fbpx

The Netherlands imposes first GDPR fine of EUR 460,000

The Dutch Data Protection Authority – Autoriteit Persoonsgegevens – has issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records.

The hospital did not have in place two-factor authentication, which should have been the case when it comes to patient records. Also, while the hospital did control its logs (by a random check of six patient records per year), that this wasn’t sufficient to meet the requirement of ‘systematic, risk-oriented or intelligent control’, in particular considering the scale of data processing by the hospital.

Source: The Netherlands – First GDPR fine imposed: EUR 460,000

ePrivacy Regulation Slowly Moves Forward

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021.

With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and in view of forthcoming EU parliamentary elections and procedural considerations, it is possible that the adoption of the ePrivacy Regulation may be delayed even further.

Full article: EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

EDPB and the EDPS consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

On July 12, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI).

The eHDSI system was established in the context of the eHealth Network and allows for the exchange of electronic health data of patients between Member States. Opinion confirms that Member States act as “joint controllers” and the European Commission acts as a processor in processing of patient data within the eHDSI .

Full article: The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

Amazon Faces EU Inquiry Over Data From Independent Sellers

European antitrust regulators have opened an investigation into the data that Amazon uses from third-party sellers who rely on the tech company’s site.

The European Union’s top antitrust regulator said on Wednesday that it had opened a formal antitrust investigation into whether Amazon was using the third-party data to promote its own products at the expense of other retailers.

Regulators said they were examining whether Amazon was hurting competition by abusing its dual role as a retailer that sells its own goods and a marketplace where other merchants sell products.

Source: Amazon Faces E.U. Inquiry Over Data From Independent Sellers – The New York Times

FaceApp is back and so are privacy concerns

FaceApp, a Russia-based app that applies filters to photos, is having another moment in the spotlight this week.

The app first went viral in 2017, but this time it’s catching on because of a filter that makes users look older or younger. As with the last viral moment, however, users have been surprised to learn that the app’s creators are harvesting metadata from their photos.

Full article: FaceApp is back and so are privacy concerns – The Verge

Facebook Dodged a Bullet From the FTC. It Faces Many More. 

The social network may have escaped restrictions and financial bruising with the F.T.C.’s settlement, but its pain is just beginning around the world.

Regulators and lawmakers in Washington, Europe and in countries including Canada have already begun multiple investigations and proposing new restrictions against Facebook that will probably embroil it in policy debates and legal wrangling for years to come. And in some of these places, the authorities are increasingly coordinating to form a more united front against the company.

Full article: Facebook Dodged a Bullet From the F.T.C. It Faces Many More. – The New York Times

Irish privacy watchdog may launch another Google investigation

Google may have to face further investigations by the Irish Data Protection Commission after reports of contractors being able to hear users’ audio footage submitted to the tech firm’s digital assistant.

The prospective measures follow a data breach notification sent to the Irish data watchdog last week. The news of the Irish DPC’s prospective investigation comes two months after Google revealed upgraded privacy and data protection features at the firm’s annual developer conference.

Source: Irish privacy watchdog may launch another Google investigation

A few practical tips for managing subject access requests

Subject access requests are the bane of many an in-house privacy professional’s life.

It may seem curious that, on the one hand, we take seriously as privacy professionals our responsibility to uphold data subjects rights while, on the other, the exercise of one of the most fundamental of these rights – that of access to data – will typically cause even the most dedicated of privacy professionals to elicit a small whimper.

Full article: A few practical tips for managing subject access requests

Facial Recognition Tech Is Growing Stronger, Thanks to Your Face

Large databases, built with images from social networks and dating services, contain millions of pictures of people’s faces. Some are shared worldwide. There is no oversight of the data sets.

Immigration and Customs Enforcement officials employed facial recognition technology to scan motorists’ photos to identify undocumented immigrants. The F.B.I. also spent more than a decade using such systems to compare driver’s license and visa photos against the faces of suspected criminals.

Full article: Facial Recognition Tech Is Growing Stronger, Thanks to Your Face – The New York Times

Google is investigating the source of voice data leak

Google  has responded to a report this week from Belgian public broadcaster VRT NWS, which revealed that contractors were given access to Google Assistant voice recordings, including those which contained sensitive information — like addresses, conversations between parents and children, business calls and others containing all sorts of private information.

As a result of the report, Google says it’s now preparing to investigate and take action against the contractor who leaked this information to the news outlet.

The leaker had listened to more than 1,000 recordings, and found 153 were accidental in nature — meaning, it was clear the user hadn’t intended to ask for Google’s help.

Source: Google is investigating the source of voice data leak, plans to update its privacy policies | TechCrunch

>