Data Protection News Roundup – 15th December 2020

The Data Guardians’ Managing Director and lead consultant Matthew Lamb is a Certified Data Protection Officer and Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance as well as addressing your Cyber Security issues.


Data Breaches

The European Medicines Agency (EMA), which is responsible for the evaluation and supervision of medical products including the Covid-19 vaccine, has been hit by a cyberattack. It has confirmed that a limited number of third-party documents were unlawfully accessed. Read more here.

A significant password data breach involving East Devon councillors has been uncovered and is under investigation by the ICO. Passwords used by at least 37 of the 60 councillors at East Devon District Council were briefly available to other councillors in the breach. Read more here.

Spotify has reset an undisclosed number of user passwords after blaming a software vulnerability in its systems for exposing private account information to its business partners. Read more here.


Other News

A division of the Co-op grocery chain is facing scrutiny after deploying a face-based surveillance system at a handful of its stores. Facial recognition cameras were installed at 18 stores run by the Southern Co-op franchise, which operates more than 200 stores. Read more here.

France’s data protection agency, the CNIL, has issued Google and Amazon with penalty notices for dropping tracking cookies without consent in a breach of GDPR. Google has been fined a total of €100 million for dropping cookies on and Amazon €35 million for doing so on the domain. Read more here.

A complaint filed with the ICO by the Open Rights Group, accuses Labour, the Conservatives and the Liberal Democrats of misusing the personal data of voters. The complaint alleges that the parties conducted “highly intrusive profiling” without telling voters they were doing so – and that they went far beyond what was “necessary”, a key term in data protection law, which states that use of data must be “necessary and proportional”. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.