The Spanish Data Protection Authority announced it imposed a sanction on an organization for installing cookies on a device without obtaining prior consent of the user.
https://www.aepd.es/resoluciones/PS-00127-2019_ORI.pdf
Russia: Localization obligation (fines)
The Russian president signed a law introducing financial penalties for violations of the localization obligation in Russian privacy law.
Denmark: DPA rules that insisting without exceptions on ID validation in connection with Data Subject Request is not compliant with GDPR
The Danish Data Protection Authority concluded that requesting data subjects to submit a passport, driver’s license, or national identity card, in order to support the exercise of their rights does not comply with the GDPR.
The Danish Data Protection Authority has ruled in a case in which a British citizen complained that Pandora A / S had asked him to submit a passport, driver’s license or national identity card before Pandora would consider his request for deletion.
Pandora stated that, for security reasons, the company had established a general procedure for submitting credentials in connection with requests to exercise the rights of data subjects.
The Data Inspectorate found that Pandora’s general procedure, *which without exception required ID validation* in connection with processing requests for the exercise of data subjects’ rights, did not comply with the Data Protection Regulation.
The Danish Data Protection Authority emphasized, among other things, that the data controller has a duty to make a concrete assessment of whether there is a reasonable doubt about the identity of the natural person when receiving requests for the exercise of data subjects’ rights.
The case is the first case where the Danish Data Protection Agency has taken a decision as the lead supervisory authority under the “one-stop shop mechanism” in connection with cross-border processing of personal data.
https://www.datatilsynet.dk/tilsyn-og-afgoerelser/afgoerelser/2019/okt/id-validering-ifm-anmodninger-om-udoevelse-af-registreredes-rettigheder/
ENISA proposes Best Practices and Techniques for Pseudonymisation
The European Union Agency for Cybersecurity (ENISA) published a new report on “Pseudonymisation Techniques and Best Practices”, which explores the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice.
https://www.enisa.europa.eu/news/enisa-news/enisa-proposes-best-practices-and-techniques-for-pseudonymisation
Report:
https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices
German Data Protection Authorities propose to create GDPR-obligations for producers of software and hardware (incl. liability)
Copying the below directly from the homepage of the Data Protection Authorities of Baden-Württemberg at https://www.baden-wuerttemberg.datenschutz.de/german-data-protection-authorities-propose-to-create-gdpr-obligations-for-producers-of-software-and-hardware-incl-liability/ :
“German Data Protection Authorities #DSK suggest to strengthen the principle „Privacy by Design“ by including a new category of legally obliged parties, the „producers“. They should be hit directly with #GDPR -obligations and also face claims for damages.
https://www.linkedin.com/pulse/german-data-protection-authorities-propose-create-producers-piltz
”
CNAME cloaking – new technique to hide third party content/trackers/cookies
Norway DPA: Software development with Data Protection by Design and by Default
Guidance web site with checklists etc. [in English]
https://www.datatilsynet.no/en/about-privacy/virksomhetenes-plikter/innebygd-personvern/data-protection-by-design-and-by-default/?id=7729
A guide to security engineering for OT engineers
Company: Anonos – anonymization/de-identification
[Draft]Awesome Cyber Security Resource Collection.
“Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.”
https://github.com/xrkk/awesome-cyber-security