The Data Protection Club of L’Usine Digitale brings you the best news from the week of September 30 regarding data protection. On the list: Conditions for access to phone data by law enforcement services, free of charge in the face of data leakage or even the conviction of an Excel spreadsheet by the Northern Ireland Police.
-
Ireland is investigating Ryanair’s verification process. After several complaints, the Data Protection Commission (DPC), Ireland’s data protection authority, announced an investigation into Ryanair. In its view: the processing of personal data – biometrics in particular – as part of verification processes for customers who book flights on third-party websites or online travel agencies. “The verification methods used by Ryanair included the use of facial recognition technology using customers’ biometric data,” DPC Assistant Commissioner Graham Doyle said. Last May, EU Travel Tech, an association launched in 2009 that represents the interests of global distribution services and travel agencies to industry and public policymakers, filed two complaints against Ryanair for breaching the General Data Protection Regulation (GDPR). The first was presented before the National Commission for Information Technology and Freedoms and the second before the Data Protection Authority (ADP), the Belgian authority.
-
90% of French people consider their banking data sensitive. The French Banking Federation reveals a study on the perceptions and behaviors of the French in the field of cybersecurity. 90% of participants consider their banking data to be the most sensitive data. This trend is less pronounced among young people under 35 years of age.
-
Investigative access to phone data is not limited to combating serious crimes. The Court of Justice of the European Union has issued a particularly important ruling regarding access to police services. It ruled that police access to mobile phone data is not necessarily limited to combating serious crimes. A ruling to the contrary would lead to “an increased risk of impunity for criminal offenses in general, and thus a risk of creating a space of freedom, security and justice in the Union.” On the other hand, such access must be subject to prior control by either a court or an independent administrative body, except in duly justified cases of emergency. This monitoring must ensure a fair balance between legitimate interests linked to investigative needs and fundamental rights. The person must also be informed of the reasons for allowing access to the data on their phone.
-
Free alert when data leaks. The free operator emailed Freebox users after it “observed that your personal data was consulted which may result in the loss of confidentiality of some of your information.” This includes first and last name, phone number, and mailing address. The company specifies that banking details and passwords were not affected.