Tsaaro Weekly Privacy Newsletter
20th May, 2022
Tsaaro Weekly Privacy Newsletter
2oth May, 2022

EUROPEAN COUNCIL APPROVED DATA GOVERNANCE ACT

In this week’s newsletter we will discuss in detail about the recent development To foster European Strategy for Data, recently, the European Council approved the proposed Data Governance Act (DGA). The legislation aims to give companies and startups better access to more data.  The Data Governance Act (DGA) will facilitate the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and foster data altruism across the EU.

  • WIDER USE OF PROTECTED PUBLIC-SECTOR DATA

In order to complement the 2019 Open Data Directive, the Data Governance Act will create a mechanism to enable the safe reuse of certain categories of public-sector data that are subject to the rights of others. This includes, for example, trade secrets, personal data and data protected by intellectual property rights. Public-sector bodies allowing this type of reuse will need to be properly equipped, in technical terms, to ensure that privacy and confidentiality are fully preserved. Notably, these types of data were not covered in the 2019 directive. 

Importantly, an exclusive arrangement can be secured in the justified and necessary conditions in the service of general interest. The maximum duration for existing contracts will be 30 months and for new contracts 12 months. Additionally, the Commission will set up a European single access point with a searchable electronic register of public-sector data. This register will be available via national single information points.

  • BUSINESS MODEL FOR DATA INTERMEDIATION

Data intermediation services, a framework to simulate a new business model, and provide a secure environment in which companies or individuals can share data, are included in the DGA. In order to fulfil the data sharing obligation by the law, or other legislation, for companies, these services can take the form of digital platforms, which will support voluntary data-sharing between companies. Through these services, companies will be able to share their data without fear of their being misused or of losing their competitive advantage. Also, to secure the control and trust of the people, for personal data, such services and their providers will help individuals exercise their rights under the general data protection regulation (GDPR). This can be done, for example, by means of novel personal information management tools, such as personal data spaces or data wallets, which are apps that share such data with others, based on the data holder’s consent.

  • DATA ALTRUISM

The DGA also makes it easier for individuals and companies to make data voluntarily available for the common good, such as medical research projects. Entities seeking to collect data for objectives of general interest may request to be listed in a national register of recognised data altruism organisations. Registered organisations will be recognised across the EU. This will create the necessary trust in data altruism, encouraging individuals and companies to donate data to such organisations so that they can be used for wider societal good.

  • INTERNATIONAL ACCESS TO AND TRANSFER OF NON-PERSONAL DATA

Similar to the safeguard for personal data under the GDPR, the DGA creates safeguards for public-sector data, data intermediation services and data altruism organisations against the unlawful international transfer of or governmental access to non-personal data. Notably, through secondary legislation, the commission may adopt adequacy declaring whether a non-EU country provides an adequate safeguard for the use of non-personal data transferred from the EU. Also, the commission can establish a contractual model for the transfer of non-personal data.

Major Privacy Updates of the Week

Dis-Chem data breach — 3.7 million client records exposed

Dis-Chem has confirmed an “unauthorised party” gained access to a database containing the personal information of more than 3.6-million people which could be used for criminal activities, such as phishing attacks. The information includes first names and surnames, email addresses and cellphone numbers. “After investigating a suspected data compromise suffered by one of our third party service providers and operators, we hereby confirm … that certain personal information was accessed by an unauthorised person on or about April 28,” the pharmacy retailer said in a statement.

Read More

Dis-Chem data breach — 3.7 million client records exposed

Dis-Chem has confirmed an “unauthorised party” gained access to a database containing the personal information of more than 3.6-million people which could be used for criminal activities, such as phishing attacks. The information includes first names and surnames, email addresses and cellphone numbers. “After investigating a suspected data compromise suffered by one of our third party service providers and operators, we hereby confirm … that certain personal information was accessed by an unauthorised person on or about April 28,” the pharmacy retailer said in a statement.

Read More

Digital Markets Act: EP committee endorses agreement with Council

Parliament’s Internal Market Committee endorsed the provisionally reached agreement with EU governments on the Digital Markets Act (DMA) with 43 votes in favour, one against and one abstention. Together with the parallel Digital Services Act (DSA), the DMA will address a number of societal and economic issues by limiting the market power of big online platforms and to make the digital market safer, fairer and more competitive. The rules will apply to large companies, so-called “gatekeepers” whose dominant online position make them hard for consumers to avoid. To be designated as a gatekeeper, a company has to provide a “core platform services” most prone to unfair business practices. This may include platforms such as social networks, messengers, virtual assistants, or search engines among others with EU turnover exceeding 7.5 billion euro or a market value exceeding 75 billion euro, and at least 45 million monthly end users and 10,000 annual business users.

Read more

Digital Markets Act: EP committee endorses agreement with Council

Parliament’s Internal Market Committee endorsed the provisionally reached agreement with EU governments on the Digital Markets Act (DMA) with 43 votes in favour, one against and one abstention. Together with the parallel Digital Services Act (DSA), the DMA will address a number of societal and economic issues by limiting the market power of big online platforms and to make the digital market safer, fairer and more competitive. The rules will apply to large companies, so-called “gatekeepers” whose dominant online position make them hard for consumers to avoid. To be designated as a gatekeeper, a company has to provide a “core platform services” most prone to unfair business practices. This may include platforms such as social networks, messengers, virtual assistants, or search engines among others with EU turnover exceeding 7.5 billion euro or a market value exceeding 75 billion euro, and at least 45 million monthly end users and 10,000 annual business users.

Read more

AEPD slaps Google with GDPR fine

Google has been hit with a €10 million fine by Spain for serious breaches of the European Union’s General Data Protection Regulation (GDPR) which found it had passed information that could be used to identify citizens requesting deletion of their personal data under EU law, including their email address; the reasons given; and the URL claimed, to a U.S.-based third party without a valid legal basis for this further processing.

As well as being fined, Google has been ordered to amend its procedures to bring them into compliance with the GDPR — and to delete any personal data it still holds related to this enforcement.

Read more

AEPD slaps Google with GDPR fine

Google has been hit with a €10 million fine by Spain for serious breaches of the European Union’s General Data Protection Regulation (GDPR) which found it had passed information that could be used to identify citizens requesting deletion of their personal data under EU law, including their email address; the reasons given; and the URL claimed, to a U.S.-based third party without a valid legal basis for this further processing.

As well as being fined, Google has been ordered to amend its procedures to bring them into compliance with the GDPR — and to delete any personal data it still holds related to this enforcement.

Read more

How Apple Claims to Stop New ‘Data Auction’ with New Privacy Features

Apple has released a new advertisement to highlight its commitment to privacy on iPhones. The ad basically highlights its ‘App Tracking Transparency’ feature that rolled out in April last year after much protest from Facebook parent Meta and ‘Mail Privacy Protection’. Both features aim (or rather claim) to reduce sharing of data like email, location, and advertising identifier with miscellaneous apps. Meta, the parent company of most-used apps like Facebook and Instagram, heavily relies on user data to feed personalised ads. Interestingly, Google has also released a new video to highlight its security features on the Android operating system.  Through App Tracking Transparency, Apple mandates that apps must take the user’s permission before tracking their data across apps or websites owned by other companies. Under Settings, users will be able to see which apps have requested permission to track so they can make changes as they see fit. This is also highlighted in Apple’s latest advertisement. Among the affected players, Meta had said earlier this year that the company expects a $10 billion ad revenue hit due to Apple’s App Tracking Transparency.

Read more

How Apple Claims to Stop New ‘Data Auction’ with New Privacy Features

Apple has released a new advertisement to highlight its commitment to privacy on iPhones. The ad basically highlights its ‘App Tracking Transparency’ feature that rolled out in April last year after much protest from Facebook parent Meta and ‘Mail Privacy Protection’. Both features aim (or rather claim) to reduce sharing of data like email, location, and advertising identifier with miscellaneous apps. Meta, the parent company of most-used apps like Facebook and Instagram, heavily relies on user data to feed personalised ads. Interestingly, Google has also released a new video to highlight its security features on the Android operating system.  Through App Tracking Transparency, Apple mandates that apps must take the user’s permission before tracking their data across apps or websites owned by other companies. Under Settings, users will be able to see which apps have requested permission to track so they can make changes as they see fit. This is also highlighted in Apple’s latest advertisement. Among the affected players, Meta had said earlier this year that the company expects a $10 billion ad revenue hit due to Apple’s App Tracking Transparency.

Read more

U.S. House passes bill requiring report on federal cyberattack response

Having cleared the Senate in January, the State and Local Government Cybersecurity Act passed the House Tuesday and now awaits President Joe Biden’s signature.

The bill updates the House Homeland Security Act to direct the Department of Homeland Security to improve information sharing and coordination with state, local and tribal governments—all of which face growing risks of cyberattack. The legislation requires federal cybersecurity officials to share cybersecurity threat, vulnerability and breach data with states and localities, and provide some recovery resources when attacks occur. The legislation specifically requires the Cybersecurity and Infrastructure Security Agency to provide state and local governments with access to better cybersecurity tools and policies, and calls for joint cybersecurity exercises to run at those levels of government. CISA must develop a strategy to set baseline objectives for state and local cyber efforts, and the bill further establishes a $500 million cost-sharing grant program through DHS to increase cyber funding with state and local governments.

Read more

RansomEXX Disrupts Scottish Association for Mental Health

Having cleared the Senate in January, the State and Local Government Cybersecurity Act passed the House Tuesday and now awaits President Joe Biden’s signature.

The bill updates the House Homeland Security Act to direct the Department of Homeland Security to improve information sharing and coordination with state, local and tribal governments—all of which face growing risks of cyberattack. The legislation requires federal cybersecurity officials to share cybersecurity threat, vulnerability and breach data with states and localities, and provide some recovery resources when attacks occur. The legislation specifically requires the Cybersecurity and Infrastructure Security Agency to provide state and local governments with access to better cybersecurity tools and policies, and calls for joint cybersecurity exercises to run at those levels of government. CISA must develop a strategy to set baseline objectives for state and local cyber efforts, and the bill further establishes a $500 million cost-sharing grant program through DHS to increase cyber funding with state and local governments.

Read more

WEEKLY PRIVACY NEWSLETTER

Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro