 10M for not complying with the GDPR rules on consent.

Italian DPA: Limitation imposed on processing on TikTok after the death of a Girl from Palermo

Italian DPA: Limitation imposed on processing on TikTok after the death of a Girl from Palermo

The Italian SA (Garante per la protezione dei dati personali) imposed an immediate limitation on the processing performed by TikTok with regard to the data of users whose age could not be established with certainty.

ICO: Fines totalling £480,000 issued to companies making nuisance calls

ICO: Fines totalling £480,000 issued to companies making nuisance calls

The UK ICO has issued fines totalling £480,000 to four separate companies for making unlawful calls to numbers registered with the Telephone Preference Service (TPS).

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

CONTRIBUTE

Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.