Free tools and resources for Data Protection Officers!

Latest bits on privacy and cybersecurity #3

This weeks collection of latest privacy, data protection and cyber-security news and interesting articles. Enjoy the reading!

Six month prison sentence to employee for data misuse

A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/11/six-month-prison-sentence-for-motor-industry-employee-in-first-ico-computer-misuse-act-prosecution/

 

Consumers are more concerned with cybersecurity and data privacy in 2018

Ping Identity 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era was released on Wednesday. It reveals that one in five users have been victims of a data breach, and out of that number 34% of them experienced financial loss. Following a breach, 78% of respondents said they would stop engaging with the brand online, and 36% said they would stop engaging with the brand completely. 54% of respondents are more concerned with protecting their personal data now than they were prior to the breach.

https://www.techrepublic.com/article/consumers-are-more-concerned-with-cybersecurity-and-data-privacy-in-2018/

 

Privacy International files complaints against seven companies for wide-scale and systematic infringements of data protection law

Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.

https://privacyinternational.org/press-release/2424/privacy-international-files-complaints-against-seven-companies-wide-scale-and

 

EU: Commission issues update on UK data transfers for no Brexit deal scenario

The European Commission on 13 November 2018 issued an update on the transfers of personal data between the EU and the UK. In particular, the Commission noted that, in the case of a no deal scenario, data transfers will take place under the rules on international transfers of the General Data Protection Regulation (‘GDPR’), the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’) for the law enforcement sector, and the Regulation on the Protection of Individuals with Regard to the Processing of Personal Data by the Community Institutions and Bodies and on the Free Movement of Such Data (‘the EU Institutions Regulation’).

Furthermore, the Communication highlights that the toolbox provided by the GDPR, the Law Enforcement Directive and the EU Institutions Regulation is broad enough to cover international transfers, thus the adoption of an adequacy decision is not part of its contingency planning.

You can read the press release here and the Communication here.

 

Romania ‘using EU data protection law to silence journalists’

The Romanian government has been accused of using the EU’s new data protection rules to stifle a probe by a group of investigative reporters looking into the abuse of EU funds in the country.

https://euobserver.com/justice/143343

 

Americans more concerned about data privacy than healthcare

Americans believe that companies should have a mission that goes beyond the money—one that has a positive impact on world hunger, job creation and education, according to the latest Harris Poll data.  According to 65 percent of survey participants, Data privacy most pressing issue.

https://eu.usatoday.com/story/money/2018/11/09/americans-more-concerned-data-privacy-than-healthcare-study-says/1904796002/

 

More than 50 nations sign onto cybersecurity pact

French President Emmanuel Macron released an international agreement on cybersecurity principles Monday as part of the Paris Peace Forum. The original signatories included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but not the United States, Russia or China.

The Paris Call for Trust and Security in Cyberspace is another step in the disjointed effort to create international norms and laws for cybersecurity and warfare. In most international matters of regulating the internet, there tends to be a wide split between the liberal Western order and authoritarian nations like Russia and China.

https://www.axios.com/cybersecurity-paris-call-for-trust-france-21e434df-8a59-48bc-8cde-cd1c1f43dfd0.html

 

Another Facebook vulnerability could have exposed user information

The security company Imperva has released new details on a Facebook vulnerability that could have exposed user data. The bug allowed websites to obtain private information about Facebook users and their friends through unauthorized access to a company API, playing off a specific behavior in the Chrome browser. The bug was disclosed to Facebook and resolved in May.

https://www.theverge.com/2018/11/13/18088904/imperva-facebook-data-vulnerability-user-friends-information-cambridge-analytica

 

Facebook Failed to Police How Its Partners Handled User Data

Facebook failed to closely monitor device makers after granting them access to the personal data of hundreds of millions of people, according to a previously unreported disclosure to Congress last month.

Facebook’s loose oversight of the partnerships was detected by the company’s government-approved privacy monitor in 2013. But it was never revealed to Facebook users, most of whom had not explicitly given the company permission to share their information.

https://www.nytimes.com/2018/11/12/technology/facebook-data-privacy-users.html

 

Facebook Facing GDPR Investigation over Audience Targeting Methods

Facebook is facing the wrath of the European Union’s General Data Protection Regulation (GDPR) once again following a complaint made by the UK Information Commissioner Office (ICO) to the Irish Data Protection Commission (DPC) in relations to the social media giant’s user targeting tactics.

Facebook has come in for heavy criticism in recent weeks after a number of news reporters portrayed how easy it was to post fake advertisements that appear to be sponsored/funded by real politicians. Other reports included targeting individuals with extremely conservative views and opinions.

https://www.compliancejunction.com/facebook-facing-gdpr-investigation-over-audience-targeting-methods/

 

Alarm over talks to implant UK employees with microchips

Britain’s biggest employer organisation and main trade union body have sounded the alarm over the prospect of British companies implanting staff with microchips to improve security. UK firm BioTeq, which offers the implants to businesses and individuals, has already fitted 150 implants in the UK.

The tiny chips, implanted in the flesh between the thumb and forefinger, are similar to those for pets. They enable people to open their front door, access their office or start their car with a wave of their hand, and can also store medical data.

https://www.theguardian.com/technology/2018/nov/11/alarm-over-talks-to-implant-uk-employees-with-microchips

 

Obscurity by design

One thinker proposes a shift in the way we think about user privacy.

https://postlight.com/trackchanges/obscurity-by-design

 

Third-Party Vendor Management Means Managing Your Own Risk

When considering the termination of a vendor relationship, you must consider the vendor, the contract and the business impact. Although this article is aimed at the privacy considerations in terminating a vendor relationship, there are other considerations within a general business frame.

https://iapp.org/news/a/monitoring-third-party-vendors-means-managing-your-own-risk-chapter-nine/

 

Private Blockchains Could Be Compatible with EU Privacy Rules

A joint study between Queen Mary University of London and the University of Cambridge concluded that, whilst challenging, it is theoretically possible for organizations to design blockchain applications that fully comply with recently implemented EU ‘General Data Protection Regulation’.

Due to innate aspects of blockchain technology, like the immutability and inability to retrospectively remove customer data recorded as such, the problems become obvious when it comes to creating a solution compatible with this European regulation.

https://cointelegraph.com/news/private-blockchains-could-be-compatible-with-eu-privacy-rules-research-shows

 

China surveillance tech can ID people by their walk

Chinese authorities have started using “gait recognition” software – artificial intelligence that identifies people by their body shape and the way they walk – for mass surveillance on the streets of Beijing and Shanghai. The tech can reportedly recognize people from up to 50 meters away, even if their face is hidden or their back is facing the camera.

https://www.cnet.com/news/china-surveillance-tech-ids-people-by-their-walk/

>