Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.
Here are the top stories you might have missed:
Europe’s top privacy regulator: Don’t hold your breath on data-transfer agreement
Though companies needing to export data from the EU to the U.S. may be anxious for a new agreement on such transfers due to Privacy Shield’s invalidation, Europe’s data protection supervisor says they may be waiting for some time. “I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shied like solution will last for awhile,” said Wojciech Wieriorowski. That’s in part because it’s not yet known whether U.S. President-elect Joe Biden’s administration will prioritize it, Reuters reports.
2. Forthcoming rule ignites debate on balance between privacy and protecting children
The debate on regulating privacy in Europe is “now entangled in the global fight against child exploitation,” The New York Times reports. A privacy rule slated to take effect Dec. 20 would restrict internet companies from scanning email and messaging apps in the EU. But it would also prohibit scanning for child exploitation imagery without a court order. Privacy advocates say scanning for such data violates Europeans’ privacy rights, but children’s advocates worry about the impact the rule will have on protecting children.
3. Webinar: How to operationalize cookies without violating privacy
The writing has been on the wall for some time: The rules surrounding third-party cookies used for online tracking, advertising and even website functionality will have to change. Even Google has said it will phase out third-party cookies in the next couple of years. But Cookies are still a viable way to gain insights and can abide by compliance requirements if used correctly. In this Osano webinar, CEO Arlo Gilbert is joined by industry experts to deliver this how-to.
4. Advocates want Google to release data on ‘geofence’ warrants
A coalition of privacy advocates have called on Google to release monthly data on how many “geofence and keyword warrants it receives,” CNet reports. “Goefencing warrants” are police requests to internet companies to gather data on user devices within a certain radius. “Keyword warrants” are police requests to gather data on users who’ve searched a certain phrase. The groups, including the Electronic Frontier Foundation and the Surveillance Technology Oversight Project” say the public is unaware of how many warrants Google receives. Meanwhile, geofencing faces legal challenges in some U.S. states.
5. Court opinion could help plaintiffs alleging privacy harms
Plaintiffs in privacy class-action lawsuits often have trouble reaching the “harm” threshold in cases. Often, the greatest hurdle in convincing courts to hear a case can be proving there has been a concrete injury as a result of privacy violations under the law. But a Seventh Circuit court opinion issued in November in Fox. v. Dakkota Integrated Systems, in which the plaintiff alleges a privacy violation over the collection and storage of her biometric data, may be a boon to plaintiffs, JD Supra reports.
6. Apple security system results in ongoing privacy lapse
Apple’s focus on security protocols on a system called Gatekeeper meant data on the feature was sent unencrypted and bypassed virtual private networks meant to hide user activity, Forbes reports. Gatekeeper’s aim is to ensure only secure apps runs on Apple computers, but the ongoing privacy lapse means more than 100 million users have been affected, the report states.
7. Israel seeks submissions on how to update privacy law
Israel’s Ministry of Justice has published an open call for submissions for amendments to the country’s privacy law, Mondaq reports. The ministry aims to update the law in light of technological developments since it was enacted in 1981. The public is asked to opine on “aspects of Israeli law that insufficiently protect the right to privacy for information processed in databases” and whether the law reflects social and economic realities on organizations that process data, among other topics. Submissions will be accepted until Dec. 13.
8. Australian privacy commissioner finds travel site breached customer privacy
Australian Information Commissioner and Privacy Commissioner Angelene Falk has found travel-booking site Flight Centre breached customer privacy when it held a competition called “design jam” in 2017. Flight Centre gave a data set it thought it had anonymized to teams competing in the event, but Falk found the file contained personal information including birth dates, as well as credit card and passport numbers. Falk said the company shouldn’t have handed over such a sizeable data set and should have conducted a privacy impact assessment before the project’s launch.