30/05/20 GDPR Community Round-Up

Here’s a round-up of interesting reading we found online today*;

• Finnish DPA imposed three administrative fines for data protection violations. The Office of the Data Protection Ombudsman’s sanctions board imposed administrative fines on three companies for violations of data protection legislation on 18 May. These violations concerned giving insufficient information on data protection rights, neglecting to conduct a data protection impact assessment and the unnecessary collection of personal data.

• iOS Mail has 'critical' security flaws. iOS and iPadOS users should install Apple's latest security updates immediately. Germany's federal cybersecurity agency has issued a warning urging all iOS users to install Apple's latest security updates which patch two zero-click security vulnerabilities that impact the company's default email app.

• During the second year of GDPR there was an increasing trend in the creation of new digital consent notices by companies globally, growing overall by 40%, indicating that more companies are placing an emphasis on having processes in place to capture customer consent online, according to new research.

• Test and Trace have not passed a data protection impact assessment. Public Health England failed to complete the required impact assessment before launching the Covid-19 Test and Trace programme.

• Half of workers 'cut corners' on IT security during COVID-19 remote working. A study warns of lax data security adoption among employees working from home.

• The reopening of physical workplaces following the COVID-19 pandemic will raise complex data protection issues, DLA Piper Ireland has warned. As Ireland progresses over the coming months through the five phases of reopening the economy, data protection issues will arise in relation to issues including temperature checks and contact tracing apps.

• The Apturi COVID (Stop COVID) mobile app created in Latvia complies with the requirements of GDPR and does not use data provided by the Global Positioning System (GPS) to track its users, mobile phone operator Latvijas Mobilais Telefons (LMT) President Juris Binde said during a presentation of the mobile app today. He stressed that the data stored by the app were deleted from the device within fourteen days, explaining that this was the average incubation period for Covid-19.

• Interesting reading "Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law".

• The team at Security Detectives has discovered another leaky database. BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. The data in some instances included “technical information relating to the company’s web and mobile sites.

• Italian Serie A club Roma has signed up cybersecurity and data protection platform Acronis to its sponsorship portfolio. The deal will allow the club to step up its use of data in operations both on and off the field. Acronis will provide artificial intelligence and machine learning solutions to process football data. In addition, it will provide its security and data protection services to the club.

*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.