DP News - Week 20. The Swedish Data Protection Authority can supervise search services with publishing certificates, the Information Commissioner's Office report emphasizes the need for organizations to enhance their cybersecurity measures, the EU Commission launches DSA investigation into Meta, the UK’s House of Lords sets a date for the UK GDPR reform report stage.

The Swedish Data Protection Authority (IMY) has determined that it has the authority to initiate supervision of search services with publishing certificates following complaints from individuals. These services make a large amount of personal data available on the internet, including names, addresses, ages, household sizes, vehicle ownership, and involvement in companies, which has caused significant distress and concern among individuals. IMY’s reassessment is prompted by developments in European and Swedish legal precedents, which have strengthened individuals’ rights and emphasized the need to balance data protection with freedom of expression. The decision confirms IMY’s jurisdiction to investigate such services based on complaints under the General Data Protection Regulation (GDPR), but specific actions against these services will be determined on a case-by-case basis in future investigations.

Read more here

***

The UK’s Information Commissioner’s Office (ICO) report emphasizes the need for organizations to enhance their cybersecurity measures to safeguard personal data in the face of escalating cyber threats. It underscores a concerning trend of increasing cyber breaches, with over 3,000 incidents reported in 2023, predominantly affecting the finance, retail, and education sectors. Through analyzing these breaches, the report identifies common security lapses, such as phishing attacks and misconfigurations, and offers practical advice to bolster defenses. Urging transparency and accountability, the report emphasizes the importance of foundational cybersecurity controls and outlines the consequences, including fines, for organizations failing to implement adequate security measures. Collaboration with authorities like the National Cyber Security Centre is encouraged, alongside timely reporting of breaches to facilitate expert support and mitigate further risks.

Read more here

***

The European Commission has launched an investigation into Meta, focusing on potential shortcomings in the company’s protection measures for minors on its platforms, in accordance with the EU Digital Services Act. The Commission raised issues about whether Instagram and Facebook’s age verification systems are adequate and expressed concerns that their algorithms might encourage addictive behaviors in children, potentially leading them down a “rabbit hole” of content.

Read more here

***

The UK’s House of Lords will begin the report stage for the proposed Data Protection and Digital Information Bill on June 10. During this stage, any member of the House of Lords can propose further amendments to the bill. These approved amendments will be incorporated into a reprinted version of the legislation before it undergoes a third reading in the same legislative body.

Read more here

Related blog posts

DP News – Week 25. Bavarian authorities published guidance on joint controllership, CNIL published recommendations for the use of open data on the internet, IAPP published an article on human oversight needs within the EU AI Act.

DP News – Week 22. Spanish company fined €12,000 for GDPR violations, European Data Protection Board responses to financial data access and payment services legislation, Council of the EU to approve GDPR cross-border enforcement improvements.

DP News – Week 21: Car rental employee fined for unlawfully accessing customer data, Belgium Data Protection Authority rules software platform administrator as data processor, not controller and football league organizer fined for GDPR violations after failing to erase player data!