Category: Countries
12. October 2016
Dell just published the results of a global survey about the GDPR perceptions and readiness. Among other findings, the main result is the lack of awareness of the requirements, the preparation and the impact:
- More than 60 % answered that they are aware that something is going on with the GDPR. However, they said that they do not know what exactly is happening.
- Just 4 % outside of Europe commented that they are very knowledgeable about the details of the GDPR. Nevertheless, only 6 % of those in Europe answered that they are very familiar with the requirements.
- On top of this, less than 1 of 3 companies feel that they are prepared for the GDPR.
- Furthermore, about 70 % said that their company is definitely not, or do not know if their company is, prepared for the GDPR today. However, only 3 % of them have a plan in order to get ready.
- Fewer than 50 % commented that they feel confident to be ready in time when the GDPR comes into effect in 2018. Nevertheless, just 9 % expect to be fully prepared.
11. October 2016
The New York Post published that Verizon, which is about to purchase Yahoo for $4.8 billion, is now asking Yahoo for a $1 billion discount.
This is due to the fact that Yahoo announced only two weeks ago that it had been hacked two years ago and that at this time usernames and passwords for 500 million accounts were stolen. Furthermore, it was revealed that Yahoo had been ordered by a secret Foreign Intelligence Surveillance Court to investigate emails for terrorist signatures under the Foreign Intelligence Surveillance Act, but not under section 702.
According to the New York Post, a source said that AOL CEO, Tim Armstrong, “is getting cold feet” due to the “lack of disclosure” and therefore he is asking “Can we get out of this or can we reduce the price?”
10. October 2016
After Hamburg’s Data Protection Commissioner strongly recommended that Facebook should stop processing German data gained from WhatsApp, after the U.K. Information Commissioner, the ICO, also started to investigate the agreement betweent WhatsApp and Facebook and after Italy’s data protection authority, the Garante, has started to look into this issue, now Spain’s data protection authority, the AEPD, raises concerns.
Therefore, Spain’s data protection authority advises users to read the terms and conditions especially before accepting them. Furthermore, it offers guidance on changing the respective settings.
7. October 2016
A new biometric corporate credit card programm, called Identity Check Mobile, has been released by BMO Financial Group (BMO) and MasterCard in Canada and in the U.S. at the beginning of the year.
This programm enables cardholders to verify their transactions by using facial recognition and fingerprint biometrics in case they purchase online.
Introducing this verification process will increase security when purchasing without a face-to-face interaction so that the possibility of a card being used by anyone who is not the cardholder will be reduced.
Steve Pedersen, Vice President, Head, North American Corporate Card Products, BMO Financial Group commented on the programm by saying “The use of biometric technology has become more common for consumers looking for convenient and secure ways to make purchases using their smartphones, so this was the natural next step for us as innovators in the payment security space” he continued “Mitigating the risk of fraud is always our top priority, and the inclusion of this technology is going to make payment authentication easier, and strengthen the security of the entire payments ecosystem.”
MasterCard just published that starting from the 4th Octobre 2016 this form of payment is also available in Germany.
5. October 2016
Last week, Elizabeth Denham, held her first speech as UK Information Commissioner (ICO). In this speech she referred, amongst others, to the effects of the Brexit with regard to the application of the GDPR.
Denham remarked that the GDPR involves the modernization of European Data Protection and the necessity of these new rules in order to ensure cross-border commerce and the protection of individuals. As the GDPR may be applicable before the UK has left the EU, she ensured that the ICO will keep on providing guidance and advice on the GDPR.
Furthermore, she stated that even after the UK has formally left the EU, flows of personal information will be still necessary, so that the level of data protection in the UK should be essentially equivalent to the one in the EU. Therefore, she encourages businesses to improve and adapt their practices to the GDPR.
29. September 2016
Forbes just released an article saying that Apple invited some of the best hackers to its headquarter in Cupertino.
Among them:
- the 19-year-old teenage prodigy who was the first to jailbreak an iPhone 7, and therefore now being a world-renowned iOS hacker as well as an
- ex-NSA employee who has repeatedly found security lacks concerning Mac OS X Luca Todesco.
The meeting should have been secret and kept confidential, but unfortunately some details leaked. So for example that Apple plans to brief them on the launch of its bug bounty program. The hackers will be rewarded with up to $200,000 in case they can provide Apple with information on vulnerabilities about its laptops and phones. Furthermore, the mentioned program is expected to be put into effect before the end of the month due to the fact that this has been promised at the Black Hat security conference in Las Vegas last months. Nevertheless, Apple pursues an invite-only list-strategy in order to get quality over quantity.
22. September 2016
Recode just published an interview with Margrethe Vestager, Europeans Commissioner for Competition, talking about her impression that Europeans care more about their data than Americans.
First, she elaborates that Europe has historically been more critical towards new technology practices such as data collection. In this context, Vestager said “I am an economist, so I know that there is no such thing as a free lunch” she went on “You pay with one currency or another — either cents, or you pay with your data, or you pay with the advertisements that you accept. And I think people are becoming more and more aware of the fact that their personal data do have a value.”
Vestager underlined her point of view that Europeans care more about their data than Americans by saying “What we see in Europe is that a huge proportion of citizens find that they are not in control” she added “They distrust the companies to protect their data, and I think that is very bad, because then there is a risk of withdrawing from all the benefits of our digital economy. And in order to build up trust I think it is very important that we enforce privacy rules, that we get privacy by design in new services, so that privacy is not just an add-on, that it is very basic.”
Therefore, according to Vestager the Europeans have a greater need to protect their data than Americans.
This week, heise-online reported that after last years attack on the German Parliament, this year on the 15th and 24th August the offices of several members of Parliament as well as their employees were targeted again in a new attack.
Emails containing malware were sent to the respective politicians. The Emails were supposedly sent by Heinrich Krammer working for the NATO-Headquarter.
The German Federal Office for Information Security (BSI) stated that the attacks probably originated from Russia. The BSI believes that the attacks might be linked to the hacking of private emails from Hillary Clinton’s campaign team in the US earlier this year.
The BSI assumes that the hackers might have been looking for potentially damaging information which could be released a few weeks before elections next year in an attempt to influence the result.
7. September 2016
Facebook users claimed that the social network “automatically and surreptitiously” disclosed information to advertisers in case the users clicked on ads. They accused Facebook to pass on information such as how they are using the website. This approach could be seen as “contrary to Facebook’s explicit privacy promises.”
However, Facebook just defeated these accusations of a group lawsuit as a judge ruled that the plaintiffs did not have enough in common to pursue a class-action (Facebook Privacy Litigation, 10-cv-02389, U.S. District Court, Northern District of California).
In the past, lawsuits against Facebook and other internt companies concerning data protection issues were unsuccesful due to the fact that the plaintiffs have not been able to demonstrate how disclosures to third parties harmed them. In case the lawsuits went further, the respective company has won the case at later stages so that no class-action suits have been developed.
1. September 2016
The concern due to WhatsApp sharing user information with Facebook is rising, especially in Europe.
As the Wall Street Journal reported, European privacy regulators are investigating WhatsApp’s plan to share the information of their users with its parent company Facebook.
The Article 29 Working Party representing the 28 national data protection authorities released a statement at the beginning of this week saying that its members were following “with great vigilance” the upcoming changes to the privacy policy of WhatsApp due to the fact that the new privacy policy allows WhatsApp to share data with Facebook, whereas the privacy policy only gives existing WhatsApp users the right to opt out of part of the data sharing. Therefore, the Article 29 Working Party concluded “What’s at stake is individual control of one’s data when they are combined by internet giants”.
Furthermore,
- the ICO also issued a statement last week raising concerns due to the “lack of control”,
- at the beginning of this week the consumer privacy advocates in the U.S. filed a complaint with the Federal Trade Commission due to the fact that WhatsApp promised that “nothing would change” when Facebook acquired WhatsAPP two years ago and on top of that
- the Electronic Privacy Information Center and the Center for Digital Democracy turned to the Federal Trade Commission in order to get the confirmation that the upcoming changes to the privacy policy can be seen as “marketing practices” that are “unfair and deceptive trade practices”.
