Privacy Transformation - Issue 91

PRIVACY

Portugal’s plans to conclude ePrivacy saga

Portugal’s plans to conclude ePrivacy saga

The Portuguese presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focusing on the processing of communications metadata and data stored on end-user equipment, according to the latest proposal.

Passenger data not shared between Dublin and Belfast despite Covid deal

Passenger data not shared between Dublin and Belfast despite Covid deal

Passengers arriving from Britain into Irish airports and ports with the aim of travelling to Northern Ireland remain under no legal obligation to provide residence addresses or contact numbers, 10 months after authorities on both sides of the Border agreed to share data on Covid-19.

Opinion: After 20 years of debate, it’s time for Congress to finally pass a baseline privacy law

Opinion: After 20 years of debate, it’s time for Congress to finally pass a baseline privacy law

Jessica Rich revisits an FTC privacy legislation proposal from 2000 to see which considerations have and have not changed over two decades.

Austrian Court: Probabilities as personal data

Austrian Court: Probabilities as personal data

The Federal Administrative Court of Austria confirmed by its decision of 26 November 2020 the stance of the Austrian Data Protection Authority that so-called “party affinity” data may not be processed without the data subject’s consent. Most importantly, the Court clarified that data about an individual fall within the scope of “personal data” even if they only reflect probable and not actual characteristics of individuals.

SECURITY & TECH

Study: Parental control applications often misbehave posing privacy threats for children and even parents

Study: Parental control applications often misbehave posing privacy threats for children and even parents

Parental control apps are used by parents to monitor the use that their children make of their mobile phones, and to block access to certain features. These apps are highly intrusive by definition, as they can track the actions and movements of the children’s phone (and thus of the child). Therefore, the use of parental control apps can have implications on the privacy of both children and parents.

Facebook faces new UK class action after data harvesting scandal

Facebook faces new UK class action after data harvesting scandal

Facebook is facing a second London High Court class action over allegations it failed to protect the personal details of about one million people in England and Wales, in the latest lawsuit to spring from a scandal over data harvesting.

UK NCSC - Weekly Threat Report 5th February 2021

UK NCSC - Weekly Threat Report 5th February 2021

The NCSC's weekly threat report is drawn from recent open source reporting.

ENFORCEMENT

UCD fined €70k by data watchdog after email accounts' log-in details posted online

UCD fined €70k by data watchdog after email accounts' log-in details posted online

University College Dublin has been officially reprimanded and ordered to bring its processes up to GDPR standard.

Read the DPC Decision here.

No fine despite DPC finding against INM over 2014 data breach

No fine despite DPC finding against INM over 2014 data breach

INM will not be hit with a fine or other regulatory sanction despite the Data Protection Commission making a number of findings against the company in relation a 2014 data breach.

Norwegian DPA

The Norwegian DPA has been active in enforcement, and we give a spotlight to them this week, having issued the following fines:

A fine of EUR 10,000 to Lindstrand Trading AS for conducting a total of four credit ratings of individuals and sole proprietorships without a legal basis.

[Read More]

A fine of EUR 7,500 to a company for conducting a credit rating analysis without a legal basis. [Read More]

A fine of EUR 20,000 to a company for unlawfully setting up the automatic forwarding of a former employee’s e-mails. [Read More]

In a similar case, the DPA fined an organisation EUR 40,000 for setting up automatic forwarding of an employee's e-mails. [Read More]

A fine of EUR 40,000 for unlawful distribution of a camera recording from a shop. [Read More]

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

EDPS Opinions on the Digital Services Act and the Digital Markets Act

EDPS Opinions on the Digital Services Act and the Digital Markets Act

The EDPS published Opinions on the European Commission’s proposals for a Digital Services Act and a Digital Markets Act. Both Opinions aim to assist the EU legislators to shape a digital future rooted in EU values, including the protection of individuals’ fundamental rights, such as the right to data protection.

RESOURCES

EDPB Document on response to the request from the European Commission for clarifications on the consistent application of the GDPR, focusing on health research

EDPB's response to a request by the European Commission for clarification on the consistent application of the GDPR, fovussing on Health Research.

EDPB adopted documents - 45th plenary

EDPB adopted documents - 45th plenary

During its 45th plenary, the EDPB adopted the following documents:

Podcast: Democratic Societies in the Digital Age - Mass Surveillance and Facial Recognition

Podcast: Democratic Societies in the Digital Age - Mass Surveillance and Facial Recognition

To tackle some of these challenges that western democracies are facing right now, the trainees from the European Data Protection Supervisor and European Data Protection Board have prepared a 3-episode podcast series titled: Democratic Societies in the Digital Age.

In this first episode, with the help of Ella Jakubowska, Policy and Campaigns Officer at the European Digital Rights (EDRi), we will go deep on the concept of mass surveillance.

CONTRIBUTE

Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.