DPA: Grindr 9.6 Million Euro for lack of consent for sharing data to 3rd parties

DPA: Grindr 9.6 Million Euro for lack of consent for sharing data to 3rd parties

Norwegian Data Protection Authority issues intention to fine gay/trans dating app Grindr 9.6 million Euro for lack of consent when sharing data with third parties for marketing purposes. User data included gps location and use of the app, the latter considered to be a special category of personal data (sexual orientation). Fine appears to be roughly 1 % of global turnover.

Read more about this article here: https://www.datatilsynet.no/en/news/2021/intention-to-issue–10-million-fine-to-grindr-llc2/

Digital corona passport a good idea?

Digital corona passport a good idea?

The idea of global vaccination and health data being stored in centralized systems has many privacy experts freaking out. As the first vaccines against COVID-19 roll out, governments and institutions across the world are scrambling to figure out how to provide proof that someone has been vaccinated. Paper certificates, PDFs, wristbands and mobile apps have all been suggested. leading to the adoption of digital “immunity passports” as a way to reopen the world. There’s a data privacy and security price to pay for being able to prove you’re vaccinated and its permanent access to the rest of your data or compulsory enrollment in a health app. To mitigate these risk there is a solution called “decentralized identity”. It’s a new consent-based mechanism for using verifiable credentials to prove who you are and things about you without anyone else — looking at you, Big Tech — managing, storing or selling your data.
Do you think verifiable digital credentials on a decentralized network with a mobile app can be the solution to meet the challenge of proving people have received a COVID-19 vaccination while providing them with the privacy and security they deserve?

Read more about this article here: https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials

Facebook fined in South-Korea for 5 million euros

Facebook fined in South-Korea for 5 million euros

South Korea’s privacy watchdog (PIPC) has fined Facebook millions for providing users’ personal information to companies.

According to the data protector, the data of at least 3.3 million local Facebook users would have been shared without permission with up to 10,000 companies. Personal data such as relationship statuses, work experience and education were shared with other companies when the users logged in to the online services of those companies with their Facebook account. The personal information of their Facebook friends was also shared without permission. The privacy watchdog states that the social network did not cooperate in the investigation that has been running since 2018, for example by submitting incomplete and false documents. Facebook however says it has cooperated well.

Read more about this: Facebook fined in South Korea for sharing user data without consent | ZDNet

Privacy activist files complaint against 101 European websites

One month after the cancellation of the data treaty “Privacy Shield” between the EU and the US, privacy activist Max Schrems is taking websites to court that still send data to the US.
There are also 8 Belgian and Dutch ones being sued: PostNL, Takeaway, Marktplaats and Lieferando. A month after that ruling, the Schrems organization has now taken stock of the situation, and has seen that 101 websites still use services such as Google Analytics and Facebook Connect, which now unlawfully send data to the US. “We performed a quick search of major websites in each EU country to see if they contain any code from Facebook and Google. These snippets of code send data about each visitor to Google or Facebook. Both companies admit that they have data on Europeans. pass it on to the US for processing, where they are legally required to make that data available to US agencies such as the NSA. Neither Google Analytics nor Facebook Connect are essential to keep the web pages up and running.

Read more at: https://noyb.eu/en/eu-us-transfers-complaint-overview

EU-US Privacy Shield declared invalid, what are the consequences?

What happens to data offered through a US cloud software vendor now that the EU-US Privacy Shield has been invalidated? Because the Foreign Intelligence Surveillance Act (FISA) is about electronic communication service providers, this ruling has an effect on a lot of cloud software within your organization. The main problem with US regulations is that US intelligence agencies have access to all personal data of non-Americans processed by a US electronic communications provider, even if stored in Europea. Electronic communication providers are, for example, the email services, cloud storage, and Internet Service Providers (ISPs) that your organization (or the processors your organization works with) use. Making the seperate agreements for this is often grey area.

Ask yourself the following questions:
1. In which countries does the supplier have data centres?
2. Who has physical access to these data centres?
3. Have any agreements been made with the supplier or are they to be made?