Privacy Updates This Week

Compromises on legal compliance are inexcusable. Either businesses are duly taking responsibility in their privacy protection obligations or they are not. There is no in-between.

The UK’s Ticketmaster was fined £1.25 million on Friday. Meanwhile, Apple is facing legal privacy trouble again. Twitter is facing the consequences of its early privacy protection deviance and the CPRA becomes more stringent.

Litigation is complex and expensive. Addressing the root cause of legal failures is much less complicated and easier for businesses. Especially with the innovative solutions that Seers has to offer. Instead of falling behind and incurring trouble with the regulator since many firms are being fined for their negligent actions, it is far better to be well prepared for all eventualities and seek to become compliant with privacy regulations. A good starting point is to ensure that you have all the relevant policies in place with the help of this innovative policy generator

Meanwhile, here are the top privacy headlines.

Top privacy headlines this week:

Ticketmaster UK fined £1.25 million under GDPR

UK’s ICO has fined Ticketmaster UK Limited £1.25 million for data protection failure. The breach occurred in 2018, the conflict has been ongoing since.

The company failed to put in place appropriate security measures to prevent a cyber-attack on a chat-bot installed on its online payment page. This is critical for the data subjects because it exposes their financial data and banking details.

ICO’s investigation also found that Ticketmaster UK Limited failed to identify the source of fraudulent activity in a timely manner.

Meanwhile, the Commonwealth Bank of Australia, Barclaycard, Mastercard, Monzo and American Express all reported suggestions of fraud to Ticketmaster UK Limited. But the company failed to pinpoint the problem.

In total, it took Ticketmaster UK Limited nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page. While the company may have been engaging in every possible remedial action, the protection was deemed as inadequate. Hence the hefty fine.

Read more here

Apple’s IDFA gets targeted in strategic EU privacy complaints

Apple has tried to improve its stance and responsibility on privacy protection. However, in contrast to the cybersecurity and data protection failures, the efforts are desolate.

Apple has been assigning a unique identifier to each iPhone. This is designed for third parties to track users for ad targeting. Called the IDFA (Identifier for Advertisers), the tracker is now the target of two new complaints filed by European privacy campaign not-for-profit, noyb.

The complaints, lodged with German and Spanish data protection authorities, contend that Apple’s setting of the IDFA breaches regional privacy laws on digital tracking because iOS users are not asked for their consent for the initial storage of the identifier.

What will Apple do and can it continue to trade consumer data for profits and ad gains?

Read more here

Twitter could face its first GDPR penalty within days

Twitter has been facing this privacy dispute for a long time now. Within a year of its bug disclosure, it has been shamed for privacy protection failures. The bug in its ‘protect your tweets’ feature affected Android users who had applied this setting to make their tweets non-public may have had their data exposed to the public Internet since as far back as 2014.

The GDPR was only enforced in the European Union in May 2018. Since the 2014-2019 breach falls under the EU’s GDPR violations the dispute has been ongoing.

Ireland’s DPC is the lead supervisor authority in the Twitter case but the cross-border nature of its business means all EU data protection agencies have an interest and the ability to make “relevant and reasoned” objections to the draft. Objections to the DPC’s draft decision were duly raised in summer this year. The company then engaged in a dispute resolution process for cross-border cases set out in the GDPR.

How can just one year negatively impact a business in terms of litigation expenses, dispute resolution and damage control?

Read more here

CPRA rivals GDPR’s privacy protections and emphasizes consumer choice

The California Privacy Rights Act (CPRA) has made a lot of positive uproar in the data protection world ever since its introduction.

This newly passed Proposition 24, the California Privacy Rights Act (CPRA), represents the second time in two years that California has instituted a comprehensive privacy statute that fundamentally changes data privacy practices for most enterprises conducting business in California.

While the CPRA builds on many of the provisions of the California Consumer Privacy Act (CCPA) of 2018, the differences between the two statutes are significant. The CCPA is similar to the GDPR and borrows several concepts from the GDPR. However, the CPRA is much more stringent and takes consumer choice much more seriously.

Several of the new CPRA provisions are also based on the GDPR principles. This is an attempt to appeal to the European Commission for data protection adequacy. While balancing transparency, choice and flexibility for technological development, the CPRA also contains unique elements that set it apart from any privacy statute in the world. Can this result in the restoration of data sharing between the EU and the US?

Read more here

Brexit and the end of the transition period:

Seers is hosting the next privacy webinar on the “Impact of Brexit: Privacy and Data Transfers” with key speakers: Gary O’Reilly and Katie Hewson on the 19th of November at 17:00 GMT.

This webinar will cover the impact of Brexit on data privacy for organisations at the end of the transition period (31st December 2020) as well as processes and procedures to remain compliant with data privacy regulations, data sharing agreements, data transfer strategy, EU/ UK Representative and more.

You can register here

GDPR Policy Pack

Did you know that you can avoid several lawsuits just by clearly defining your role in privacy protection of data subjects and implementing the relevant policies and procedures? Our policy pack helps you outline your responsibility and stance. It helps you to demonstrate your data protection efforts to the public & the regulator, limit liability and create awareness.

Generate every policy you will ever need as a business to ensure compliance with data privacy regulations with the help of this innovative policy pack.

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month