Privacy Transformation - Issue 98
PRIVACY
Department of Health inspected by data watchdog as part of ‘autism dossiers’ probe
The Data Protection Commissioner (DPC) has carried out an inspection at the Department of Health as part of its “autism dossiers” probe. In a significant ramping up of its investigation, authorised officers visited the department this morning.
Related:
DPC statement: Inquiry into processing of personal data by the Department of Health
Taoiseach requests review into Health Department's gathering of dossiers on children with autism
State open to privacy lawsuits over claims in dossier
Whistleblower claims raise serious issues in areas of privacy and data protection
Department may have compiled dossiers on up to 400 disabled children
Max Schrems: Irish Data Protection Commissioner's process is designed to fail
Max Schrems is probably a name the average Irish person is familiar with, though they may not be able to pinpoint why: Something to do with Facebook, he’s taken them to court, you recollect.
Supermac’s served to Data Protection Commission over CCTV policy
Supermac’s is on a collision course with the Data Protection Commission over the fast-food company’s policy of not supplying CCTV footage to people seeking compensation for injuries they say happened on its premises.
SECURITY & TECH
Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out
Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent.
UK NCSC Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
IoT firm Ubiquiti hit by 'catastrophic' data breach
Ubiquity downplayed the incident according to an anonymous whistleblower.
ENFORCEMENT
Dutch data protection authority fines Booking.com
Dutch Data Protection Authority has imposed a fine of €475,000 on Booking.com for a data breach where criminals accessed the personal data of more than 4,000 customers, including obtaining the credit card details of nearly 300 users of the popular travel site.
EDPB - Bavarian DPA calls for German company to cease the use of 'Mailchimp' tool
The "ruling" presented in the "Standard" concerns a remedy procedure concluded without formal supervisory measures regarding a complaint by a data subject, in which the controller (an individual company) that had used Mailchimp had, after our request for comments and detailed information on the consequences of the Schrems II- decision, announced that it had now refrained from using Mailchimp.
MEPs rue lack of GDPR sanctions issued by Irish data authority
MEPs have said that "a lack of political will and resources" had resulted in a laggard approach to enforcement of the EU's general data protection regulation (GDPR), singling out in particular the lack of sanctions dished out by the Irish data protection authority.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
CNIL Publishes FAQ Clarifying Cookie Use
The French Data Protection Authority published a FAQ on March 18, 2021 to further explain its earlier guidelines and “recommendation” on cookies and other tracking technologies.
RESOURCES
Research Paper: Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google
This Trinity College Dublin Research Paper investigates what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. It finds that even when minimally configured and the handset is idle, both iOS and Google Android share data with Apple/Google on average every 4.5 mins.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.