Collection of Personal Data – 7/2021

Originally published: newspaper “Estia” (in Greek)
Date: 15/04/2021

Aimilios Koronaios
Attorney at Law
LL.M. (Aberdeen), LL.M. (Athens)

Hellenic Data Protection Authority – Annual Report

At the beginning of April, the President of the Hellenic Data Protection Authority (HDPA) Mr. Konstantinos Menoudakos presented to the President of the Hellenic Parliament Mr. Konstantinos Tassoulas, HDPA’s Annual Report for 2019.  As noted by the President of HDPA, 2019 was an awareness-raising year for the protection of personal data, as many organizations and companies reorganized procedures and adopted relevant best practices. However, he also pointed out that HDPA still lacks adequate staffing and necessary resources. Its composition has been deficient for the last 20 months due to the end of term or the departure of members, and its human resources need substantial strengthening.

Cyprus – Digital Green Certificate

The Office of the Personal Data Protection Commissioner of Cyprus issued an announcement on the “Digital Green Certificate”, the adoption of which is promoted by the European Union to facilitate the free movement of citizens within the Member States. As stated, the certificate will be issued in electronic or paper form by the Member States, which will guarantee its authenticity, validity and integrity, by electronic seals or similar means. The issuance of the certificate granted free of charge and will be easy to obtain. As for the personal data issues that arise, they are still under consideration. It is recalled that the certificate will concern vaccination, examination and recovery from COVID-19.

South Korea – International transfers

In a joint statement, EU Justice Commissioner Didier Reynders and South Korean Data Protection Authority Chief Yoon Jong In briefed on the successful completion of EU-South Korea talks in relation to the level of personal data protection in South Korea. The purpose of these processes is the issuance of the so-called “competence decision” by the European Commission, which will attest the adequate level of personal data protection in South Korea. This will make it possible to transfer personal data, in particular from companies from EU Member States to South Korea, with great ease, without the need to adopt appropriate safeguards mechanisms for the safe transmission.

Russia – Facebook

The recent incident of the appearance of a set of data, which seem to come from Facebook and concern 553,000,000 users, on a publicly accessible website has occupied the competent federal authority of Russia (“Roskomnadzor”). According to its announcement, information speaks of about 10,000,000 users of the well-known social media from Russia who are involved in the event, which includes the publication of users’ names, telephone numbers, locations and dates of birth. The competent Russian authority called on Facebook to provide information and take appropriate precautionary measures for the future. This is an incident that has affected more than 600,000 users in Greece, according to the HDPA.

Singapore – Breach incidents

The Singapore Data Protection Authority has updated its guide to dealing with and reporting violations. According to the updated guide, incidents of personal data breach can lead to financial loss for the organization involved, as well as a loss of trust of its customers. The latter can even be severely affected, if protection measures are not taken quickly. For these reasons, it is important that the organizations involved manage and report on these events. It is recalled that an incident of personal data breach is broadly understood as unauthorized access, collection, use, disclosure, copying, alteration or disposal of personal data.

Hong Kong – Social Media

The Hong Kong Data Protection Authority has published a guide to protecting ones privacy when using social media and instant messaging applications. As mentioned, the services provided to users are never completely free. The price is their personal data, which is collected and processed by the providers of these services. What is suggested for the protection of personal data? Among other things, the careful reading of the relevant protection policies, the restriction of personal data submitted during registration, the consideration of the privacy settings provided and their amendment, where necessary, as well as the increased attention when publishing / sending personal information.