ICO revises guidance on timescales for responding to a data subject access request

Data & Privacy News – 27 April 2020

Included in this issue of data & privacy news: ICO and European Commission Coronavirus updates; Tracking devices for coronavirus; Zoom accounts found on the dark web and more…

ICO and European Commission coronavirus updates

  • The ICO has published a document setting out its regulatory approach during the coronavirus pandemic. The organisation will be taking a pragmatic and flexible approach, with focus on the greatest threats.
  • The ICO has also published a blog on what to watch out for when video conferencing given its increased usage during coronavirus.
  • The European Commission has published guidance on coronavirus contact tracing apps, a hot topic and one being explored by the government and commercial organisations.

Ireland’s data regulator publishes report on use of cookies and other tracking technologies

Ireland’s data regulator, the Data Protection Commission, has published a report and new guidance on the use of cookies and other tracking technologies. The report highlights the key concerns found by the regulator, such as the wrong categorisation of cookies on websites by controllers and poorly designed cookie banners. This is indicative of increase regulatory scrutiny in relation to the use of personal data through cookies as seen with the ICO’s previous guidance on cookies last year.

Proliferation of digital surveillance methods may be hard to roll back after coronavirus pandemic

Researchers and privacy advocates around the world have said that the enhanced monitoring of people during the coronavirus pandemic may be difficult to scale back in the future.

Both authoritarian states and democratic countries have employed and / or are planning to employ vast programmes of mobile data tracking, apps to log personal contact with other individuals, CCTV networks equipped with facial recognition, consent schemes to go outdoors and drones to enforce social isolation.

A world leading expert on mobile data surveillance has said that the coronavirus pandemic had created a “9/11 on steroids” that could unleash a grave abuse of powers.

Over 500,000 Zoom accounts found on the dark web

Researchers at online security firm Cyble have discovered more than 500,000 stolen email addresses and passwords for video conferencing app Zoom on the dark web.

It is believed that third party data breaches using a technique known as credential stuffing was used to gather the data, rather than a direct hack on Zoom.

Cyber security experts have reiterated the importance of not using the same passwords across multiple websites and apps.

Tech services provider hit by Maze ransomware cyber attack

IT services provider Cognizant Technology Solutions (CTS) has confirmed that it has been hit by a Maze ransonware cyber attack and is taking appropriate measures to contain the attack, as well as carry out investigations into the incident.

In recent months, a large number of organisations have had their computers encrypted by Maze ransomware. The group is known to threaten to leak private information of organisations that refuse to pay the ransoms.

CTS has contacted the appropriate law enforcement authorities in regards to the cyber attack.

ICO defer BA and Marriott GDPR fines until completion of further investigations

The multi-million pound GDPR fines to be issued to British Airways and Marriott International by the ICO have been deferred until completion of further investigations.

An ICO spokesperson has confirmed that the “regulatory process is ongoing in both BA and Marriott” but provided no further information.

Normally, the ICO would have six months from giving notice of intent to fine an organisation, to issue a penalty notice to levy a fine. An initial extension of the investigation had already been granted in January 2020, which was due to expire at the end of March 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *