Weekly Newsletter: 14 December – 18 December 2020
GDPR EU Representative

December 21, 2020

Vaccinated? Show Us Your App

[#DataProtection #vaccinations #covid #covid19apps]

Covid-19 health pass apps could help reopen businesses and restore the economy.

[…] In the coming weeks, major airlines including United, JetBlue and Lufthansa plan to introduce a health passport app, called CommonPass, that aims to verify passengers’ virus test results — and soon, vaccinations.

[…]The advent of electronic vaccination credentials could have a profound effect on efforts to control the coronavirus and restore the economy. They could prompt more employers and college campuses to reopen. They may also give some consumers peace of mind, developers say, by creating an easy way for movie theaters, cruise ships and sports arenas to admit only those with documented coronavirus vaccinations.

To read more: Click here

ICO Enforcement – Pension House Exchange Limited

[#PERC #eprivacy #DataProtection #ico #unsolicitedcalls #directmarketing #fines]

The Information Commissioner’s Office (ICO) has fined Pension House Exchange Limited £45,000 for making 39,722 connected unsolicited calls for the purposes of direct marketing in relation to occupational pension schemes or personal pension schemes contrary to regulation 21B of PECR.”

The company said it obtained citizens’ contact information by harvesting information from their LinkedIn accounts.
However, as stated in the decision: “It was explained during the course of the investigation that PHE interpreted an individual’s acceptance of a ‘connection’ request as confirmation that they would also consent to receiving direct marketing calls. This method of data scraping is wholly inadequate as a means of obtaining valid consent.”

To read more: Click here



Data Protection Commission announces decision in Twitter inquiry

[#DataProtection #dpc #twitter #fines #edpb]

Breaking News: The Irish Data Protection Commission fines Twitter EUR 450,000 for failure to notify a data breach on time and for failure to adequately document the breach.

“The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International Company. The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach.

[…]The draft decision in this inquiry, having been submitted to other Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through the Article 65 (“dispute resolution”) process since the introduction of the GDPR and was the first Draft Decision in a “big tech” case on which all EU supervisory authorities were consulted as Concerned Supervisory Authorities.

Find the full decision here: https://lnkd.in/ehThMQQ

To read more: Click here


Exclusive-Facebook to move UK users to California terms, avoiding EU privacy rules

[#DataProtection #Brexit #GDPRandBrexit #UKUSdatatransfers #dataflow #UKBrexit]

“Facebook Inc will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook’s Irish unit and out of reach of Europe’s privacy laws.
[…]Facebook’s UK users will remain subject to UK privacy law, which for now tracks the European Union’s General Data Protection Regulation (GDPR). Facebook is making the change partly because the EU privacy regime is among the world’s strictest, according to people familiar with the company. The EU rules give granular control to users over data about them.

In addition, the U.S. Cloud Act, passed in 2018, set a way for the UK and United States to more easily exchange data about cloud computing users.”

To read more: Click here

Podcast – Brexit : qu’est-ce qui change pour le RGPD?

[#UKGDPR #Article27RGPD #podcastRGPD]

Quels seront les impacts du Brexit sur les entreprises belges et européennes dans le domaine de la protection des données ? Que faut-il mettre en place d’ici à la fin de la période de transition, ce 31 décembre 2020 ? Beaucoup de questions sont encore sans réponse !
Ecoutez Jane Murphy, notre Fondatrice & Présidente du Conseil d’Administration chez EDPO (European Data Protection Office) et Jean-Philippe Morgan, directeur internationalisation Enterprise Europe Brussels chez BECI.

To read more: Click here

Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealed

[#cybersecurity #computersecurity #informationtechnology #cyberattack #technology]

“Top investors in SolarWinds, the Texas-based company whose software was breached in a major Russian cyberattack, sold millions of dollars in stock in the days before the intrusion was revealed.

The timing of the trades raises questions about whether the investors used inside information to avoid major losses related to the attack. SolarWinds’s share price has plunged roughly 22 percent since the company disclosed its role in the breach Sunday night.

[…]It’s unknown when SolarWinds’s executives and insiders first learned of the hack. But a former enforcement official at the U.S. Securities and Exchange Commission and an accounting expert both said the trades would likely spark an investigation by federal securities watchdogs into whether they amounted to insider trading.”

To read more: Click here.

‘We are a prime target,’ Schinas says, as Commission strives to bolster cyber resilience

[#EU #EuropeanCommission #NISDirective #cyberdefense #security #cyberattack #technology]

“The EU has been identified as a “prime target” by malicious global cyber attackers and the bloc needs to reinforce its capabilities to defend itself amid this new threat landscape, the European Commission has said.

Unveiling a raft of new measures to bolster cybersecurity in the EU on Wednesday (16 December), Commission Vice-President Margaritis Schinas said that there are many ill-intentioned actors in the cyber domain who wish to inflict harm on the bloc.

[…] Under the revised NIS Directive, certain ‘essential and important entities’ across critical public and private sectors such as hospitals, energy grids, railways, data centres, public administrations, research labs and manufacturing of critical medical devices and medicines, will be obliged to adopt appropriate cybersecurity risk management measures as well as new reporting obligations.

Failure to do so could result in fines of a maximum of €10m or up to 2% of the total worldwide annual turnover in the preceding financial year, whichever is higher.”

To read more: Click here.