Privacy Transformation - Issue 93
PRIVACY
DPC publishes 2020 Annual Report - 10% increase in data security breaches
The Data Protection Commission handled more than 10,000 cases last year, a 9% increase on the previous year.
6,628 valid data security breaches were notified to the commission over the period, up 10% on 2019, with unauthorised disclosures making up the vast majority.
Other Sources:
The Journal - Over 6,600 data security breaches notified last year
Facebook pressed Irish ambassador to lobby US Congress members
Tech giant asked Daniel Mulhall to contact Friends of Ireland caucus over EU-US data transfers.
UK's Adequacy Decision Regarding EU and UK Data Sharing
The European Union Commission issued draft adequacy decision for data flows between EU and UK. Whilst widely expected, this draft decision provides some assurance about the continuing free flow of data between the EU and UK although businesses should take heed of a few ongoing regulatory issues.
Draft Adequacy Decision available here.
Data Protection Commissioner: Transfer of Mother and Baby Homes records to Dept could be 'high risk'
The Data Protection Commissioner has warned that the Department of Children’s lack of expertise about the Mother and Baby Homes Commission’s archive could be a “high risk” when records are transferred to the government department once the commission is wound down.
Schrems II: How to protect against liability when using non-EEA vendors
This post looks at how companies can protect against liability when using non-EEA/equivalency country vendors.
VACCINE PASPORTS
Vaccine passports are an increasingly hot topic in data protection. In thisopinion piece, Eduardo Ustaran puts forward a case for how data protection can facilitate vaccine passports. With a contrary opinion, Jaap-Henk Hoepman illustrates why he considers such passports to be an 'utter waste of time and effort'.
SECURITY & TECH
UK NCSC - Weekly Threat Report 19th February 2021
The NCSC's weekly threat report is drawn from recent open source reporting.
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
Whistleblowers say they were forced out after flagging problems with e-commerce giant’s data security and compliance.
Irish data regulator stopped Facebook from introducing a suicide and self-harm alert service
Ireland's Data Protection Commissioner (DPC) Helen Dixon stopped Facebook from introducing a new feature that would have seen the social platform contact health authorities if evidence of self-injury or suicidal ideation was seen in Facebook users’ accounts.
Microsoft wraps up SolarWinds investigation, says some code was stolen
Investigation into the SolarWinds hack is now closed, but Microsoft's battle against cybersecurity threats continues.
WhatsApp to go ahead with changes despite backlash
The messaging app is making a second attempt to convince users to accept its new privacy policy.
Clubhouse confirms data spillage of its audio streams
A user has been banned for streaming audio from multiple Clubhouse chatrooms onto their website.
DATA BREACH
Thousands Of People Have Highly Personal Details Exposed In COVID-19 Vaccine Data Breach
Thousands of people who have received the COVID-19 vaccine have had highly personal details exposed in a data breach, it can been revealed.
ENFORCEMENT
Spanish Data Protection Authority imposes fine of 6M EUR
The Spanish Data Protection Authority (AEPD) imposed a total fine of 6M EUR on CAIXABANK, S.A., for unlawfully processing clients’ personal data (4M EUR) and not providing sufficient information regarding the processing of personal data (2M EUR).
Norwegian DPA issues fine to company performing credit rating without legal basis
The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 for having performed a credit rating on a private individual without legal basis.
More on the latest GDPR enforcement news can be found on:
RESOURCES
Data Protection Commission 2020 Annual Report
Commissioner for Data Protection in Ireland, Helen Dixon, published the Irish Data Protection Commission’s Annual Report for 2020.
EDPS Podcast: Final Episode - Democratic Societies In the Digital Age
Technology is constantly evolving and every second it passes its evolving even faster and their impact on our societies is getting greater. That is why on this third and last episode of the podcast series "Democratic Societies in the Digital Age", organized by the EDPS and EDPB trainees, we look at "Emerging Technologies and Future Challenges".
One Way Tables - protecting data in relational databases
One of the potential downsides of relational data is the ease at which data can be related in both directions. A simple search of the table below will reveal no only if a known customer has COVID but a list of all COVID positive customers.
CONTRIBUTE
Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.