gdpr
Latest
UK regulator to hit British Airways with record fine over 2018 hack
The UK's data privacy authority has announced it intends to levy its largest ever fine against airline British Airways (BA). The airline will have to pay £183.39 million ($230 million) to the Information Commissioner's Office (ICO) for failing to protect its customers' data.
TikTok now faces a data privacy investigation in the UK, too
TikTok is under investigation in the UK for how it handles the safety and privacy of young users. UK Information Commissioner Elizabeth Denham told a parliamentary committee on Tuesday that the popular short-form video app potentially violated GDPR rules that state that technology companies must have different rules and protections for children, reported The Guardian. The UK began its probe on TikTok back in February, shortly after the FTC fined the app for child privacy violations.
Nearly 70 percent of hotel websites leak personal data, Symantec study finds
A security flaw may be hiding in that confirmation email you get after booking a hotel room. A Symantec study of more than 1,500 hotels found that 67 percent of them were unwittingly leaking guests' personal information. The hotels in the study were spread across 54 countries, including the U.S., Canada and even some in the E.U., despite strict GDPR protections. They ran the gamut in quality too, from two-star motels to five-star beach resorts.
Congress oversight body recommends GDPR-style privacy laws
Tim Cook and the Senators pushing for US version of the EU's General Data Protection Regulation (GDPR) rules have found an ally in the Government Accountability Office. In a report publishing its findings for a study commissioned by the House Energy and Commerce Committee, GAO recommended establishing a comprehensive legislation on internet privacy. The bi-partisan government agency suggests putting the FTC in charge of enforcing the rules, which would be designed give people more control over their own data.
Of course Netflix kept all of your choices in ‘Black Mirror: Bandersnatch'
While you were watching Black Mirror: Bandersnatch on Netflix, Netflix was watching you, too. A General Data Protection Regulation (GDPR) request filed by University College London technology policy researcher Michael Veale revealed that Netflix kept track of every decision users made while watching the interactive film and has held onto that information long after viewers reached one of Bandersnatch's endings.
France fines Google $57 million over data transparency
The European Union's GDPR is relatively young, but Google is already in hot water over claimed violations. France's CNIL regulator has fined Google €50 million (about $57 million) for allegedly failing to provide transparent, "easily accessible" data consent policies. Google reportedly made it hard to learn about and control how it used personal data, including for targeted ads. It can sometimes take "5 or 6 actions" before you know what Google is doing, CNIL said, and the company spread ad targeting information across "several documents."
Microsoft tests feature to give people control over their personal data
Microsoft appears to be working on a project called Bali that would give users the ability to control data collected about them. The feature, spotted by Twitter user Longhorn, is being developed by the Microsoft Research team and appears to be in the stages of private testing for the time being.
More popular apps are sending data to Facebook without asking
It's not just dating and health apps that might be violating your privacy when they send data to Facebook. A Privacy International study has determined that "at least" 20 out of 34 popular Android apps are transmitting sensitive information to Facebook without asking permission, including Kayak, MyFitnessPal, Skyscanner and TripAdvisor. This typically includes analytics data that sends on launch, including your unique Android ID, but can also include data that sends later. The travel search engine Kayak, for instance, apparently sends destination and flight search data, travel dates and whether or not kids might come along.
So, you got an IoT device for the holidays
IoT devices are at once a grotesquerie for the security- and privacy-conscious, and a delicious, convenient poison. And chances are pretty good you got one as a holiday gift. You might say we're in the heyday of IoT — though a significant number of infosec professionals might be more inclined to call it the apex of the Internet of Shit. They have a point. Even just a glance at recent headlines is enough to convince anyone that the so-called smartness of these products is a bit lacking.
A federal privacy draft bill could arrive in early 2019
A federal privacy bill draft may arrive early next year, which could pave the way for a US version of the European Union's strict General Data Protection Regulation rules. Democratic Senator Richard Blumenthal is working with Republican Jerry Moran (who is chairman of the consumer protection, product safety, insurance and data security subcommittee) on a bipartisan privacy bill and expressed hope the draft will be ready soon, according to Reuters.
An early test of the GDPR: taking on data brokers
Major data brokers Acxiom and Oracle are among seven companies accused of violating GDPR laws on personal information privacy. Advocates hope the complaints will shed light on the opaque ways that personal data is traded through third parties online both in the EU and the US. The General Data Protection Regulation is a sweeping personal data privacy law that came into force in late May in the EU. For the rest of the world, it's viewed as a bellwether for whether Big Tech can be held in check when immense data leaks seem to happen with painful regularity.
Facebook referred to EU regulator over ad targeting methods
Facebook is about to face more scrutiny over its ad targeting methods. Just days after fining Facebook over the Cambridge Analytica scandal, the UK's Information Commissioner's Office has referred the social network to the Irish Data Protection Commission, the European Union's main body for investigating Facebook under GDPR rules. The ICO has "ongoing concerns" about Facebook's systems for ad targeting, such as how it tracks "browsing habits, interactions and behavior" across the internet.
Opera for Android will get rid of annoying cookie prompts
If you're frustrated at having to constantly close "we use cookies" dialog boxes on websites in the GDPR era, relief might be in sight. Opera has released an updated Android browser with an option to block cookie dialogs. Flip it on through the ad blocking settings and Opera will close as many of those intrusive prompts as it can. There's no guarantee it will work (Opera is relying on a mix of CSS and JavaScript detection), but the company said it had tested the feature with 15,000 sites and was accepting feedback on its success rate through the beta version.
Facebook fined £500k in the UK for Cambridge Analytica scandal
The UK's Information Commissioner's Office (ICO) has upheld its £500,000 ($645,000) fine for Facebook for the social network's involvement in the Cambridge Analytica scandal. ICO's investigations found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their data "without sufficiently clear and informed consent". It also found that Facebook failed to make suitable checks on the apps and developers using its platform.
Tim Cook calls for GDPR-style privacy laws in the US
Apple CEO and long-time data privacy advocate Tim Cook has made an impassioned speech calling for new digital privacy laws in the US. At a privacy conference in Brussels, Cook said that modern technology has resulted in a "data-industrial complex" where personal information is "weaponized against us with military efficiency," and in a way that doesn't just affect individuals but whole sections of society.
Apple enables data downloads for US customers
Earlier this year, Apple started allowing its customers in the EU to download copies of the data the company holds on them to comply with General Data Protection Regulation rules that came into effect in May. Now, Apple has updated its privacy website, and it is letting its customers in the US grab their data too.
Twitter faces Irish investigation over user tracking
Twitter is the latest internet giant facing scrutiny over its data transparency in Europe. Ireland's Data Protection Commission has launched an investigation into the social network after it declined to provide t.co web link tracking data to researcher Michael Veale, potentially violating the EU's allowance for requests under GDPR. The privacy expert said that Twitter rejected his request citing an exception to GDPR for demands that would involve "disproportionate effort." Veale, however, believed that Twitter was misinterpreting the law to limit the information it handed over.
Senator calls for FTC investigation into Google+ data exposure
Senator Richard Blumenthal (D-CT) said during a Congressional hearing today on consumer data privacy that he's calling for an investigation into Google's latest data exposure. During his questioning of those testifying before the committee -- which included Andrea Jelinek, chair of the European Data Protection Board, and Alastair Mactaggart, the real estate developer who introduced a consumer privacy ballot measure in California -- he called the Google+ data exposure "the elephant in the room" and emphasized the need for greater consumer privacy protections in the US.
App flaw let anyone access UK Conservative politicians' data
The UK Conservative party is learning a hard lesson about the importance of basic security measures in mobile apps. Users have discovered that you could log into the party's conference app using only an attendee's email address, providing access to all kinds of sensitive data. And when many of the conference participants are politicians who registered with their email addresses at Parliament... you can guess what happened next.
Trump administration suggests firmer controls on data privacy
The National Telecommunications and Information Administration (NTIA) has laid out the Trump administration's approach to bolstering data privacy. The agency is seeking to strike a balance between increased consumer protection and affording companies room to innovate with its proposals, which could lead to a US version of the EU General Data Protection Regulation (better known as GDPR).