We bring you a round up of articles and updates in the data sphere
24 Nov.
The Irish Data Protection Commission indicates a range of fines to TikTok
—
The DPC has indicated that “a preliminary range of fines” will be imposed on the Irish sector of TikTok. An inquiry was launched in September 2021, examining the processing of children’s data. Contingent liabilities concerning personal data were found, resulting in the implementation of fines. However, TikTok emphasises that the protection of younger user’s private data is a top priority.
23 Nov.
UK finalises adequacy agreement with South Korea
—
The UK has finalised its first adequacy decision since leaving the EU. Businesses in the UK and Republic of Korea will be able to share personal data between them without restrictions. Organisations will no longer need expensive, time-consuming contractual safeguards to share data. This will increase opportunities for smaller organisations to transfer data and facilitate innovate collaborations between both nations.
22 Nov.
Common Sense Media says that use of virtual reality in schools violates student data
—
Education through the use of VR presents many new exciting opportunities for schools and students. However, CSM director of privacy stated that no devices can be recommended to schools as they violate state and federal privacy laws. VR headsets can collect biometric data, this is extremely sensitive data which requires adequate data protection practices. The use of VR could potentially expose this valuable data to tech companies.
21 Nov.
Facebook sued for potentially breaking UK data laws
—
Facebook match user profiles with advertisers; who direct specific adverts to users based on their personal data. Tanya O’Carroll has filed a lawsuit against Meta, claiming that use of personal data to target ads breaches UK data protection law, as it dismisses her right to object to the collection of her personal data.
18 Nov.
India’s Ministry of Electronics and Information Technology propose new Digital Personal Data Protection Act
—
The aim of this new Act is to ensure that personal data is protected, and that data is processed for lawful purposes. This development in data protection has been made to allow data transfers outside of India. A Data Protection Board has been established to ensure compliance and impose penalties. The Bill is open to public commentary until the end of 2022.
17 Nov.
DISCORD fined 800,000 euros by French Data Authorities
—
Upon investigation, the CNIL found that Discord had failed to comply with several GDPR regulations. Though multiple breaches were sanctioned regarding data retention periods, failure to protect data by default and more, it was found that DISCORD had made attempts to comply with GDPR procedurally.
16 Nov.
FBI director states that TikTok causes national security concerns
—
FBI director expresses concerns that the Chinese government can influence TikTok users and control their devices through data collection. The Committee on Foreign Investment in the United States and the popular app are in liaison, with aims to protect the data of its users through a national security agreement.
15 Nov.
EU’s Digital Services Act enters into force
—
In response to the increased digitalisation of services and growing online platforms, the DSA aims to create a safer space online by introducing new regulations. Entities that fall under this regulation will have four months to comply with these obligations.
15 Nov.
Google will pay $392m to 40 states for failure to stop tracking location data upon request
—
In 2018, it was discovered that Google continued to track the location data of individuals despite users opting out. The settlement reached is the largest ever US privacy settlement and has been described as a massive victory for consumers, combating the ever-growing threat of privacy violation and surveillance.
11 Nov.
Twitter comes under fire due to data and privacy safeguards
—
The Federal Trade Commission have expressed concern over the disarray that has followed Elon Musk’s acquisition of Twitter. The company has a history of security and privacy violations. The consumer protection representative stated that Musk has violated the 2011 Consent Decree by failing to protect consumer data.
12 teams from the US and UK have won the first stage of the privacy-enhancing technology challenges
—
The UK and U.S. government have come together to host a privacy-enhancing technology competition. The teams were tasked to come up with innovative solutions to solve artificial financial crime scenarios. The winning solutions will be acknowledged at the second Summit for Democracy in 2023.
10 Nov.
France: French data protection authority (CNIL) encourages World Cup fans to use burner phones in Qatar
—
Concerns over spyware disguised as apps have led French data officials to warn against the use of personal smartphones, instead advising the use of burner phones. For football fans travelling to Qatar for the World Cup, it is compulsory to download the sporting event app ‘Hayya’ and a covid tracking app ‘Ehteraz’. Experts have claimed that these apps are a form of spyware, enabling Qatari authorities to track data.
09 Nov
Netherlands: Privacy Foundation take action against TikTok
—
Amsterdam District Court ruled in favour of The Take Your Privacy Back Foundation, who have taken action against the popular app concerning personal data use. Although it was argued that the Court could not rule on these claims due to the establishment location of TikTok, it was held that the Dutch Court has jurisdiction.
08 Nov
UK: Data Protection plans come under fire
—
Members of European Parliament were highly disappointed when presented with UK data protection reform plans. The UK was criticised for prioritising businesses and maintaining lucrative data flows over privacy principles.
A MEP stated that the ICO official had no knowledge about data protection, emphasising that there was no mention of data protection being a fundamental right.
07 Nov
SPAIN: AEPD fines UPS España €70,000
—
UPS violated the integrity and confidentiality principle by delivering a parcel to the recipients’ neighbour without consent. The company failed to ensure that the data subject was protected, therefore violating GDPR legislation.
06 Nov
UK: ICO warns Department of Education over data misuse
—
The ICO found the DfE had facilitated the use of childrens’ records to gambling companies by granting them access to the database. The ICO presented measures the DfE must take to improve their overall data protection, making sure that childrens’ data is protected.
04 Nov
UK: Royal Mail suspended Click and Drop service
—
Royal Mail suspended Click and Drop services due to a data breach. A technical issue resulted in the exposure of customer orders. This issue has since been resolved and an investigation has been launched to find cause of the technical fault.
03 Nov
UK: ICO reduces Cabinet Office 2020 data breach fine.
—
The ICO has reduced the fine levied in response to the publishing of a file on GOV.UK containing the names and addresses of 1000 people. The fine of £500,000 described as “wholly disproportionate” was appealed by the Cabinet Office and reduced to £50,000. The UK Information Commissioner highlighted that whilst proportional, the original fine may put further economic pressure on public bodies.
