We bring you a round up of articles and updates in the data sphere.
Europe: EDPS-EDPB Joint Opinion on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data ( EU’s Data Act) – ‘data protection must prevail to empower data subjects’.
Global: The Wall Street Journal reports that Grindr User Data was sold via ad-networks reportedly since at least 2017. The article tells of the impact this has allegedly had on users when the dating app’s user locations were collected and sold. In the last two years Grindr has curtailed the data it shares with advertising partners.
UK: The ICO warn that the Financial Conduct Authority has seen screen sharing scams rise by 86% and more than £25 million has been stolen since January 2021. They encourage that suspicious calls be reported to Action Fraud and to take steps to keep extra protected.
Scammers are using screen sharing software and then expanding permissions or downloading remote access software which gives them direct access to online bank accounts. They can also then install their own malware giving them full access at any time.
Read the FCA’s advice to learn more about the common tactics of these scammers – ScamSmart – Avoid investment and pension scams | FCA
UK: This year the Queen’s speech 2022 gave specific notice to Data Protection in the UK, looking to a Bill with the purpose to:
- take advantage of the benefits of Brexit to create a world class data rights regime that will allow for the creation of a new pro-growth and trusted UK data protection framework that reduces burdens on businesses, boosts the economy, helps scientists to innovate, and improves the lives of people in the UK.
- increase industry participation in Smart Data Schemes, which will give citizens and small businesses more control of their data, and help those who need healthcare treatments, by helping improve appropriate access to data in health and social care contexts.
- modernise the Information Commissioner’s Office (‘ICO’), making sure it has the capabilities and powers to take stronger action against organisations who breach data rules while requiring it to be more accountable to Parliament and the public.
Read more from OneTrust.
Global: Google recently expanded the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.
India: An interesting option piece on the state of Indian affairs regarding data policy in the direction of a ‘surveillance state’
Italy: Following case studies of situations intended to decrease corruption the Italian data privacy guarantor has suggestions for managing whistleblowing systems, guaranteeing the confidentiality of employees and other people who report illegal conduct.
EDPB: The European Data Protection Board has published two main guidelines on the calculation of GDPR fines and on the use of facial recognition in law enforcement.
The adopted guidelines refer to the calculation of fines under the GDPR, and the use of facial recognition technologies by law enforcement and judicial authorities.
CNIL: The French governing body has released criteria for assessing the legality of cookie walls as a first criterion for ensuring that cookie walls do not contradict the requirement of freedom of consent that either:
- the publisher must offer a real and fair alternative allowing access to the site and which does not imply having to consent to the use of their data;
or
- the publisher must be able to demonstrate, in particular to CNIL, that another publisher offers such an alternative without imposing a cookie wall.
EU: Following The Internet Watch Foundation’s annual report published in April, which shows that Europe is the ‘preferred global hub’ for hosting online child sexual abuse material; new leaked information, suggests that the European Commission will put forward a generalised scanning obligation for messaging services, according to a draft proposal obtained by news outlet EURACTIV.
Across the UK and US, well-known companies have been disciplined for data breaches:
US:
US regulators fine twitter $150m for handing users’ contact details to advertisers that was information collected for security purposes –
Washington DC’s attorney general has sued Mark Zuckerberg, seeking to hold the Facebook co-founder personally responsible for his alleged role in allowing the political consultancy Cambridge Analytica to harvest the personal data of millions of Americans during the 2016 election cycle.
With CNBC stating that Facebook users are receiving direct cash compensation
Uk: ICO fines Clearview AI Inc, a facial recognition database company over £7.5m and orders the data from the to be deleted –
Google sued for using the NHS data of 1.6 million Britons ‘without their knowledge or consent’
The Royal Free NHS Trust in London, which gave Google the patient data, was previously told the move was illegal following an investigation by the Information Commissioner’s Office.
