Standard Post with Image

The Irish DPA orders Yahoo to operate privacy changes

Five years after the data breach that hit Yahoo in 2013 and caused the violation of at least 500 million accounts, the Irish Information Privacy Commissioner, the competent DPA for Yahoo, has said that Yahoo’s data processing systems are not compliant with the standards required by the GDPR, Reuters reports.

Find the Reuters’ news published here
Standard Post with Image

Irish government supports the country’s data centre industry

The Irish Department of Business, Enterprise and Innovation has outlined how it is planning to position Ireland as the ideal location for data centre investments as part of Ireland’s ambition to be a digital economy hot-spot in Europe.

The statement of the Irish government is available here
Standard Post with Image

The Irish DPC publishes a draft Data Protection Impact Assessment list for consultation

The Irish Data Protection Commission (DPC) has prepared a draft list indicating the processing operations that must be submitted under DPIA in accordance with the requirements of the GDPR. The list is intended to encompass both national and cross-border data processing and will be submitted to the EDPB for its approval after the consultation.

Find the proposed DPIA list here
Standard Post with Image

Singapore’s PDPC publishes a discussion paper on AI solutions

The Personal Data Protection Commission of Singapore (PDPC) has published a preliminary analysis containing some of the issues pertinent to the commercial development and adoption of AI solutions. The aim is to establish an accountability-based framework and to provide common definitions and a common structure to promote constructive discussions about the commercial development of AI from an ethical, governance and consumer perspective.

The discussion paper is available here
Standard Post with Image

CJEU establishes that users which benefit from Facebook’s associated services have to respect data protection rules

The administrator of a Facebook page has been held responsible for not protecting visitors’ personal data, Reuters reports. This is the outcome of a recent dispute between a German fan page that was using the cookies of the social media giant to collect data of its visitors, and the German DPA that was ordering them to stop the gathering of such information.  The German fan page claimed that the DPA should have acted against Facebook and not against it since it was only the user of a service provided by Facebook.  The CJEU has instead established that “an administrator of a fan page that uses the platform provided by Facebook in order to benefit from the associated services cannot exempt it from compliance with its obligations concerning the protection of personal data”.

Find the Reuters’ news published here