Weekly Privacy News - Week #8Published on 2023-2-21
European Parliament Group Condemns Draft US Adequacy Decision
The European Parliament’s civil liberties group (LIBE Committee) has passed a draft resolution urging the European Commission not to grant “adequacy” status to the US.
The group argues that the EU-US Data Privacy Framework (EU-US DPF) “fails to create actual equivalence” between EU and US data protection regimes and would undermine the fundamental right to a legal remedy for victims of surveillance.
Meta’s ‘Stop Transfers’ Order Could Be Issued Within Two Months
A spokesperson for the European Data Protection Board (EDPB) has stated that Meta could be ordered to stop transferring personal data from the EU to the US within two months, according to Politico.
A “binding decision” due for publication by 14 April could end a long-running series of appeals and delays following the “Schrems II” case in July 2020. Meta has repeatedly stated that an order to stop data transfers could prevent the company from providing its Facebook and Instagram services in Europe.
TikTok Announces New European Data Centres In Response to China Surveillance Concerns
TikTok has committed to opening two new EU-based data centres in an attempt to quell fears that Chinese authorities can access its users’ data. However, it’s unclear whether the move would meaningfully restrict the powers of the Chinese government.
Legislators in several countries have warned against using TikTok or are passing laws limiting its use. The US House of Congress passed a bill in December banning the app from government-issued phones.
German Court Rules Against Police Use of Palantir’s Gotham Software
Germany’s federal constitutional court has struck down “predictive policing” laws in two German states. The laws enable police forces in Hamburg and Hesse to create maps of phone contacts using “Gotham”, an analytics platform provided by US-based big data firm Palantir.
The court ruled that Hamburg police must stop using Gotham immediately, while Hesse legislators must rewrite the state’s legislation to limit how police forces use the platform.
US Study Reveals Open Market For Mental Health Data
A paper by Joanne Kim at Duke University has revealed that some data brokers sell “highly sensitive data on individuals’ mental health conditions on the open market” with “minimal vetting of customers”.
The researcher obtained data about people’s mental health issues from 10 data brokers with no identity verification or background checks. Some data brokers also did not implement any restrictions on how customers used the data once purchased.
Here’s a summary of the latest European data protection and privacy enforcement decisions published this week.
Court of Justice of the European Union (CJEU)
The UK DPA newly published five reprimands issued in October and November 2022. Three of the reprimands were against central government departments, one against a health service trust, and another against a police force.
The UK DPA fined It’s OK Ltd £200,000 (€225,000) for violating telephone marketing rules under the Privacy and Electronic Communications Regulation (PECR), which implements the ePrivacy Directive in UK law.
An emergency services call centre worker was criminally prosecuted by the UK DPA for unlawfully obtaining personal data.
The Norwegian DPA fined a fitness chain called “Sats” NOK10 million (€909,000) for failing to fulfil data subject rights requests in violation of Articles 15 and 17 of the GDPR.