Weekly Newsletter: 10 May – 14 May 2021
GDPR EU Representative

May 17, 2021

WhatsApp delays enforcing new privacy terms

[#Whatsapp #Privacy] 

“”No one will have their accounts deleted or lose functionality of WhatsApp on May 15th because of this update,” according to the latest website update, which was seen earlier by The Verge and other media outlets.

But users will get “persistent” reminders about the policy and may lose some functionality if they fail to accept the new terms. […] At some point, users will “encounter limited functionality on WhatsApp until you accept the updates”, according to the WhatsApp page.

“You won’t be able to access your chat list, but you can still answer incoming phone and video calls.. After a few weeks of limited functionality, you won’t be able to receive incoming calls or notifications and WhatsApp will stop sending messages and calls to your phone.”

The flap over WhatsApp’s privacy policy – described by Facebook as a misunderstanding about efforts to bring businesses onto the platform – is among the latest episodes highlighting concerns over the tech giant’s privacy and data protection policies.”

To read more: Click here.

Legislation to regulate social media companies and search engines to be announced

[#Google #Socialmedia #Dataprotection] 

“Landmark legislation to regulate social media companies and search engines will be announced in the Queen’s Speech this week, according to reports.The UK government will bring forward an Online Safety Bill placing a duty of care on major online services and bringing them under the oversight of Ofcom, The Times reports.

“The bill will provide for a GDPR-style enforcement system whereby Ofcom can impose fines of up to £18 million or 10 per cent of a company’s global turnover, whichever is higher. […]

Anabel Hoult, chief executive of Which?, said: “The biggest online platforms have some of the most sophisticated technology in the world, yet they are failing to use it to protect scam victims who are suffering devastating financial and emotional harm due to the flood of fake and fraudulent content posted online by criminals.

“Online platforms must be given a legal responsibility to prevent, identify and remove fake and fraudulent content on their sites so that their users are better protected.”

To read more: Click here

EU data protection regulator asks Member States to re-assess information exchange privacy 

[#Europeanunion #Compliance #EDPB] 
“The European Data Protection Board (EDPB) has told EU Member States to re-assess whether their tax information exchange agreements with third countries comply with the General Data Protection Regulation (GDPR) and taxpayers’ privacy rights. […]

The EDPB statement is a result of several cases brought by taxpayers and law firms across the EU, arguing that certain transparency requirements, including the OECD Common Reporting Standard (CRS) and the US Foreign Account Compliance Act (FATCA), are incompatible with GDPR. […]

‘For almost five years, the European Commission and EU Member States, as well as the UK, have been ignoring calls from campaigners to address the breach of fundamental rights caused by automatic exchange of information’ commented Mishcon de Reya Partner Filippo Noseda TEP.”

To read more: Click here

Ransomware attack knocks out key US pipeline 

[#Cybersecurity #Ransomwareattacks #Unitedstates] 
“The Colonial pipeline serving most of the eastern United States with fuel and heating oil has been shut down after what is being viewed as the worst-ever cyber-attack on the country’s infrastructure. […]

The Associated Press news agency reported the criminal gang DarkSide is behind the ransomware attack, noting the lack of announcement of the attack on its dark website usually indicates a victim is either negotiating or has paid. […]

Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity, said: “Cybersecurity vulnerabilities have become a systemic issue. Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants.””

To read more: Click here

Fine of 525,000 euros imposed on non-EU company for failure to appoint EU Representative 

[#DutchDPA #GDPRFines #NonEUcompanies #Autoriteitpersoonsgegvens] 
The Dutch Personal Data Authority (AP) imposed a fine of 525,000 euros on Locatefamily. com. Locatefamily. com publishes address details and phone numbers of people, often without these people being aware of this. They can’t easily have their data deleted because Locatefamily has no representative in the EU. Not having a representative in the EU is a violation of article 27 of the GDPR and the reason for the fine.

Read the press release here (in Dutch only): https://autoriteitpersoonsgegevens.nl/nl/nieuws/boete-van-525000-euro-voor-locatefamilycom

Find out if you need to appoint an EU or UK representative! Take our free assessment test here: https://edpo.com/need-an-eu-representative-assessment/?doing_wp_cron=1620829093.7651920318603515625000

German DPA bans Facebook processing WhatsApp user data

[#Whatapp #Facebook #Dataprivacy ##HamburgDPA] 

“The Hamburg Commissioner for Data Protection and Freedom of Information has issued an emergency order prohibiting Facebook Ireland Ltd using personal data from the group’s WhatsApp social media platform for its own purposes. WhatsApp is asking users to agree a new privacy policy by 15 May which gives it the right to share data with Facebook, including connecting with products from Facebook companies. […]

The DPA also said: ‘The processing of WhatsApp users’ data is also not necessary for Facebook to perform a contract. The investigation of the new provisions has shown that they aim to further expand the close connection between the two companies in order for Facebook to be able to use the data of WhatsApp users for its own purposes at any time.’

Because the emergency order is only valid for three months under the EU’s General Data Protection Regulation (GDPR), the Hamburg DPA says it will bring the case to the European Data Protection Board (EDPB) for a binding decision at European level.”

To read more : Click here