Weekly Newsletter: 12 July – 16 July 2021
GDPR EU Representative

July 19, 2021

Ransomware-hit law firm gets court order asking crooks not to publish the data they stole

[#Cybersecurity #Ransonwareattacks #UnitedKingdom #PersonalData]

“A barristers’ chambers hit by a ransomware attack has responded by getting a court order demanding the criminals do not share stolen data. 4 New Square chambers, which counts IT dispute experts among its ranks, obtained a privacy injunction from the High Court at the end of June against “person or persons unknown” who were “blackmailing” the firm.

Those persons were said to be “responsible for engaging in a cyber-attack on [the barristers] on or about 12 June 2021 and/or who is threatening to release the information thereby obtained.”

Trade mag The Lawyer reported the ransomware attack but the obtaining of an injunction against people outside the jurisdiction of the English courts seems strange.”

To read more: Click here

UK’s tech clampdown could miss goal after football racism

[#SocialMedia #UnitedKingdom #Football]

“LONDON — Lawmakers want a shot at big tech over the racist online abuse of England’s Euro 2020 footballers — but critics fear they’ll end up hitting the crossbar. U.K. ministers say they have a plan to force social media companies to better deal with the kind of hatred aimed at some of England’s young players after the side’s Sunday night heartbreak against Italy.

But big questions remain about whether the proposed law will really achieve its aims, amid concern it leaves too much power in the hands of social media companies and swerves bigger issues of law enforcement and the tone set by senior politicians. […]

Under the plans, a duty of care towards users would be imposed on social media platforms, enforced by communications regulator Ofcom. Fines of up to £18 million — or 10 percent of annual global turnover, whichever is higher — could be levied on companies who fail to comply.”

To read more : Click here

Final version of EDPB’s Guidelines 07/2020 on the concepts of controller and processor in the GDPR

[#EDPB #GDPR #Controller #Processor] 

The European Data Protection Board has issued a final version of its Guidelines 07/2020 on the concepts of controller and processor in the GDPR

“This document seeks to provide guidance on the concepts of controller and processor based on the GDPR’s rules on definitions in Article 4 and the provisions on obligations in chapter IV. The main aim is to clarify the meaning of the concepts and to clarify the different roles and the distribution of responsibilities between these actors.”

To read the full document : Click here

European Privacy Regulators take Aim at Firms’ Cybersecurity Failures

[#Cybersecurity #EuropeanUnion] 

“European privacy regulators are increasingly cracking down on cybersecurity lapses that expose personal information, highlighting the legal and financial risks that come with how companies secure data. […] For many companies, it would be easier to stay out of regulators’ sights if technical and cybersecurity teams would coordinate closely with legal professionals about privacy risks, instead of addressing data concerns separately, said Peter Craddock, a partner in the Brussels office of law firm NautaDutilh NV.

“You need a cybersecurity strategy that’s a companywide strategy,” he said.”

To read more: Click here

EDPB adopts urgent binding decision: Irish SA not to take final measure but to carry out statutory investigation

[#EDPB #EuropeanUnion #IrishDataProtectionAuthority #Whatsapp #Facebook] 
“The EDPB adopted its first urgent binding decision pursuant to Art. 66(2) GDPR following a request from the Hamburg supervisory authority (DE-HH SA), after the SA had adopted provisional measures towards Facebook Ireland Ltd (Facebook IE) on the basis of Art. 66 (1) GDPR. The DE-HH SA ordered a ban on processing WhatsApp user data by Facebook IE for their own purposes following a change in the Terms of Service and Privacy Policy applicable to European users of WhatsApp Ireland Ltd.
The EDPB decided that the conditions to demonstrate the existence of an infringement and an urgency are not met. Therefore, the EDPB decided that no final measures need to be adopted by the IE SA against Facebook IE in this case. […]

Considering the high likelihood of infringements in particular for the purpose of safety, security and integrity of WhatsApp IE and the other Facebook Companies, as well as for the purpose of improvement of the products of the Facebook Companies, the EDPB considered that this matter requires swift further investigations.”

To read more: Click here

‘DRIFTING TOWARDS DANGER’ Facebook will give ‘gift to terrorists’ & child abusers by giving them total anonymity online, says MI5 boss

[#RightToPrivacy #UnitedKingdom #Facebook #SilliconValley #Whatsapp #BigTech]

“FACEBOOK will hand “a gift to terrorists” and child abusers by giving them total anonymity online, Britain’s spymaster warned yesterday. MI5 chief Ken McCallum said the tech giant’s plans for end-to-end encryption meant “we are drifting towards danger” […]

He urged Silicon Valley to “engage seriously with governments or with me” to combat evil online. […] He also named and shamed Will Cathcart, CEO of Whatsapp – owned by Facebook – who recently dismissed police and spooks’ fears as “Orwellian”. […]

Mr McCallum said: “UK public opinion is clear – terrorists, paedophiles and serious criminals should not enjoy an absolute right to privacy.” And he added: “The tech companies are brilliant at what they do. “It seems to me they have solved harder problems, when they really want to.””

To read more: Click here

A guide to the EU’s unclear anonymization standards 

[#GDPRanonymization #UKGDPR #anonymizedata] 
“The EU General Data Protection Regulation is among the most influential data privacy laws in the world — setting the standard, in many ways, for how global organizations implement their data privacy programs. The GDPR and more general EU data protection laws suffer from one central problem: One of their most important provisions is unclear.
Specifically, the GDPR defines anonymous data as data that “does not relate to an identified or identifiable natural person or to personal data rendered anonymous” so “the data subject is not or no longer identifiable.”

[…] The problem is even though the GDPR specifically calls out anonymous data, and even though European data protection authorities have publicly talked about anonymization for decades, it’s unclear anyone really knows what “anonymization” means in practice.

[…] Absent further clarification from EU regulatory authorities themselves, there is no one-size-fits-all approach to anonymization for organizations seeking to comply with EU data protection standards. There are a host of concrete options — and clear arguments — these organizations can use to get value out of their data while ensuring it remains protected.”

To read more: Click here