LAST WEEK IN PRIVACY & DATA PROTECTION — 11th Weekly Newsletter
Irish DPO Posted Guidance on Anonymisation and Pseudonymisation
Irish Data Protection Office has issued a guidance document on anonymisation and pseudonymisation, which can be used to protect the privacy rights of individual data subjects and allow organisations to balance this right to privacy against their legitimate goals.
In short, irreversibly and effectively anonymised data does not fall under the scope of personal data and the data protection principles do not have to be complied with in respect of such data. On the other hand pseudonymised data consitutes personal data.
Read more HERE
Read the whole Guidance document HERE
Irish DPC Wants Clarification From Yahoo
Ireland’s Data Protection Commissioner (DPC) Helen Dixon has called on Yahoo to provide more clarity over the recently reported hack. Yahoo has revealed this week that hackers stole data from around half a billion accounts in 2014. Yahoo headquarters for its European, Middle East and African operations are in Dublin, Ireland, and the Irish DPC has requested information from Yahoo on the nature and extent of the security breach. The data may have included names, email addresses and dates of birth, but Yahoo has stated that unprotected passwords, payment card information or bank account details have not been accessed. Yahoo had been advising its users to change their passwords.
Read more HERE
ECHR To Rule on the Publishing of Tax Data
The Grand Chamber of the European Court of Human Rights (ECHR) is currently deciding on a case about whether a Finnish newspaper and related companies can reveal information about taxpayers. The case was referred to the Grand Chamber of the ECHR in December 2015, following several appeals in Finland and to the ECHR, and has its origins in an administrative complaint by the Finnish Data Protection Ombudsman from 2003 concerning the taxpayer information published by two Finnish limited liability companies Satakunnan Markkinapörssi Oy and Satamedia Oy in the newspaper Veropörssi. The newspaper reported information on tax affairs, including taxable income and assets. Furthermore, Satamedia Oy started a text messaging service which allowed people to obtain taxation information from a database, which was created using 1.2m taxpayer records already published by the newspaper.
In 2015 the Chamber of the ECHR ruled that there had been no violation of the right to freedom of expression because the decisions by the Finnish authorities and courts had been reasonable and had struck a fair balance between the competing interests at stake, namely the applicant companies’ freedom to impart information about matters of public interest, and the right to respect the private lives of those taxpayers whose taxation information had been published.
Following the appeal procedures the case has now been referred to the Grand Chamber of the ECHR, which has commenced the procedures and has heard the case last week. The ruling will be made at a later stage.
Read more HERE
Switzerland to Vote on a New Surveillance Legislation
On Sunday the Swiss voters will vote on a new legislation that will extend the Swiss Federal Intelligence Service’s authority to monitor internet traffic, deploy drones, and hack foreign computer systems to combat militant attacks. Switzerland’s system of direct democracy gives its citizens the final say on the law passed in September 2015 which will give new powers to the Federal Intelligence Service, along with rules on when the agency can use them. The use of these new tools will only be possible under strict conditions. For example, the agency must get the government’s approval before deploying software to penetrate foreign computer networks. When gathering information, the new law obliges the agents to “employ methods least likely to intrude on the targeted person’s civil rights”. According to the first surveys the 53% of potential voters are in favour of the new legislation while 35 % are opposed.
Read more HERE
Google’s new Messaging App Raises Privacy Concerns
Google has launched a new chat/messaging application named Allo, which uses artificial intelligence and gathered user information to offer automatically generated responses and other computer-generated suggestions to its users. The app has sparked debates over its potential threat to privacy and safety. When the app was first announced earlier this year Google had planned end-to-end-encryption in the so-called “Incognito Mode” and assured they would merely store messages transiently. Now it appears that Google has somewhat stepped back from its initial claims, because Google will store and be able to access all conversations that aren’t specifically started in “Incognito Mode” by default, unless the user deletes it.
The ex-NSA contractor and whistleblower Edward Snowden was one of the first people to warn against the use of the Allo app. He tweeted that the app will “record every message you ever send and make it available to police upon request”.