fbpx

WhatsApp Ireland sets aside €77.5m for possible data compliance fines

The Irish arm of messaging platform WhatsApp recorded an €11.2 million loss last year after setting aside €77.5 million to cover possible fees linked to an investigation undertaken by the Irish Data Protection Commissioner.

The Data Protection Commission investigation into WhatsApp examined its compliance with Articles 12 to 14 of the General Data Protection Regulation (GDPR) in relation to transparency around what information is shared with Facebook.

Source: WhatsApp Ireland sets aside €77.5m for possible data compliance fines

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors for the matters referred to in Article 28 of GDPR.

Use of the Clauses is not compulsory, and controllers and processors may still choose to negotiate individual contracts to satisfy the requirements of Article 28 GDPR and allow a certain degree of flexibility.

The Clauses are currently open for public consultation until 10 December 2020.

Source: European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses | Alston & Bird Privacy Blog

DEA Pursues Vast Expansion of Patient Surveillance

The Drug Enforcement Administration (DEA) is looking to expand its anti-diversion surveillance infrastructure by being able to search and analyze myriad patient behaviors for the vast majority of controlled and scheduled drug prescriptions—all accompanied by a rapid process for legally unveiling personally identifying information.

In early September, the agency requested proposals for the creation of software capable of searching at least 85 percent of all US residents’ controlled-substance prescriptions for certain patient behaviors, as well as prescriber and pharmacist practices.

Source: DEA Pursues Vast Expansion of Patient Surveillance

Apple hits out at campaign group’s ‘inaccurate’ privacy complaint

Apple has strongly denied claims from privacy campaigners that it has breached Europe’s ePrivacy directive through its Identifier for Advertisers (IDFA).

The non-profit campaign group Noyb said that the Apple operating system on iPhones creates IDFA without the user’s knowledge or consent, thereby breaching Europe’s Privacy Directive.

However a spokesperson for Apple, responding to the allegations, said: “The claims made against Apple in this complaint are factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint. Apple does not access or use the IDFA on a user’s device for any purpose.

Source: Apple hits out at campaign group’s ‘inaccurate’ privacy complaint

The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

On September 16, 2020, the Spanish Supervisory Authority (AEPD) approved a “Code of Conduct for Data Processing in Advertising”. This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union.

The Code broadly applies to any processing of personal data carried out for advertising purposes, including sending direct marketing communications and using cookies and other technologies for targeted advertising.

Source: The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising

Tim Berners-Lee launches enterprise-friendly decentralised web platform in move to ‘restore power on the web’

Tim Berners-Lee has launched an enterprise-friendly decentralised web platform using the open-source technology, Solid, to “restore power” on the web.

On November 9, founding father of the World Wide Web, Berners-Lee – in collaboration with John Bruce – launched Enterprise Solid Server, the enterprise-friendly infrastructure that supports the company’s decentralised web platform, Inrupt.

The premise of the technology is straightforward: store your personal information separately in a personal “pod” (personal online data store) and share only what is necessary with services only when you are using them.

Source: Tim Berners-Lee launches enterprise-friendly decentralised web platform in move to ‘restore power on the web’

Vodafone fined over 12 million Euro by Italian DPA for aggressive telemarketing practices

The Italian data protection supervisory authority (Garante per la protezione dei dati personali) ordered Vodafone to pay a fine in excess of Euro 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

As well as having to pay the fine, the company is required to implement several measures set out by the Garante in order to comply with national and EU data protection legislation.

Investigations revealed the use of fake telephone numbers or numbers that were not registered with the ROC (i.e. the National Consolidated Registry of Communication Operators) in order to place the marketing calls. This practice is under Vodafone’s own spotlight and is seemingly related to a shady set of unauthorised call centres that carry out telemarketing activities in utter disregard of personal data protection legislation.

Additional violations could be established as for the handling of contact lists purchased from external providers.

Source: Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

Forensic Genealogy Cracks Cold Cases Amid Privacy Concerns

Millions of people will unwrap at-home ancestry testing kits this holiday season and eagerly swab their cheeks and mail in the saliva, hoping their DNA will unlock clues about their heritage or reveal long-lost relatives.

The tests, which can cost as little as $59, offer entertainment and a chance to uncover family secrets. But with law enforcement increasingly mining the DNA databases to solve cold cases, as in the arrest last week of a Lehigh County man suspected in the 1969 murder of a San Diego woman, experts say consumers should think about their privacy when they hand over their DNA.

Source: Forensic Genealogy Cracks Cold Cases Amid Privacy Concerns | Pennsylvania News | US News

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

Source: Defining data protection standards could be a hot topic in state legislation in 2021 | CSO Online

How the U.S. Military Buys Location Data from Ordinary Apps

A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people’s personal data to brokers, contractors, and the military.

The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a “level” app that can be used to help, for example, install shelves in a bedroom.

Source: How the U.S. Military Buys Location Data from Ordinary Apps

>