Privacy Transformation - Issue 89
PRIVACY
Majority of Irish businesses unsure of data protection landscape
More than three-quarters (76%) of Irish businesses have experienced growing uncertainty across the data protection spectrum over the last 12 months with no signs of this abating according to a new survey from the Association of Compliance Officers Ireland (ACOI).
Germany’s data strategy to tackle discrimination, encourage competition
On 27 January the German government adopted its new data strategy. Among other things, citizens should be able to have more confidence that their data is in good hands with the state and companies, according to the document.
The end of dark patterns in “cookie walls”: German court bans deceptive designs
Website operators are not permitted to use cookies and similar tracking technologies for analysis and marketing purposes without the informed consent of users, if this involves sharing...
More background info on the case can be found here.
VIDEO: Happy 40th Anniversary Convention 108!
40 members of the Data Protection Community in the world have recorded Happy Anniversary messages, emphasizing how Convention 108 is important for their respective country or organisation and their work. Be ready to witness their energy and get inspiration from this global community.
NOYB files appeal against decisions of the Luxemburg DPA against their dismissal of complaints against US-based data controllers
NOYB filed an appeal against two decisions of the Luxemburg Data Protection Authority on a fundamental matter: the authority dismissed two complaints lodged against US-based data controllers.
SECURITY & TECH
UK resumes privacy oversight of adtech, warns platform audits are coming
The U.K.’s data watchdog has restarted an investigation of adtech practices that, since 2018, have been subject to scores of complaints across Europe under the bloc’s General Data Protection Regulation.
Read the ICOs statement on the reopening of the investigation.
UK ICO Statement: Adtech investigation resumes
In May 2020, the ICO paused their investigation into real time bidding (RTB) and the adtech industry. They have now resumed the investigation.
Apple CEO escalates battle with Facebook over online privacy
Apple CEO Tim Cook has fired off a series of thinly veiled shots at Facebook and other social media companies Thursday, escalating an online privacy battle pitting the iPhone maker against digital services that depend on tracking people to help sell ads.
Data transfers to the US and insufficient cookie information: NOYB files complaint on behalf of six MEPs against the European Parliament
NOYB has filed a complaint, representing 6 Members of the European Parliament in their complaint concerning the Parliament’s coronavirus testing website and its data processing practices.
Clearview AI’s biometric photo database deemed illegal in the EU, but only partial deletion ordered
The Hamburg Data Protection Authority deemed biometric profiles of Europeans illegal and ordered US-company Clearview AI to delete the biometric profile of the complainant.
UK NCSC - Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
Brazil's Health Ministry's website data leak exposed 243 million medical records for more than 6 months
Personal information of more than 243 million Brazilians was exposed for more than six months thanks to weakly encoded credentials stored in the source code of the Brazilian Ministry of Health’s website.
ENFORCEMENT
German Regional DPA: 10.4EUR million fine against company using video surveillance to monitor its employees for at least two years with no legal justification
The State Commissioner for Data Protection in Lower Saxony has imposed a fine of 10.4 million euros against notebooksbilliger.de AG. The company had been using video surveillance to monitor its employees for at least two years with no legal justification. Some of the areas recorded by the illegal cameras included workspaces, sales floors, warehouses and staff rooms.
Dutch DPA: Issued formal warning to a supermarket for its use of Facial Recognition Technology
The Dutch Data Protection Authority (DPA) has issued a formal warning to a supermarket for its use of facial recognition technology. Although the facial recognition technology has been disabled since December 2019, the supermarket wished to turn it back on.
Polish DPA: University Fined for the lack of Data Breach Notifications
The President of the Personal Data Protection Office (UODO) imposed a fine of over EUR 5,850 on the Medical University of Silesia, as there was a data protection breach at the university, of which the controller should notify not only the supervisory authority but also the persons affected by the incident.
Norwegian DPA: Intention to issue € 10 million fine to Grindr LLC
The Norwegian Data Protection Authority has notified Grindr LLC (Grindr) that it intends to issue an administrative fine of EUR 10M for not complying with the GDPR rules on consent.
Italian DPA: Limitation imposed on processing on TikTok after the death of a Girl from Palermo
The Italian SA (Garante per la protezione dei dati personali) imposed an immediate limitation on the processing performed by TikTok with regard to the data of users whose age could not be established with certainty.
ICO: Fines totalling £480,000 issued to companies making nuisance calls
The UK ICO has issued fines totalling £480,000 to four separate companies for making unlawful calls to numbers registered with the Telephone Preference Service (TPS).
More on the latest GDPR enforcement news can be found on:
CONTRIBUTE
Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.