This has been a busy week. Between Whatsapp being dropped, Apple being scrutinized and fines taking place as per routine, a lot has changed. The GDPR report for 2020 is also out now and it showcases some interesting fine patterns for companies to be aware of. Seers is hosting its next privacy webinar on Data Breach Management Strategies on the 4th of February at 17:00, register here
Here are the top stories from the world of privacy this week.
Top Stories and Updates
WhatsApp dropped by Turkish President after Facebook updates its privacy
Turkish President Recep Tayyip Erdogan’s media office and the country’s defense ministry told journalists they are quitting WhatsApp Inc. joining a global flight related to the popular messaging app over new usage terms that have caused widespread privacy concerns.
Although freedom rights activists are divided on whether this is to fight dissent growing among the public or to protect their privacy, this could be the first in many cases about to spring up due to the poor privacy update.
Changes to WhatsApp’s terms and services effective Feb. 8 2021 will allow it to share data with parent company Facebook Inc. Users must agree to the new terms, which would allow for more targeted advertisements, or lose access to their accounts at WhatsApp.
Read more here
The GDPR fines report for 2020
The UK’s Information Commissioner’s Office (ICO) collected the second-highest total value of fines for data protection violations last year, with businesses paying up £39.7 million for breaching the GDPR law.
Only Italy’s data watchdog collected more in fines than the ICO, accruing €58,161,601 (approximately £52.6 million) in financial penalties. However, the UK figure was only collected over three cases, which means the ICO was among the territories least active in terms of issuing fines, ranking sixth of 24 countries examined by Finbold.
Read more here
LfD issues £9.3 Million fine against notebooksbilliger.de
The LfD Niedersachsen has issued a £9.3 Million fine against notebooksbilliger.de AG for video monitoring its employees in workplaces, sales rooms, warehouses and common areas, among other places, for over two years without any legal basis.
The key takeaway is that the company LfD cooperated in the proceedings, which had been ongoing since 2017. According to surveys from 2018, the company notebooksbilliger.de from the small town of Sarstedt in Lower Saxony is the online electronics retailer with the highest turnover in Germany.
Read more here
Polish UODO fines ID Finance Poland £200,000
The £200,000 fine was for inadequate technical and organisational security measures undertaken at the premises. The Polish Personal Data Protection Office (UODO) noted that the company had not responded to indications about security gaps and that an unauthorised person had subsequently copied and deleted the data in the company’s server also demanding a ransom.
The UODO had established that the breach had taken place following a failed attempt to restore appropriate security configuration and that the controller, despite being notified about the vulnerability from cybersecurity specialists, failed to exercise due diligence with respect to its security systems and its processor.
On top of this the UODO highlighted that the lack of quick response by the processor does not reduce the controller’s responsibility for the data breach and that, in calculating the fine, it took into consideration, among other areas, the scale of the breach and the controller’s delay in taking appropriate remedial action.
Read more here
Apple’s game-changing privacy move poses new threats
After Apple announced iOS 14 last year, firms including Facebook were up in arms. The concern here is that the so-called game-changing new iPhone privacy feature which would essentially signal the end of the so-called identifier for advertisers (IDFA) could be mistreated. Ever since their announcement there has been a lot of concern regarding this update and many advertiser lobbies have strictly opposed it.
Apple has revealed new facts about the app and it turns out that it is not as privacy-protectant as you may have imagined it to be earlier. The feature is still on its way in an upcoming update of iOS 14, and it could mean app developers find new ways of tracking users, despite the fact that it violates the policies of Apple’s iPhone App Store.
Read more here
Public Notice: Important information on Post-Brexit data protection
While data flows continue even after the transition period has ended, there are serious privacy considerations that can still impact your business and its compliance with the GDPR, ePrivacy and the Data Protection Act 2018. Ensure compliance by hiring an EU/ UK Representative to allow your business operations to run smoothly. On top of being a legal requirement, it can help you in navigating your data strategy under the current guidance and directives.
Data transfers and online advertising technologies post-Schrems II
The privacy ecosystem has changed following the Court of Justice of the European Union’s (‘CJEU’) decision on the Schrems II Case. The legitimacy of international data transfer flows has changed, directly impacting the regulation of the different technologies and vendors in the online advertising field. Hire a Privacy Expert to handle the emerging data protection needs and the updated data flows.
Privacy webinar on Data Breach Management Strategies:
Seers is hosting its next privacy webinar on “Data Breach Management Strategies” on Thursday, 4th of February 2021 from 17:00 to 17:45 with key speakers: Ben Sigler (Partner, Stephenson Harwood LLP) and Katie Hewson (Associate, Stephenson Harwood LLP), moderated by Zahra Shah (Co-Founder & CCO, Seers). This webinar will cover:
- Various regulations on Data Breach Management Strategies and best practices,
- How companies can better protect against a data breach through the implementation of policies, processes and systems,
- How companies can prepare for such an occurrence and have a plan in place for during and after the breach,
- Mitigating reputational, litigation and regulatory risk in the post breach environment as well as other key areas.