#SypherPrivacyTalks - May 2023 - Week 21

by Sypher - May 24, 2023

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Enforcement tracker report 2023 | GDPR fifth anniversary

cms.law • 3 min read

πŸ₯³ As we celebrate the fifth anniversary of the GDPR, a comprehensive analysis conducted across Europe sheds light on the significant impact of data protection enforcement. πŸ‘‡

European data protection authorities have imposed fines exceeding 2.7 billion euros in over 1,500 publicly known cases. But the enforcement of GDPR extends beyond monetary fines, as data protection authorities possess the authority to restrict or prohibit data processing. A recent case involving ChatGPT, handled by the Italian data protection authority Garante, serves as a compelling example of the wider implications beyond financial penalties.

This year's findings, outlined in the fourth edition of CMS's annual Enforcement Tracker Report, reaffirm the extensive utilisation of the sanctioning options under the GDPR by European data protection authorities.

☝️ Despite five years of practical experience, legal uncertainties persist within the data protection landscape. The final verdict on many cases often rests with the European Court of Justice, underscoring the ongoing need for clarity.

πŸ“– Read the full report
πŸ“„ Executive summary available here

Meta ordered to suspend Facebook EU data flows as it's hit with €1.2BN privacy fine

techcrunch.com • 13 min read

⚑ Meta has been fined a record-breaking €1.2 billion πŸ‘€ AND has been issued a suspension order by the EDPB: no more EU-US data exports! πŸ‘‡

The EDPB found Meta's breach of the pan-EU regulation governing data transfers to be severe due to the systematic, repetitive, and continuous nature of the violations.

Meta swiftly responded to the suspension order by stating its intention to appeal and requesting a stay on the implementation deadlines. The company attributes the issue to a conflict between EU and US law, rather than its own privacy practices. It emphasises the potential harm that these orders would cause, particularly to the millions of people who rely on Facebook daily… read more

Twitter Circle exposed private tweets to non-followers in April

cpomagazine.com • 4 min read

🐀 Twitter recently experienced a glitch in its Twitter Circle feature, which resulted in the exposure of private tweets to non-followers. This issue lasted for several weeks in early April, with unauthorised accounts gaining access to restricted tweets.

The glitch allowed private tweets, intended only for authorised Twitter Circle users, to appear in the "For You" tab of others, including non-followers. This breach has raised concerns regarding privacy and data security.

Twitter has acknowledged the incident and conducted a thorough investigation to address the issue. However, specific details about the cause of the glitch have not been disclosed… read more

EDPB adopts final version of Guidelines on facial recognition technology in the area of law enforcement

edpb.europa.eu • 1 min read

πŸ” The European Data Protection Board (EDPB) has adopted final Guidelines on facial recognition technology in law enforcement. πŸ‘‡

The document provides crucial guidance to EU lawmakers and law enforcement authorities on the implementation and use of facial recognition systems. They emphasise strict compliance with the Law Enforcement Directive (LED) and the Charter of Fundamental Rights, while calling for a ban on facial recognition technology in specific cases, as it had requested in the EDPB-EDPS joint opinion on the proposal for an Artificial Intelligence Act.

☝️ The guidelines have been updated following public consultation, incorporating valuable clarifications… read more

MEPs against greenlighting personal data transfers with the U.S. 

europarl.europa.eu • 3 min read

🌍πŸ‡ͺπŸ‡ΊπŸ‡ΊπŸ‡Έ Recent developments in the EU-US Data Privacy Framework have raised yet another set of crucial questions. πŸ‘‡

πŸ›οΈ According to a recent resolution by MEPs, the current proposal might not provide sufficient safeguards for EU citizens.

Despite improvements, the proposed framework allows for bulk collection of personal data and lacks clear rules on data retention. A key point of concern is the lack of transparency and independence of the Data Protection Review Court (DPRC), which is set to provide redress to EU data subjects.

πŸ‘₯ As MEP Juan Fernando López Aguilar stated, "There are still missing elements on judicial independence, transparency, access to justice, and remedies." This reaffirms the necessity for a truly protective mechanism for the data of EU citizens and businesses.

As businesses and individuals alike navigate an increasingly digital world, the Commission is urged to negotiate a data transfer framework that can withstand legal challenges and offer legal certainty… read more

Stay tuned for more by πŸ“Œ connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by Tushar Mahajan on Unsplash