Privacy Transformation - Issue 92
PRIVACY
Big data is booming in the U.S., but other countries are making the rules
Lawmakers and regulators in some of the world’s largest countries are ramping up enforcement of privacy laws, revising statutes or debating new rules.
EU set to publish UK Adequacy Decision
Draft adequacy decision European Commission set to allow the continued free flow of data between the EU and UK, after confirming that the UK offers an adequate level of protection for personal data, pursuant to Article 45 of the General Data Protection Regulation the GDPR.
Next-gen privacy: Examining the EU’s ePrivacy Regulation
This article examines the legal backdrop to the ePR, recent evolution, key features of the current version of the text, as well as its interplay with the GDPR.
DPC under fire over dated software
The lead regulator overseeing big tech companies’ compliance with the general data-protection regulation has come under fire from privacy activists who argue its IT systems are ill-equipped for the task.
SECURITY & TECH
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
Tracker pixels in emails are now an ‘endemic’ privacy concern
Invisible pixels used to track email activity are now an "endemic" issue that breaches our privacy, analysts suggest.
Opinion: A case against the peeping tom theory of privacy
Yes, it's creepy when companies can track your every move. But that's not the only problem.
mHealth apps leads to millions exposed to cyber-attacks!
23m mobile health (mHealth) application users are exposed to application programming interface (API) attacks, that could expose sensitive information, according to researchers.
ENFORCEMENT
Swedish DPA: Police unlawfully used facial recognition app
The Swedish Authority for Privacy Protection finds that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals.
ICO issues fines totalling £270,000 to firms making nuisance calls
The UK ICO has issued fines totalling £270,000 to two separate companies for making unlawful marketing calls to numbers registered with the Telephone Preference Service (TPS). It is against the law to make marketing calls to numbers that have been registered with the TPS for more than 28 days, unless people have provided consent.
Italian regulator fines Facebook 7M euros for noncompliance Related
Italy's Antitrust Authority issued a 7 million euro fine to Facebook following noncompliance with mandated changes to its data practices.
Polish DPA: The first fine for non-compliance with an administrative decision order
An administrative fine of more than PLN 85 000 (EUR 20 000) imposed on an entrepreneur, conducting an economic activity in the field of health care, for the failure to comply with the order imposed on it in an administrative decision.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
DPC: CCTV, Discovery and Access Requests
The DPC has published their view of a ruling by Justice Barr in November 2020 that a restaurant was not obliged to disclose CCTV recordings of an incident to a person identifiable on the recording and who claimed damages for injuries resulting from that incident. The DPC highlights that there is an important difference between discovery and access requests.
RESOURCES
ICO launches data analytics toolkit
The Information Commissioner’s Office (ICO) is urging all organisations considering using data analytics on personal data to look at its new toolkit.
EDPS Podcast: Democratic societies in the digital age - Dark Patterns and Online Manipulation
This second episode of the EDPS podcast series is focused on dark patterns and online manipulation. The digitalisation of our lives, especially in the course of the pandemic, has been, our new normal, as more of our physical processes go through the cyber space, which means more data, more systems, more vulnerabilities, more opportunities for online manipulation and use of deceptive techniques.
CONTRIBUTE
Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.