Last week in privacy (week 45)

EU council presidency publishes a draft resolution on encryption


The German presidency of EU Council has published a draft resolution on encryption. The resolution itself is not a legislative act, but rather a political declaration inviting the EU Commission to take further action such as a new legislative initiative.


While the EU continues to support strong encryption, the resolution paper sees that encryption, in certain areas, such as security and criminal justice, renders access to electronic evidence ‘extremely challenging’ or ‘practically impossible’.


See the the draft resolution here.


ORG takes ICO to court over its failure to enforce unlawful practices by AdTech industry


Privacy Organisation Open Rights Group (“ORG”) takes UK’s supervisory authority, the ICO, to court over ICO’s failure to stop unlawful practices by the AdTech industry.


A complaint was made in 2018 asking ICO to investigate and enforce the alleged breaches of the GDPR by the AdTech industry, focusing especially on the role of the Internet Advertising Bureau (“IAB”).


Despite founding widespread and systematic abuses, the ICO decided to close the investigation without taking any substantive actions. The complainants are now taking a legal action against the ICO over its refusal to take any action against what their own investigation concluded was unlawful.


See a press release by the Open Rights Group here.


German presidency publishes a new proposal text for ePrivacy Regulation


The German presidency of the Council of the European Union released its revised text for the proposed Regulation concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications, the “ePrivacy Regulation”).


See the latest text here.


Folksam announces a data breach affecting 1 million customers


Folksam, one of the largest insurance companies in Sweden announced on 3rd of November 2020 that it had discovered a data breach during an internal audit. Approximately 1 million data subjects’ personal data, some of which are considered as special categories, had been shared with companies such as Facebook, Google, Microsoft, Linkedin and Adobe.


Read Folksam’s announcement here.