Category: USA

LinkedIn processed 18 million non-user email addresses to target Facebook advertisings

28. November 2018

The business and employment-oriented service LinkedIn processed the email addresses of 18 million non-members and targeted them with advertising on Facebook without permission.

A non-LinkedIn user issued a complaint to the Data Protection Commission that their email address had been obtained and used by the organisation for the purposes of targeted advertising on Facebook. Within Ireland’s Data Protection Commission the concerns grew regarding LinkedIn’s processing of personal data of non-users. Therefore, the office conducted an audit of the multinational LinkedIn Ireland, home to the company’s EU headquarters, and stated that it used million of e-mail addresses of non-users.

Also involved is LinkedIn Corp in the US, which processes data on behalf of LinkedIn Ireland. They targeted – by means of 18 million addresses – the individuals in Facebook. According to the commissioner’s annual report LinkedIn in the US carried out the processing in the absence of instructions from LinkedIn in Ireland (the controller). Said annual report covers the period from January 1st to May 24th 2018. Then the old office of the Data Protection Commissioner ceased to exist due to the General Data Protection Regulation. The new Data Protection Commission came into existence on May 25th 2018.

Apple, Google and Co. endorse a more GDPR-like U.S. federal privacy law

6. November 2018

At the 4oth International Conference of Data Protection and Privacy Commissioners (ICDPPC) Apple CEO Tim Cook and other prominent representatives of leading tech companies, all expressed their endorsement of a more GDPR-like privacy legislation around the globe and particularly the US. The ICDPPC takes place in Brussels once a year and apart from independent data protection authorities as accredited members, the attendees include representatives of states without independent data protection supervisory bodies, international organisations, non-governmental organisations as well as representatives from science and industry.

On this platform, Cook strongly supported the idea of introducing similar data protection standards to those of the GDPR in the US and encouraged his fellow tech companies to do so as well. The Apple CEO warned of a danger of a “data industrial complex”, where information about individuals is being weaponized against humanity “with military efficiency”. Cook pointed out that scraps of personal data are “carefully assembled, synthesized, traded and sold” creating an “enduring digital profile which lets companies know individuals better than they may know themselves”, since businesses would use these information to make billions and billions of dollars. As this would end up in surveillance while those stockpiles of data only serve to enrich companies, he ensures Apple’s “full support of a comprehensive federal privacy law in the United States”.

Without mentioning them, the Apple CEO refers in particular to the data giants Google and Facebook by emphasizing their responsibility of creating adequate data protection standards. Both of them have been in the focus of a global discussion on whether they provide their users with adequate privacy settings. However, Facebook’s CPO Erin Egan replied, unequivocally, “yes”, when she was asked whether she would support a GDPR-like data protection law in the U.S. as well as Google General Counsel Kent Walker said, “we’ve been on record for some time calling for comprehensive privacy legislation in the past years” when he was asked about Google’s position on a U.S. federal privacy bill. Walker also pointed to Google’s recent release of principles it supports as part of a federal bill.

Last but not least, Microsoft Corporate Vice President and Deputy General Counsel Julie Brill eventually stated that Microsoft has extended many of the GDPR’s protection measures to their entire customer base and has been a supporter of a U.S. federal privacy bill since 2005. In particular, Brill endorsed a “strong, robust, and horizontally effective baseline privacy legislation.” She further ensured that at Microsoft people are using their voice as strongly as they could to encourage that to take place.

Bearing in mind the data scandals around – in particular – Google and Facebook, and the rather low data protection standards in the U.S., it seems that at least four representatives of the top seven tech companies in the world endorse a new U.S. federal privacy bill and will encourage in supporting an adequate privacy standard around the globe. Regarding the actual stance of the Trump administration, FTC Commissioner and recent Trump appointee Noah Phillips, gave an indication about how this subject will be treated. According to his personal opinion, such a regulation should be done “only if necessary and then very carefully.” Being asked whether the U.S. has the right laws in place to regulate technology appropriately, or whether there were any gaps, he replied, “that is a big question we are debating right now in the United States.”

Yahoo agreed to pay US$ 85 million after data breaches in 2013 and 2014

24. October 2018

As part of a court settlement filed Monday, Yahoo agreed to pay $50 million in damages and to provide two-years of free credit monitoring for services to 200 million people.

Around 3 billion Yahoo accounts were hacked in 2013 and 2014 but the company, which is now owned by Verizon, did not disclose the breach until 2016. Affected are U.S. and Israel residents and small businesses with Yahoo accounts at any time from January 1, 2012 to December 31, 2016. Apart from usernames and email addresses, millions of birthdates and security questions and answers were stolen. Not among the stolen information were passwords, credit card numbers and bank account information.

According to the settlement, the fund will compensate accountholders who paid for email services, who had out-of-pocket losses or who already have credit monitoring services. A refund of $25 per hour will be made for the time spent handling issues caused by the breach. Those with documented losses can ask for up to 15 hours of lost time ($375) whereas those who cannot document losses can ask for up to 5 hours ($125).

A hearing to approve the preliminary settlement is scheduled for November 29.

Facebook may face up to $1.63 Billion Fine in Europe after Data Breach

2. October 2018

Ireland’s Data Protection Commission, the company’s lead privacy regulator in the EU, could fine Facebook Inc. up to $1.63 billion for a data breach disclosed Friday, reports the Wall Street Journal. Hackers compromised the accounts of at least 50 million users, bypassing security measures and possibly giving them full control of both profiles and linked apps.

The Commission is now requesting more information on the scale and nature of the data breach in order to find out which EU residents could be affected. Facebook announced that it would respond to follow-up questions. The incident results in the latest legal threat Facebook is facing from U.S. and European officials over its handling of user data and is a severe setback to their efforts to regain trust after a series of privacy and security breaches.

The way in which this data breach is handled by data protection authorities could mark one of the first important tests under the GDPR, which came into force in May earlier this year. The handling could provide conclusions regarding the application of breach-notifications and data-security provisions by companies in the future.
The law requires companies to notify data protection authorities of breaches within 72 hours, under threat of a maximum fine of 2% of worldwide revenue. Furthermore, under the GDPR companies that fail to safeguard their users’ data risk a maximum fine of €20 million ($23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher. Taking the larger calculation as a basis Facebook’s maximum fine would be $1.63 billion.

Record fine for Uber

28. September 2018

Due to an initially concealed data breach in 2016, the U.S. company Uber has to pay a fine of €126 million, as the Attorney General Barbara Underwood announced in a statement.

On November 21, 2017, Uber announced that a hacker attack would take place in 2016, in which the hackers would capture approximately 50 million customer data as well as seven million data from Uber drivers. The company paid the hackers blackmail money instead of reporting the data breach (we reported).

Now a settlement was reached between Uber and the relevant US authorities. The settlement includes the highest fine ever imposed, $148 million (€126 million), flanked by further obligations to improve data security.

Category: Data breach · USA
Tags: ,

Facebook sues BlackBerry for patent infringement, claiming it stole Voice-Messaging Tech

5. September 2018

On Tuesday, September 5th, Facebook Inc. filed a lawsuit against BlackBerry Ltd., accusing the ladder of patent infringement, the news agency Bloomberg reports.

The complaint of the social media company contains the allegations that BlackBerry has been stealing its voice messaging technology. Furthermore, the accusation includes technology that improves how a mobile device delivers graphics, video and audio and another that centralizes tracking and analysis of GPS data.

According to Facebook a total of six patents are targeted, for which the company intends to claim unspecified damages in San Francisco federal court.

The lawsuit, in turn, follows BlackBerrys’ lawsuit in march, accusing the company of infringement on its mobile messaging tech for its own messenger, as well as its Instagram photo sharing app and WhatsApp messaging service.

Category: General · Instagram · USA
Tags: ,

The ICO intends to fine Facebook a maximum of £500.000

12. July 2018

The British Information Commissioner’s Office (ICO) intends to fine Facebook a maximum of £500,000 after investigating the Facebook/Cambridge Analytica case. Back then, the Investigation started because of allegations that information of about 50 million Facebook users were obtained by Cambridge Analytica without the data subject’s consents by the use of a personality-analysis app. Present estimate suggest that about 87 million users were affected, as the ICO reports.

As stated by the ICO, it intends to fine Facebook for two breaches of the Data Protection Act 1998. It is further said, that Facebook should have contravened the law by failing to safeguard people’s information and failing to be transparent regarding the harvesting of people’s data by others. Facebook, however, will have the possibility to respond to the Notice of Intent. Afterwards a final decision will be made.

Unlike the much higher fees (up to €20 million or 4% of their global annual turnover, whichever is higher) that might be imposed under the General Data Protection Regulation (GDPR), depending on the individual case, £ 500.000 is the maximum possible under the British Data Protection Act 1998. The reason that the Data Protection Act 1998 and not the General Data Protection Regulation was applicable is the time of the events, since they happened before the 25th May 2018, which was the time the General Data Protection Regulation became directly applicable in all member states.

Category: EU · USA
Tags: ,

The US Senate votes in favor of restoring Net Neutrality rules

17. May 2018

On June 11, anti-net-neutrality is set to take effect in the USA. In a resolution, the Senate has now declared itself in favour of its preservation. The U.S. Senate on Wednesday voted narrowly (52 to 47) to reverse the Federal Communications Commission (FCC) decision in December 2017 to repeal net neutrality rules. Three Republicans voted with all 47 Democrats and two Democratic-leaning senators to back the measure.

The FCC resolution is under the rarely used Congressional Review Act. It is a law that allows Congress, with a simple-majority vote in both houses, to repeal new regulations by federal agencies within 60 legislative days of implementation. Despite the Senate’s passing of the resolution, the measure is unlikely to be approved by the House of Representatives because at least two dozen Republicans must vote against the party line.

Net neutrality is the concept that internet service providers (or governments) treat all data on the internet the same regardless of content, user, platform, application or device. Network neutrality prevents all internet service providers from slowing down connections for people attempting to access certain sites, apps and services, and blocking legal content.

Category: General · USA
Tags:

United States vs. Microsoft II

4. April 2018

In the USA, the “Cloud Act” (Clarifying Lawful Overseas Use of Data Act) came into force a few days ago with the signature of President Trump.

The Cloud Act stipulates that US investigators should have access to personal data located on servers outside the USA. To this end, bilateral agreements may be concluded authorizing investigators to contact the cloud provider directly.

As part of this, the US Department of Justice filed an application with the US Supreme Court to declare United States of America vs. Microsoft Corporation (New York Search Warrant Case) closed. The case dates from 2013 and has been highly controversial ever since.

The question is whether Microsoft must disclose personal data stored outside the US, here on servers in Ireland, to US authorities. The basis for this was a search warrant issued by a federal district court in New York, which was intended to oblige Microsoft to hand the data over. Microsoft complained about this. A ruling was actually expected in June of this year, but now the matter could be filed before a decision is taken.

Noel J. Francisco, the US government’s chief litigant, filed a petition with the Supreme Court, citing the Cloud Act, arguing that the Microsoft-US dispute is over and no longer needs to be heard. A new search warrant based on the Cloud Act has already been sent to Microsoft.

United States vs. Microsoft

28. February 2018

The United States Supreme Court (SCOTUS) heared yesterday the arguments in the case United States vs. Microsoft.

The dispute betwenn the US government and Microsoft has spanned several years, since 2013, and has major implications for the privacy profession.

Issue is, that the U.S. can compel Microsoft to turn over data stored on a server outside the United States. Basis of the the obligation is a warrant issued by a US court under the Stored Communications Act. Microsoft should turn over emails of a customer stored on Microsoft servers, both in the US and in Ireland. Microsoft handed out the data stored in the US, but reject to turn over the data stored in Ireland. Basis for the rejection is, according to the position of Microsoft, that a Irish court is responsible and not a US court, due to the Stored Communications Act cannot reach outside of the territorial jurisdiction of the US. The US position, adopted by the magistrate judge and district court is, that because Microsoft is a US company, and fully capable of accessing the information described in the warrant, the warrant is a valid exercise of wholly domestic power.

A judgement could be made in June.

Pages: 1 2 3 4 5 6 7 8 9 Next
1 2 3 9