#PrivacyNews

💬Источник: Олег Блинов

News for this week:

🔸 EU: EDPB publishes binding decision on DPC’s Instagram draft decision (https://edpb.europa.eu/system/files/2022-09/edpb_bindingdecision_20222_ie_sa_instagramchildusers_en.pdf): 68 pages of privacy hardcore, lots of arguments between DPAs.

🔸 Ireland: DPC submits draft decision on inquiry into TikTok (https://www.dataprotection.ie/en/news-media/irish-dpc-submits-article-60-draft-decision-inquiry-tiktok-0): Similarly to the Instagram case, it is mostly concerned with public-by-default settings and protection of children’s data

🔸 Lower Saxony: LfD Niedersachsen warns banks of profiling for advertising purposes (https://lfd.niedersachsen.de/startseite/infothek/presseinformationen/lfd-niedersachsen-warnt-genossenschaftliche-banken-vor-profilbildung-fur-werbezwecke-215106.html): Very much encourage to read in full. The DPA took issue with processing of 162 data fields (which is actually relatively low) to assess a user’s interest in loans, including payment transaction data. Controllers cannot rely on legitimate interest as such use of data is not foreseeable for data subjects. Surprisingly, consent cannot be relied upon as well! This is because customers cannot decide for themselves (why?) whether and which specific Smart Data procedures are carried out and can only generally agree instead. This is getting completely out of hand.

🔸 EU: Commission publishes proposal for Cyber Resilience Act (https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act): the proposed act aims to regulate hardware and software products with digital components and enforce a mandatory level of security on them. I’m wondering if mobile apps fall under such products.

🔸 France: CNIL fines G.I.E. INFOGREFFE €250,000 for data retention and security failures (https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000046280956?init=true&page=1&query=san-2022-018&searchField=ALL&tab_selection=all): The company failed to abide by its 36 month retention period after last purchase with respect to 25% of its users (approx. 950k people). There was also a weak password policy and plaintext password storage.

🔸 Germany: DSK publishes minutes of second 2022 interim conference (https://www.datenschutzkonferenz-online.de/media/pr/20222206_Protokoll_der_2_Zwischenkonferenz_der_DSK.pdf): very short and unclear, topics discussed include: further development of model for determining fines; combatting facebook fan pages; GDPR compliance in light of proposed European Health Data Space; GDPR compliance in Microsoft Office 365; encouragement of class action lawsuits; privacy iconography under Art. 12; investigations into video conferencing services.

🔸 California: Congresswoman urges FTC to investigate unlawful use of location data (https://eshoo.house.gov/media/press-releases/eshoo-urges-ftc-investigate-invasive-use-location-data): A democrat senator urges FTC to investigate a data broker selling geolocation data to enforcement authorities without a warrant.

#НеДляГалочки

🔆14 сентября Право.ru подвело итоги Best Law Firm Marketing — 2022. Это первая в России национальная премия в области юридического маркетинга.🔆

Рады поделиться, что наш подкаст «Не для галочки» — занял первое место в номинации «Нативный контент» .

🔆Это топогнишка🔆

Благодарности:

▫️Ирине Шурминой, за организацию вот этого всего
▫️Елизавете Дмитриевой и Ксении Андреевой за приятные встречи за записью контента
▫️SEAMLESS LEGAL за подачу на премию

#events #cybersecurity

Когда: 21 сентября 2022 года в 11:00 по мск
Где: онлайн
Тема: «Киберзащита компании с Group-IB»
Спикер: Роберт Альдини, руководитель отдела обучения партнёров Group-IB
Организатор: Астрал.Безопасность
Стоимость: бесплатно
Регистрация: здесь

🔆Самому крупному мероприятию в области приватности Евразийского региона (более 3 000 просмотров) - EDPC 2022 - быть🔆

Ждём тебя 20-21 октября 2022 онлайн🔥

🔆Стать спикером
🔆Стать партнёром, только для сообществ и ассоциаций в области приватности
🔆Стать спонсором

А также можешь писать мне в лс, @krakozubla

#events #privacy

Когда: в четверг, 30 сентября, 10:00-11:30 (Мск)
Где: онлайн
Тема: «Уведомление Роскомнадзора: инструкция по применению»
Спикеры: Сергей Сайганов, партнер, руководитель практики Technology & Product, Comply, и Мария Пономарева, юрист практики IP, Tech & Privacy, Comply
Организатор: Comply
Стоимость: бесплатно
Регистрация: по ссылке (https://comply.ru/events/rkn2022#rec487715337)

#events #privacy

Когда: 29 сентября, 11:00
Где: онлайн
Тема: Разъяснение изменений в з-ве РФ по ПД
Спикеры: Представители РКН
Организатор: РКН
Стоимость: бесплатно
Трансляция: группа ркн в VK

#PrivacyNews

💬Источник: Олег Блинов

News for this week:

🔷 Denmark: Datatilsynet finds use of Google Analytics unlawful (https://www.datatilsynet.dk/english/google-analytics/use-of-google-analytics-for-web-analytics, https://www.datatilsynet.dk/english/google-analytics): A new case of prohibition of GA. I highly recommend the FAQ, it is really well written. Couple of highlights: (1) pseudonymization is considered an effective supplementary measure. Much needed development from earlier suggestions that only double encryption works; (2) the CNIL reverse proxy (https://www.cnil.fr/en/google-analytics-and-data-transfers-how-make-your-analytics-tool-compliant-gdpr) is regarded as an effective tool to legitimize use of GA; (3) the FAQ contains instructions on how to make GA privacy-friendly (but still not acceptable to use); (4) probability of actual access is still regarded as a factor that cannot be taken into account for TIAs; (5) reliance on consent as derogation for transfer is unavailable due to its nature of being an exception.

🔷 Berlin: Berlin Commissioner fines retail group subsidiary €525,000 for DPO conflict of interest (https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/pressemitteilungen/2022/20220920-BlnBDI-PM-Bussgeld-DSB.pdf): the headline is a bit click-bait-y as the DPO was also a general manager for 2 companies and the authority warned them in 2021, after which (!) he was re-appointed as DPO.

🔷 EU: CJEU issues preliminary ruling following German court referral on national data retention provisions (https://curia.europa.eu/juris/document/document.jsf?text=&docid=265881&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=623107): More of a curiosity as it does not directly apply to non-telecom business. In essence, the CJEU laid limitations to German law which data may be collected and retained by telecom providers indiscriminately for purposes of fighting crime (IP & civil identity data) and which only in a targeted fashion, unless it is required for national security.

#materials #cybersecurity

Common sense guide to mitigate insider threads.

💬Источник: Андрей Прозоров

#materials #cybersecurity #incidents

Cyber Attack Readiness and Response Cheat Sheet, здесь

💬Источник: David Rosental

#materials #fines #dpo

Кейс из Германии по штрафу за конфликт интересов DPO, на немецком

🔅Кратко: DPO был также управляющим директором в компаниях-контролёрах данных.

Разбор на английском у Dr. Carlo Piltz

#materials #cybersecurity #hiring

European Cybersecurity Skills Framework.

💬Источник: Андрей Прозоров

#materials #cybersecurity #hiring

Продолжаем на злобу дня: 200 IT Security Job Interview Questions.

#ЯрмаркаВакансий

Лови: Специалист по защите персональных данных в Аптеки столицы, на RPPA.ru

#materials #ркн

Заметки с семинара, пропущенные через фильтр восприятия записывающего.

Просьба в комментариях отмечать недочёты / упущенные моменты

#materials #ркн

А сама запись семинара ркн, здесь

#PrivacyNews

💬Источник: Олег Блинов

More news from the world of privacy!

🔸 EU-US data transfers: Light at the end of the tunnel! (https://www.politico.eu/article/us-expected-to-publish-privacy-shield-executive-order-next-week/): a EU-US agreement on data flows is expected by March 2023.

🔸 Brands Review Data Privacy Policies After $1.2 Million Sephora Settlement (https://www.wsj.com/articles/brands-review-data-privacy-policies-after-1-2-million-sephora-settlement-11664272801, https://oag.ca.gov/news/press-releases/attorney-general-bonta-announces-settlement-sephora-part-ongoing-enforcement): Much-needed clarity whether ads targeting constitutes “sale” of data under CCPA. Turns out it does, at least until 2023, when “sharing” and “selling” will entail different obligations. I was not aware that CCPA requires to honor Global Privacy Control as opt-outs as if the user pressed the “Do not sell” button.

🔸 Conflicting news from Germany on use of MS in schools:
🔸🔸 Baden-Württemberg: LfDI Baden-Württemberg dismisses investigation into schools on use of MS 365, issues recommendations (https://www.baden-wuerttemberg.datenschutz.de/schulen-auf-dem-weg-zu-datenschutzfreundlichen-loesungen/): according to the Baden-Württemberg regulator, they received convincing documents from the schools and closed the investigations;
🔸🔸 Germany Forces a Microsoft 365 Ban Due to Privacy Concerns (https://techgenix.com/microsoft-365-ban-in-germany): but in Hesse, the regulator banned MS 365 citing violation of privacy following termination of agreement to use only German servers.

🔸 UK: ICO issues reprimands to seven organisations for failing to respond to access requests (https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/action-taken-against-seven-organisations-who-failed-in-their-duty-to-respond-to-information-access-requests): Pretty surreal backlogs in public authorities, such as the Ministry of Defense which has 9,000 SAR requests yet to be responded to. 7 public bodies and companies were only issued reprimands.

🔸 UK: ICO issues provisional fine of £27M to TikTok for failing to protect children’s privacy (https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-could-impose-multi-million-pound-fine-on-tiktok-for-failing-to-protect-children-s-privacy/): No clear details available on this one.

#ЯрмаркаВакансий

Юрист в области обработки и защиты персональных данных в VK, только на RPPA.ru

#events

Тут запускается такой интересный хакатон по Privacy Enhancing Technolohy.

Для регистрации нужно собрать команду. Команду собираем в закрытом чате RPPA.ru.

💬Источник: Екатерина Калугина