Weekly Newsletter: 16 November – 20 November 2020

November 23, 2020

Information Commissioner’s Office: European Representatives

[#ICO#UK#Brexit#gdprcompliance] “If you are based in the UK and do not have a branch, office or other establishment in any other EU or EEA state, but you either:

– offer goods or services to individuals in the EEA; or
– monitor the behaviour of individuals in the EEA,

then you will still need to comply with the EU GDPR regarding this processing even after the end of the transition period.

As you will not have a base inside the EEA after the transition period ends, the EU GDPR requires you to appoint a representative in the EEA.”

To read more: Click here

Apple hits back at European activist complaints against tracking tool

[#DataProtection #Schrems #noyb #Apple #IDFA #complaint #consentAn Austrian privacy advocacy group drew a strongly critical response from Apple on Monday after it said an online tracking tool used in its devices breached European law. The group, led by campaigner Max Schrems, filed complaints with data protection watchdogs in Germany and Spain alleging that the tracking tool illegally enabled the $2 trillion U.S. tech giant to store users’ data without their consent. 

Apple directly rebutted the claims filed by Noyb, the digital rights group founded by Schrems, saying they were “factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint”.

[…] Apple said in response that it “does not access or use the IDFA on a user’s device for any purpose”. It said its aim was to protect the privacy of its users and that the latest release of its iOS 14 operating system gave users greater control over whether apps could link with third parties for the purposes of targeted advertising.

To read more: Click here


Big fines included in Canada’s newly proposed national privacy bill

[#DataProtection #Canada #billC11 #privacy #fines] The Canadian government proposed new legislation Tuesday that would reshape the nation’s privacy framework. Bill C-11, which was introduced by Minister of Information Science and Economic Development Navdeep Bains, includes steep fines for companies — up to 5% of revenue or C$25 million, whichever is the higher sum.

[…]The new framework would modernize consent rules, require data portability, provide users with a means to “control their online identity” and allow individuals “to request that organizations dispose of personal information and, in most cases, permit individuals to withdraw consent for the use of their information.”

[…]On Twitter, law professor Michael Geist highlighted some of the key details in the new proposals under Bill C-11. “The enforcement side of the privacy is subject to a huge overhaul: order making power for the privacy commissioner, reviews of the orders by the new tribunal, and big penalties available for non-compliance.”

To read more: Click here

Microsoft Warns of Office 365 Phishing Attacks

[#phishingemails #phishingattacks #Microsoft #Office365] The phishing emails, which are still circulating, use several techniques to bypass and evade secure email gateways, according to Microsoft’s analysis. The fraudsters use social engineering techniques and timely subject lines as a way to lure victims into clicking the emails and inputting their credentials, which are then harvested.

[…]Microsoft doesn’t describe how the Office 365 credentials are harvested in this campaign. But a sample email shows a malicious link that asks for a password reset. If clicked, this link could lead to a phishing landing page, where a user would enter credentials and then fraudsters would then harvest them.”

To read more: Click here


Canada2EU Trade Chats podcast

[#Canadianbusiness #CanadaEUbusiness #EUrepresentative #Canada2Europe]

What are the impacts of GDPR for Canadian companies?

Canada2EU Trade Chats delivers its first podcast episode with , lawyer and Founder of EDPO (European Data Protection Office), and Melanie Gagnon, President and Founder of the data protection consulting firm MGSI – External DPO – GDPR Compliance

“What is the EU’s General Data Protection Regulation (GDPR)? To which extent are you concerned by this EU Regulation as a Canadian company? Where and how do you start your compliance journey? Jane and Mélanie help you understand the impact of the GDPR on your business and provide tips on how to comply with the highest data protection standards in the world.”

Listen to the podcast (or read the transcript) by clicking on the link below to learn everything you need to know about the GDPR and its implications for Canadian companies. EPDO is happy to provide its services as EU and/or UK Data Protection Representative.

To read more: Click here

Aggressive telemarketing practices: Vodafone fined over 12 million Euro by Italian DPA

[#dataprotection #telemarketing #Italiandpa #Vodafone #gdprfines] “The Italian data protection supervisory authority (Garante per la protezione dei dati personali) ordered Vodafone to pay a fine in excess of Euro 12,250,000 on account of having unlawfully processed the personal data of millions of users for telemarketing purposes.

[…]This decision marks the final step in a complex proceeding that the Garante had initiated following hundreds of complaints and alerts submitted by users against unsolicited phone calls made by Vodafone and/or the company’s sales network in order to promote telephone and Internet services.

[…]More specifically, one of the most worrying findings of the investigations was the use of fake telephone numbers or numbers that were not registered with the ROC (i.e. the National Consolidated Registry of Communication Operators) in order to place the marketing calls.”

To read more: Click here

Follow Us On Social Networks

Stay Up to Date With The Latest News & Updates

[activecampaign form=5]