Privacy Transformation - Issue 98

PRIVACY

Department of Health inspected by data watchdog as part of ‘autism dossiers’ probe

Department of Health inspected by data watchdog as part of ‘autism dossiers’ probe

The Data Protection Commissioner (DPC) has carried out an inspection at the Department of Health as part of its “autism dossiers” probe. In a significant ramping up of its investigation, authorised officers visited the department this morning.

Related:

DPC statement: Inquiry into processing of personal data by the Department of Health

Taoiseach requests review into Health Department's gathering of dossiers on children with autism

State open to privacy lawsuits over claims in dossier

Whistleblower claims raise serious issues in areas of privacy and data protection

Department may have compiled dossiers on up to 400 disabled children

Max Schrems: Irish Data Protection Commissioner's process is designed to fail

Max Schrems: Irish Data Protection Commissioner's process is designed to fail

Max Schrems is probably a name the average Irish person is familiar with, though they may not be able to pinpoint why: Something to do with Facebook, he’s taken them to court, you recollect.

Supermac’s served to Data Protection Commission over CCTV policy

Supermac’s served to Data Protection Commission over CCTV policy

Supermac’s is on a collision course with the Data Protection Commission over the fast-food company’s policy of not supplying CCTV footage to people seeking compensation for injuries they say happened on its premises.

SECURITY & TECH

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent.

UK NCSC Weekly Threat Report

UK NCSC Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

IoT firm Ubiquiti hit by 'catastrophic' data breach

IoT firm Ubiquiti hit by 'catastrophic' data breach

Ubiquity downplayed the incident according to an anonymous whistleblower.

ENFORCEMENT

Dutch data protection authority fines Booking.com

Dutch data protection authority fines Booking.com

Dutch Data Protection Authority has imposed a fine of €475,000 on Booking.com for a data breach where criminals accessed the personal data of more than 4,000 customers, including obtaining the credit card details of nearly 300 users of the popular travel site.

EDPB - Bavarian DPA calls for German company to cease the use of 'Mailchimp' tool

EDPB - Bavarian DPA calls for German company to cease the use of 'Mailchimp' tool

The "ruling" presented in the "Standard" concerns a remedy procedure concluded without formal supervisory measures regarding a complaint by a data subject, in which the controller (an individual company) that had used Mailchimp had, after our request for comments and detailed information on the consequences of the Schrems II- decision, announced that it had now refrained from using Mailchimp.

MEPs rue lack of GDPR sanctions issued by Irish data authority

MEPs rue lack of GDPR sanctions issued by Irish data authority

MEPs have said that "a lack of political will and resources" had resulted in a laggard approach to enforcement of the EU's general data protection regulation (GDPR), singling out in particular the lack of sanctions dished out by the Irish data protection authority.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE

CNIL Publishes FAQ Clarifying Cookie Use

The French Data Protection Authority published a FAQ on March 18, 2021 to further explain its earlier guidelines and “recommendation” on cookies and other tracking technologies.

RESOURCES

Research Paper: Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

This Trinity College Dublin Research Paper investigates what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. It finds that even when minimally configured and the handset is idle, both iOS and Google Android share data with Apple/Google on average every 4.5 mins.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.