DP News – Week 6. Israel may lose ‘adequacy’ status in the EU, Google FI has reported a data breach, IMY issued the study “Data protection in practice”

The EU is becoming concerned about the future of Israel’s judicial system and it could lead to the EU rethinking the status of Israel as an ‘adequate’ country. This might well happen if the legal reforms suggested by Prime Minister Netanyahu’s government are carried out, which might result in judges appearing not to be impartial any longer.

In particular, a new reform implies a legal opportunity for the parliament to overrule any national Supreme Court’s decision in particular circumstances, giving politicians more control over how judges are appointed, removing certain grounds on the basis of which the legislation may be struck down.

As Tobias Judin (Head of the International Section at the Norwegian Data Protection Authority) explains, it is very important “that the judiciary is actually independent, that you have independent oversight and redress. […] A possible consequence would be that adequacy for Israel would be revoked because it no longer meets the criteria. That means that suddenly you can’t transfer data freely from Europe to Israel anymore, and probably European companies would avoid Israeli companies as well […] They would be in the same category as China”.

***

Mobile virtual network operator Google FI has reported a data breach, resulting in such data as account activation date, data about individuals’ service plans, SIM-card serial numbers and account status (active/inactive) being stolen by malicious actors.

As Google explained in the email sent out to affected customers, the breached data “[…] does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi or the contents of any SMS messages or calls”.

***

Sweden’s data protection authority IMY issued the study “Data protection in practice” which is based on the online survey reports received from DPOs in circa 800 organisations.

The study highlights challenges and issues most often encountered by DPOs. In particular, an increasing number of DPOs have started to work part-time since 2019, many of them actually work more than the time allocated. Only 40% of them believe their organisations work “continually and systematically with data protection”, while “almost half feel that they are not included in a timely manner”, and roughly one-fourth of the part-time DPOs do not consider their assignment clear.

At the same time, as the study suggests, “There seems to be a clear decrease in the initial difficulties in understanding and implementing GDPR […]. Instead, DPO argue that a big challenge is now that the regulations are seen as an obstacle to the organisation and that GDPR makes the work of the organisation more difficult”.