Privacy and Access Council of Canada

The voice for privacy and access

Cart

GDPR

Don’t be fooled by Meta’s fine for data breaches

"Rarely has hype so contrasted with impact" is a fitting assessment of the GDPR's first five years, offered by Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties and the Open Markets Institute. The various fines levied by data privacy authorities through the years, and the media's gleeful reporting about ever-higher fines, have been terrific to increase … [Read more...] about Don’t be fooled by Meta’s fine for data breaches

Facebook Vows to Fight the Fine

After a decade of litigation and mere moments after the largest GDPR fine levied to date became public, Facebook Meta vowed to fight the decision of the Irish Data Protection Commissioner. In the company's response to the long-awaited decision, Nick Clegg, President, Global Affairs and Jennifer Newstead, Chief Legal Officer, announced Facebook intends to appeal both the … [Read more...] about Facebook Vows to Fight the Fine

EU General Court Clarifies When Pseudonymized Data is Considered Personal Data

On April 26, 2023, the General Court of the European Union issued its judgment in Case T-557/20, SRB v EDPS. The Court held that pseudonymized data transmitted to a data recipient will not be considered personal data if the data recipient does not have the means to re-identify the data subjects.  The Court also clarified that an individual’s opinions cannot be assumed to be … [Read more...] about EU General Court Clarifies When Pseudonymized Data is Considered Personal Data

Encryption HRIA

Signaling a major shift in the way Meta approaches users' privacy, the company recently announced plans to make all of its messaging services — WhatsApp, Messenger, and Instagram DMs — end-to-end encrypted (E2EE).  As part of its initiative, Meta commissioned a human rights impact assessment (HRIA), which concluded that, "Meta’s planned expansion of strong … [Read more...] about Encryption HRIA

EDPB adopts Urgent Binding Decision in relation to WhatsApp

Following a provisional measure taken by the Hamburg DPA against WhatsApp, and analyzing WhatsApp's data sharing practices with Facebook, the EDPB determined that "the high likelihood of infringements and the lack of information" justifies the decision to request the for the Irish DPA to carry out a statutory investigation relating to WhatsApp's data processing, including: … [Read more...] about EDPB adopts Urgent Binding Decision in relation to WhatsApp

Fear and Loathing in the UK Adequacy Decision

On June 28, the European Commission adopted the UK adequacy decision, which will allow personal data to be transferred from the EU to the UK without additional safeguards. In an ideal world, this would indicate that the UK offers an adequate level of protection for personal data, and would signal their willingness to retain those standards. Unfortunately, reality tells a … [Read more...] about Fear and Loathing in the UK Adequacy Decision