Microsoft’s EU data boundary will begin rollout in January 2023
Companies and businesses that use Microsoft will be able to process and store customer data within the European Union. Concerns have been expressed about customer data flow across international boundaries. Currently, customer data can only be processed and accessed in the region that it originates from. Microsoft stated that this development will reduce data flows out of Europe and build their industry-leading residency solutions.
Further developments have been made toward an EU-US data sharing agreement
A draft decision has been made, agreeing that the US has taken sufficient measures to ensure adequate protection for personal data to be transferred to US companies. If the draft is successful, US companies will be able to join the EU-US Data Privacy Framework, meaning they must adhere to EU privacy laws. However, privacy campaigners believe it is unlikely that this draft decision will pass the test in courts.
New bill presented to ban TikTok in the US
Years of concern regarding TikTok and the possible influence of the Chinese government on the app has resulted in a new bill to ban TikTok. The Anti-Social CCP Act declares that the popular app should be restricted unless data concerns are addressed. The US government across both Trump and Biden administrations have voiced fears that TikTok could make U.S. user data available to the Chinese government if requested by Chinese law.
Adviser recommends that CNIL should fine Apple 6 million euros
Lobby group, France Digitale, filed a complaint in 2021 against Apple. The group alleged that the iOS 14 software was not compliant with EU privacy laws. This complaint was investigated by Francois Pellegrini, who discovered that iOS 14.6 failed to obtain adequate consent from users in order to collect personal data, therefore breaching EU privacy laws. The CNIL will make the final decision on the fine imposed.
The ICO releases new rules for apps to increase consumer security and privacy
A voluntary code of conduct for app developers and operators has been released. If implemented, this will enable security experts to alert app developers when there are software vulnerabilities, making sure that their security procedures are up to date. This development is in response to the lack of regulations governing app security which compromises the personal data of users. The government will work alongside app developers to implement these changes.
Apple announce new security and privacy features
Apple will introduce new security and privacy improvements amid an increase in cyber-attacks. Users will be able to back up their data on iCloud using end-to-end encryption, meaning that only the user will be able to access this data. It also protects users against the threat of hackers. In one year alone, data breaches increased by 68%. Privacy groups have applauded this development, as it advocates for increased cyber protection against hackers and government surveillance.
ICO fines five companies over £400,000 for making illegal marketing calls
Head of the UK Information Commissioner’s Office, Andy Curry, stated that five rogue companies used ‘pressure tactics’ and ‘misleading statements’ to sell electronic appliances and insurance. Almost half a million illegal calls were made, targeting individuals over 60. The receivers of the calls were registered with the Telephone Preference Service, making it unlawful to make these marketing calls. This fine contributes to more than £2 million in penalties issued by the ICO this year for spam calls, emails and texts.
European Council pursues EU digital wallet
The European digital identity (EID) framework was proposed by the Commission in June 2021. This identification will be made available through a European digital identity wallet accessible by: EU citizens, residents and businesses. It will provide ‘secure and trustworthy’ electronic identification and authentication. The development has been described as a ‘paradigm shift’ for digital identity, advancing how EU citizens use digital services.
ICO releases new direct marketing guidance
The UK Information Commissioner’s Office has released guidance for direct marketing that businesses and organisations can follow. The webpage includes checklists, Privacy and Electronic Communications Regulations training resources, guidance and much more, providing all the information needed to directly market. The ICO have acknowledged the crucial role that direct marketing plays in growing businesses and therefore seeks to ‘support and empower’ direct marketing activities whilst ensuring businesses comply with the law.
Ontario appeal court limits privacy claims in data breach lawsuits
An Ontario court has limited the right of individuals to sue organisations for failure to protect their personal data. This decision was made following the Equifax Canada data breach in 2017. Victims of the breach attempted to sue for intrusion upon personal privacy, however the court ruled that Equifax could not be sued for their alleged failure to prevent the hackers, as the perpetrators are liable. Aside from Quebec, no province has a civil right to privacy. However, if the proposed Consumer Privacy Protection Act is passed, all provinces will have the right to sue for failure to protect personal data.
Hungarian government misused personal data during the 2022 national election campaign
Human Rights Watch (HRW) reported that the use of personal data during the 2022 election campaign unfairly advantaged the current ruling party. Data collected from citizens who signed up for the Covid-19 vaccine, registered for tax benefits or for a membership in a professional association, was repurposed and used to spread political campaign messages. This has been described as “a betrayal of trust and an abuse of power” by researcher at HRW.
South Staffordshire Water face possible data breach due to hackers
The personal data of over 1.7 million customers could be vulnerable due to possible data breach caused by hackers. Customer data including addresses and bank details may have been leaked on the dark web. At this moment, it is unknown how many customers were affected; however, the company is now working with the National Crime Agency to investigate this incident.
Irish Regulator fines Meta for breaching data protection rules
Last year it was discovered that personal data from Facebook was accessible on an online hacking forum. This data had been harvested through, the now removed feature of, finding friends using phone numbers. The company was fined for failure to include data protection by design and as a default. In addition to the fine, Meta was instructed to process data in a compliant manner.
Microsoft may encounter legal trouble over compliance issues
German data protection regulators found that Microsoft have not resolved the compliance issues it has raised, therefore not adequately addressing privacy concerns surrounding cloud-based 365 products. The European Union protection supervisor has been investigating the European Commission’s use of Microsoft Office 365. It has stated that use of non-compliant ICT products jeopardises the protection of EU citizen’s personal data.
Twitter urged to address security failures
Twitter has been pushed to address the “significant security failures” reported by the former Twitter chief of security. The main concern being foreign power access to data and information which could be used against American interests, if not adequately protected. Elon Musk has been instructed to provide answers on how Twitter protects user data from foreign intelligence.