Privacy Transformation - Issue 99
PRIVACY
Facebook facing mounting questions over massive data leak
Three years after a scandal that saw data from nearly 90 million people illegally harvested to influence votes in elections like Donald Trump's 2016 win, Facebook finds itself in the middle of a tornado of questions around how it handles data.
This time, data on almost half a billion Facebook users was found online. But while the company insists it fixed the leak in 2019 and that the case is closed, EU data watchdogs aren't so sure.
Nearly 1.5M individuals based in Ireland are affected.
RELATED:
Facebook Leaked the Data of 533 Million Users and Didn’t Tell Anyone
533 million Facebook users' phone numbers and personal data have been leaked online
Digital Rights Ireland - Complaint to DPC in relation to Facebook Data Dump Breach
What Really Caused Facebook's 500M-User Data Leak?
Check if your data was included in this breach: https://haveibeenpwned.com/
Government consultants discussed ‘war room’ for Covid-19 response
Email outlines plan for ‘integrated insight centre’ that could seek data from State bodies.
What’s Really at Stake with Vaccine Passports
What may appear to be temporary public health-related measures could risk embedding permanent digital identity infrastructure that threatens public life.
‘Gutting Privacy Rights’ — UK Data Law Plans Draw Advocates’ Ire
The U.K. government has signaled its intention to diverge from the EU standards on data-protection and privacy law, claiming that a “less-European approach” could help drive economic growth.
Seeing stones: pandemic reveals Palantir's troubling reach in Europe
Covid has given Peter Thiel’s secretive US tech company new opportunities to operate in Europe in ways some campaigners find worrying.
SECURITY & TECH
TU Dublin's Tallaght campus investigating 'significant' ransomware attack
The University said there is no indication yet that any data has been ex-filtrated, downloaded, copied or edited.
The challenge in striking the right balance with contact tracing apps
When society begins to open up and the virus is less pervasive, a more nuanced approach towards contact tracing apps may be appropriate, but even that approach brings challenges.
Max Schrems accuses Google’s Android of illegally tracking users
Noyb says tech giant is violating EU rules by failing to get user consent for ad tool.
See Noyb statement here.
GitHub Arctic Vault likely contains leaked MedData patient records
GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years.
Signal Adds a Payments Feature With a Privacy-Focused Cryptocurrency
The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals.
Encryption Has Never Been More Essential—or Threatened
As we communicate more digitally, governments encroach more on our privacy. End-to-end encryption cannot be taken for granted.
UK NCSC Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
DPC statement re: Facebook Dataset appearing online
A dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals. A significant number of the users are EU users. Much of the data appears to been data scraped some time ago from Facebook public profiles.
Ubiquiti is accused of covering up a ‘catastrophic’ data breach
A report from KrebsOnSecurity indicates that prosumer networking company Ubiquiti misled its customers about the severity of a security breach. The company’s statement doesn't deny it.
Third-party security breach compromises data of Singapore job-matching service
Job-matching institute e2i says the personal details of 30,000 individuals may have been illegally accessed due to a malware breach that targeted an "appointed third-party vendor".
ENFORCEMENT
Italian DPA fines Fastweb €4.5 under GDPR for aggressive telemarketing
The Italian Data Protection Authority announced a fine of €4.5 million (U.S. $5.3 million) against telecommunications company Fastweb for misusing customer data for telemarketing purposes.
When it comes to data security, Processors are no longer safe
For the first time since its creation in 1978, the French Data Protection Authority fined not only a data controller, but also its data processor.
More on the latest GDPR enforcement news can be found on:
GUIDANCE
CNIL Publishes FAQ Clarifying Cookie Use
The French Data Protection Authority published a FAQ to further explain its earlier guidelines and “recommendation” on cookies and other tracking technologies.
EDPB: EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals
The EDPB and EDPS adopted a joint opinion on the Proposals for a Digital Green Certificate.
RESOURCES
Paper: Psychological Data Breach Harms
Cybersecurity law is primarily based on the premise that data breaches result exclusively in financial harms. Legal scholarship has largely been focused on financial harms to the exclusion of non-financial harms, emotional and mental, that also arise from data breaches. There is now a critical mass of research showing that consumers whose information has been compromised suffer from serious emotional and mental conditions as a result. This Article seeks to evaluate cybersecurity law in light of this reality and propose a framework to address these psychological data breach harms.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.