WhatsApp will share user information with Facebook

26. August 2016

Jan Koum, one of WhatsApp’s founders, stated shortly after selling WhatsApp to Facebook in 2014 that the deal would not affect the digital privacy of his mobile messaging service with millions of users.

However, according to the New York Times WhatsApp is about to share user information with Facebook. This week, WhatsApp published a statement saying that it will start to disclose phone numbers and analytics data of its users to Facebook. By doing so, it will be the first time that WhatsApp will connect the data of its users to Facebook.

Furthermoere, due to the fact that WhatsApp begins to built a profitable business after its previous little emphasis on revenue, it is now changing its privacy policy to the extent that WhatsApp wants to allow businesses to contact customers directly through its platform.

WhatsApp commented on the new privacy policy “We want to explore ways for you to communicate with businesses that matter to you, too, while still giving you an experience without third-party banner ads and spam”.

The new privacy policy will allow Facebook to use a users’s phone number to improve other Facebook-operated services like making new Facebook friend suggestions or better-tailored advertising.

However, WhatsApp underlines that neither it nor Facebook will be able to read users’ encrypted messages and emphasizes that individual phone numbers will not be given to advertisers.

Koum explained that “Our values and our respect for your privacy continue to guide the decisions we make at WhatsApp” and went on “It’s why we’ve rolled out end-to-end encryption, which means no one can read your messages other than the people you talk to. Not us, not Facebook, nor anyone else” and concluded “Our focus is the same as it’s always been — giving you a fast, simple and reliable way to stay in touch with friends and loved ones around the world.”

WhatsApp’s new privacy policy raises concerns due to the lack of data protection. Therefore, the president of the Electronic Privacy Information Center, Marc Rotenberg commented that it is about to file a complaint next week with the Federal Trade Commission in order to prevent WhatsApp from sharing users’ data with Facebook. Rotenberg justified this approach as “Many users signed up for WhatsApp and not Facebook, precisely because WhatsApp offered, at the time, better privacy practices” he explained “If the F.T.C. does not bring an enforcement action, it means that even when users choose better privacy services, there is no guarantee their data will be protected.”

 

Request for European Commission to investigate “Pokemon Go”

25. August 2016

A Belgian Minister of European Parliament wants that the European Commission investigates the App “Pokemon Go” in order to determine whether the App is compliant with European data protection law and furthermore, to warn European citizens of the dangers caused by the App.

Therefore, the respective Minister of European Parliament, Marc Tarabella, commented that the App violates not only the General Data Protection Regulation but furthermore, that it might violate the Europeans E-Privacy Directive due to the fact that the App stores cookies and trackers on users’ smartphones. He added  “In their eyes, tracking personal data of people is clearly considered a game and a source of research or revenue” and concluded “In Europe, the protection of privacy remains a fundamental right. We have to react, warn and strongly condemn these massive scams.”

How to join the EU-U.S. Privacy Shield?

23. August 2016

In order to join the EU-U.S. Privacy Shield a company has to self-certify and therefore ensure the following requirements:

     1. The eligibility of the company has to be confirmed in order to participate in the

          EU-U.S. Privacy Shield.

     2. Development of a Privacy Policy that is compliant to the EU-U.S. Privacy Shield.

  • The Privacy Policy has to comply with the EU-U.S. Privacy Shield Principles.
  • The Privacy Policy has to refer to the Privacy Shield Compliance.
  • An accurate location for the Privacy Policy has to be provided and made sure that it is publicly available.

    3. Independent recourse mechanisms need to be identified.

  • Enforcement and Liability Principle: the company has to provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual.

   4. Verification mechanisms need to be in place.

  • The company is required to have procedures in place for verifying compliance through self-assessments or third party assessments.

     5. Implementation of a person of contact.

  • The company is required to provide a contact with regard to questions, complaints, access requests, and any other issues arising under the EU-U.S. Privacy Shield.

 

Furthermore, the company has to pay a fee depending on the annual revenue:

Company’s Annual RevenueFee
$0 to $5 million$250
Over $5 million to $25 million$650
Over $25 million to $500 million$1,000
Over $500 million to $5 billion$2,500
Over $5 billion$3,250

Thomas de Maiziere aims to introduce a facial recognition software at train stations and airports in Germany

22. August 2016

Thomas de Maiziere, Germany’s Interior Minister, aims to introduce a facial recognition software at train stations and airports in order to support the identification of terror suspects. This suggestion was prompted by two Islamist attacks in Germany last month.

Due to the fact that internet software is able to determine whether individuals shown in photographs were celebrities or politicians Thomas de Maiziere commented that “I would like to use this kind of facial recognition technology in video cameras at airports and train stations. Then, if a suspect appears and is recognized, it will show up in the system”. He went on by explaining that such a system is already being tested in terms of the identification of unattended luggage, so that the camera reports the respective luggage to an authority after a certain number of minutes.

However, although other countries are also testing a similiar technology, Germany has been sceptical and has shown caution in terms of the introduction of surveillance due to historical events such as the abuses by the Stasi secret police in East Germany and the Gestapo under the Nazis.

 

 

ICO fined Hampshire County Council with 100,000 GBP

19. August 2016

The ICO fined Hampshire County Council with 100,000 GBP due to a data breach.

The fine was the result of missing measures protecting personal information against unauthorized access: Documents containing personal information of more than 100 data subjects were stored in an abandoned building. Furthermore, 45 bags of confidential waste were also found.

Hampshire County Council released a statement saying that “We are very sorry that this incident occurred. Hampshire County Council takes the management and protection of its data very seriously. Accordingly, appropriate procedures were in place at the time, but unfortunately, on this occasion, the process was not fully adhered to. However, at no time was any information disclosed outside of the site”.

Furthermore the statemet points out that “Immediate steps were taken to investigate the matter fully, and remedial action was taken. This has included strengthened and improved processes in the removal of, and destruction of, confidential waste from vacated buildings.”

The statement highlights that Hampshire County Council reported the incident to the ICO as soon as they became aware of it and that they have cooperated fully at all stages of the ICO’s investigation.

Category: Countries · Data breach · UK
Tags:

Draft of the E-Privacy Directive to be released in September

18. August 2016

The Guardian just reported that the European Commission is about to release an update of the draft of the E-Privacy Directive in September.

This draft will probably inlcude that Apps like Skype and WhatsApp be treated the same in terms of the privacy regulations as SMS text messages and both mobile and landline calls. According to Jan Philipp Albrecht, Green MEP, this is due to the fact that “It was obvious that there needs to be an adjustment to the reality of today” he went on that “We see telecoms providers being replaced and those companies who seek to replace them need to be treated in the same way.” Furthermore, he mentioned that a focus of the new law lies in upholding strong encryption.

However, there are critics raising concerns as the law might decrease economic innovation and that it is “well-nigh impossible” to fit older legislation in newer technology.

 

EU-U.S. Privacy Shield – What does it mean in practice?

17. August 2016

Concerning U.S.-American Companies:

  • Annual self-certification that they meet the requirements
  • Displaying the privacy policy on their website
  • Replying in a reasonable period of time to any complaints
  • In case human resources data is processed: cooperation and compliance with European Data Protection Authorities

Concerning European Individuals:

  • More transparency about the transfer of personal data to the U.S. and an increase of the protection level of this data.
  • Cheaper and easier redress possibilities in case of complaints: either directly towards the company or with the support of the respective Data Protection Authority.

 

List of approved companies under the EU-U.S. Privacy Shield was released

16. August 2016

list was released last week containig about 40 companies that have been approved under the EU-U.S. Privacy Shield.

A spokesman of the Department of Commerce commented that this list would be updated continuously. He went on by saying that “There are nearly 200 applications currently involved in our rigorous review process.”

Nevertheless, the Wall Street Journal just released an article mentioning that due to the lack of legal uncertainty of the EU-U.S. Privacy Shield, companies demonstrate restraint in joining the agreement.

However, “we don’t expect a stampede to join it in the next few days, but rather a steadily growing wave over the long run, especially if European companies begin to favor Privacy Shield membership in competitive bids” concluded Jay Cline working with PwC.

AIG: first insurer offers standalone primary coverage caused by cyber attacks

15. August 2016

One of the biggest US-American insurance companies namely the American International Group just declared that it will be the first insurer to offer standalone primary coverage for property damage, bodily injury, business interruption and product liability caused by cyber attacks.

Due to the fact that “Cyber is a peril [that] can no longer be considered a risk covered by traditional network security insurance product[s]” AIG released the new product CyberEdge Plus.

AIG commented on the new product as followed:

“CyberEdge can provide companies with protection against the following:

  • Third-party claims arising from a failure of the insured’s network security or a failure to protect data. Insurance also responds to regulatory actions in connection with a security failure, privacy breach, or the failure to disclose a security failure or privacy breach.
  • Direct first-party costs of responding to a security failure or privacy breach by paying costs of notifications, public relations, and other services to assist in managing and mitigating a cyber incident. Forensic investigations, legal consultations, and identity monitoring costs for victims of a breach are all covered.
  • Business interruption caused by a network security failure by reimbursing for resulting lost income and operating expenses.
  • Threats made against a company’s computer network and confidential information by an outsider attempting to extort money, securities, or other valuables. Coverage includes monies paid to end the threat and the cost of an investigation to determine the cause of the threat.
  • Liability faced by companies for content distributed on their website. Coverage is provided for numerous media perils including copyright infringement, trademark infringement, defamation, and invasion of privacy.”

Furthermore, the coverage has a limit of up to $100 million.

 

Category: General

Pokemon Go: Guidelines to be released by the Irish Data Protection Commisioner

12. August 2016

Due to the fact that the smartphone App called Pokemon Go inserts the animated creatures into real-life surroundings by using real-time GPS data and phone cameras the concern about the safety and privacy implications of location-based games and apps was raised.

  • In the US armed criminals using Pokemon Go lured teenage victims to an isolated place where they were robbed last month.
  • Iran became the first country to ban the game because of unspecified “security concerns” last week.
  • Also, the contract customers must agree to before using the game has been questioned by consumer watchdogs across Europe due to the fact that Pokemon Go’s terms of service abandon a player’s rights to courtroom representation as a plaintiff or class action member unless the player opts out within a month of the download.

A spokesman for Ireland’s Data Protection Commissioner commented that in regard to Pokemon Go “It was not aware of any specific data protection issues arising at this stage”. He continued by saing “However, like any smartphone app that seeks permissions in respect of users’ personal data, such as location data or for advertising or personalising services, there are privacy implications and users should make themselves aware of the terms to which they are agreeing in downloading and installing the app”.

The spokesman concluded that “In respect of location data, this office will be publishing detailed guidance early next week to assist individuals in understanding how organisations collect and process information relating to their location and their rights to the protection of their personal data.”

Pages: Prev 1 2 3 ... 23 24 25 26 27 28 29 30 31 32 33 Next
1 22 23 24 25 26 33