Standard Post with Image

Privacy and politics: CNIL releases a report

The French DPA (CNIL) has just published a report on civic technologies, data and democracy. The report is timely in a moment when privacy and politics are intesely discussed.

Standard Post with Image

Today is the deadline for comments on COPPA Rule

The Federal Trade Commission has extended the deadline to submit comments on the agency’s review of the Children’s Online Privacy Protection Act Rule (COPPA Rule) until December 11, 2019.

Standard Post with Image

Hong Kong PCPD on the TransUnion data breach incident

Our Hong Kong member Tanner De Witt contributes to the news today, informing that this investigation report from the Hong Kong Privacy Commissioner relates to an incident in which a local newspaper in Hong Kong was able to pass through the online authentication procedures of a credit reference agency, and obtain the credit reports of a number of public figures. Unsuprisingly, the Privacy Commissioner found that there were poor controls on online authentication by the credit reference agency. The Privacy Commissioner also observed that credit reference checking forms a valuable service within financial services, with broader policy implications than personal data protection alone. The Privacy Commissioner, for instance, sees merit in requiring credit reference agencies being under the direct supervision of a regulator, and there being competition in the marketplace to lower the cost of obtaining credit check reports. The issues are deeper and broader than personal data - though sensitive financial personal data is at the core.

Standard Post with Image

UK patient health data traded to US firms

Euractiv reports that health data belonging to millions of UK National Health Service (NHS) patients has been sold under license to US companies and global pharmaceutical firms, in a move that is likely to inflame tensions between the UK government and privacy campaigners in the run up to the December 12 election.

Standard Post with Image

BfDI imposes € 9.55M fines on telecommunications service provider for GDPR violations

The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) has fined the telecommunications service provider 1 & 1 Telecom GmbH with a fine of 9,550,000 euros. BfDI had become aware that callers could obtain extensive information on further personal customer data through the customer care service, by just giving the name and date of birth of another customer. BfDI sees a violation of Art. 32 of the GDPR in this authentication procedure, sicne the company did not take appropriate technical and organisational measures to systematically protect the processing of personal data of customers.

    Page 1 of 229