Cbridge_ChiefOct 23, 2023

Oh oh. Another #DataBreach involving public sector entities. Data from companies used by Gardaí and Local Authorities exposed. https://www.independent.ie/irish-news/thousands-of-drivers-have-sensitive-data-exposed-to-hackers-in-major-it-breach/a1379036136.html

It seems there is a question as to who the #DataController is. There shouldn’t be. The towing companies were providing a service to one or more public bodies. Each of those is a Data Controller for this data.

Thousands of drivers have sensitive data exposed to hackers in major IT breach

The driving licences of thousands of motorists who had vehicles towed on behalf of the gardaí were left at the mercy of hackers in a major data breach, the Irish Independent can reveal.

Independent.ie
Show threadMichael VealeAug 1, 2023

#DataProtection: you can still be a #DataController of such shared data. But do rights apply well? No. Confusing interactions with the #HouseholdExemption and with #JointControllership, all discussed in the paper.

Controllers might try and draw on recent case-law by the CJEU in GC and others to claim they are effectively incapable-by-design. This is a problem as platforms both design the vision of the service they offer (e.g. what is the role of an OS) and the detailed implementation.

Show thread@_microbe101🔒🛡🔐Dec 14, 2019
@Kevin only annoying,
#unsecured #datacontroller is g00g Le-
#dataservices himself!