Privacy In Focus | December

December 30, 2022

by Rhema Sijuwade

We bring you a round up of articles and updates in the data sphere

Dec. 15

Microsoft’s EU data boundary will begin rollout in January 2023

Companies and businesses that use Microsoft will be able to process and store customer data within the European Union. Concerns have been expressed about customer data flow across international boundaries. Currently, customer data can only be processed and accessed in the region that it originates from. Microsoft stated that this development will reduce data flows out of Europe.

Read more:

Dec. 14

Further developments have been made toward an EU-US data sharing agreement

A draft decision has been made, agreeing that the US has taken sufficient measures to ensure adequate protection for personal data to be transferred to US companies. If the draft is successful, US companies will be able to join the EU-US Data Privacy Framework, meaning they must adhere to EU privacy laws. However, privacy campaigners believe it is unlikely that this draft decision will pass the test in courts.

Read more:

Dec. 13

New bill presented to ban TikTok in the US

Years of concern regarding TikTok and the possible influence of the Chinese government on the app has resulted in a new bill to ban TikTok. The Anti-Social CCP Act declares that the popular app should be restricted unless data concerns are addressed. The US government across both Trump and Biden administrations have voiced fears that TikTok could make U.S. user data available to the Chinese government if requested by Chinese law.

Read more:

Dec. 12

Adviser recommends that CNIL should fine Apple 6 million euros

Lobby group, France Digitale, filed a complaint in 2021 against Apple. The group alleged that the iOS 14 software was not compliant with EU privacy laws. Reuters reported that this complaint was investigated by Francois Pellegrini, who discovered that iOS 14.6 failed to obtain adequate consent from users in order to collect personal data, therefore breaching EU privacy laws. The CNIL will make the final decision on the fine imposed.

Read more:

Dec. 9

The ICO releases new rules for apps to increase consumer security and privacy

A voluntary code of conduct for app developers and operators has been released. If implemented, this will enable security experts to alert app developers when there are software vulnerabilities, making sure that their security procedures are up to date. This development is in response to the lack of regulations governing app security which compromises the personal data of users. The government will work alongside app developers to implement these changes.

Read more:

Dec. 8

Apple announce new security and privacy features

Apple will introduce new security and privacy improvements amid an increase in cyber-attacks. Users will be able to back up their data on iCloud using end-to-end encryption, meaning that only the user will be able to access this data. It also protects users against the threat of hackers. Privacy groups have applauded this development, as it advocates for increased cyber protection against hackers and government surveillance.

Read more:

Dec. 7

ICO fines five companies over £400,000 for making illegal marketing calls

Head of the UK Information Commissioner’s Office stated that five rogue companies used pressure methods to sell electronic appliances and insurance. Almost half a million illegal calls were made, targeting individuals over 60. This fine contributes to more than £2 million in penalties issued by the ICO this year for spam calls, emails and texts.

Read more:

Dec. 6

European Council pursues EU digital wallet

The European digital identity (EID) framework was proposed by the Commission in June 2021. This identification will be made available through a European digital identity wallet accessible by: EU citizens, residents and businesses. It will provide ‘secure and trustworthy’ electronic identification and authentication. The development has been described as a ‘paradigm shift’ for digital identity, advancing how EU citizens use digital services.

Read more:

Dec. 5

ICO releases new direct marketing guidance

The UK Information Commissioner’s Office has released guidance for direct marketing that businesses and organisations can follow. The webpage includes checklists, Privacy and Electronic Communications Regulations training resources, guidance and much more, providing all the information needed to directly market. The ICO have acknowledged the crucial role that direct marketing plays in growing businesses and therefore seeks to ‘support and empower’ direct marketing activities whilst ensuring businesses comply with the law.

Read more:

Dec. 2

Ontario appeal court limits privacy claims in data breach lawsuits

An Ontario court has limited the right of individuals to sue organisations for failure to protect their personal data. This decision was made following the Equifax Canada data breach in 2017. Victims of the breach attempted to sue for intrusion upon personal privacy, however the court ruled that Equifax could not be sued for their alleged failure to prevent the hackers, as the perpetrators are liable. If the proposed Consumer Privacy Protection Act is passed, all provinces will have the right to sue for failure to protect personal data.

Read more:

Dec. 1

Hungarian government misused personal data during the 2022 national election campaign

Human Rights Watch (HRW) reported that the use of personal data during the 2022 election campaign unfairly advantaged the current ruling party. Data collected from citizens who signed up for the Covid-19 vaccine, registered for tax benefits or for a membership in a professional association, was used to spread political campaign messages.

Read more:

Nov. 30

South Staffordshire Water face possible data breach due to hackers

The personal data of over 1.7 million customers could be vulnerable due to possible data breach caused by hackers. Customer data including addresses and bank details may have been leaked on the dark web. At this moment, it is unknown how many customers were affected; however, the company is now working with the National Crime Agency to investigate this incident.

Read more:

Nov. 29

Irish Regulator fines Meta for breaching data protection rules

Last year it was discovered that personal data from Facebook was accessible on an online hacking forum. This data had been harvested through, the now removed feature of, finding friends using phone numbers. The company was fined for failure to include data protection by design and as a default. In addition to the fine, Meta was instructed to process data in a compliant manner.

Read more:

Nov. 28

Microsoft may encounter legal trouble over compliance issues

German data protection regulators found that Microsoft have not resolved the compliance issues it has raised, therefore not adequately addressing privacy concerns surrounding cloud-based 365 products. The European Union protection supervisor has been investigating the European Commission’s use of Microsoft Office 365. It has stated that use of non-compliant ICT products jeopardises the protection of EU citizen’s personal data.

Read more:

Nov. 25

Twitter urged to address security failures

Twitter has been pushed to address the “significant security failures” reported by the former Twitter chief of security. The main concern being foreign power access to data and information which could be used against American interests, if not adequately protected. Elon Musk has been instructed to provide answers on how Twitter protects user data from foreign intelligence.

Read more: