Included in this issue of data & privacy news: online retailers could lose £5.9bn through cyberattacks; privacy campaigners challenge government over test-and-track programme and more...

Research shows online retailers could lose £5.9bn through cyberattacks

New research has revealed that online retailers could lose £5.9 billion through cyberattacks each year depending on how long it takes them to identify and contain a data breach.

On average, 43% of businesses experienced a cybersecurity breach each year, with almost 90% of login attempts on online retailer's websites a result of a hacker using stolen data.

The area most open to data breaches in the e-commerce sector was payment systems.

Finnish data regulator imposes GDPR fines on three companies for data protection violations

On 18 May, the Office of the Data Protection Ombudsman, the Finnish data regulator, imposed administrative fines on three companies for data protection violations.

Posti Oy received a fine of EUR 100,000 for providing insufficient information on data protection rights.

Kymen Vesi Oy received a fine of EUR 16,000 for neglecting to conduct a data protection impact assessment.

A third company received a fine of EUR 12,500 for the unnecessary collection of personal data.

Privacy campaigners to challenge government over test-and-track programme

Privacy campaigners, the Open Rights Group (ORG), are preparing a legal challenge to the NHS's coronavirus test-and-trace programme after Public Health England said it would retain "personally identifiable" data of those that test positive for 20 years. 

The ORG is concerned that personally identifiable data retained could be accessed by the Home Office or other governments departments for further purposes. The government has also failed to complete a legally mandatory data protection impact assessment on the programme. 

Experts state employees must be consulted on back-to-work technology

Experts have said that employees must be consulted on any technologies used to control or monitor their return to work following the coronavirus pandemic. 

Any back-to-work technology must focus on privacy. Organisations should ensure they only use the data they actually need to ensure safety in their operations. 

UK organisations plan to share more data despite significant data sharing challenges

New research has revealed that organisations plan to share more data with their business partners in the future despite significant data sharing challenges. 

Currently, under half of UK-based organisations share data with one-three external partners, with 40% strongly agreeing with the statement 'sharing data with others in the partner chain presents complex regulatory challenges'. 

France's data protection watchdog releases second review of StopCovid app

France's data protection regulator, the CNIL, has released its second review of the contract-tracing app StopCovid. The regulator has said that it sees no major issue with the technical implementation and legal framework of the app but with some caveats. 

France's StopCovid app has been developed by a group of research institutes and private companies rather than using an Apple and Google contract-tracing API.