Persumed hacker attack on German politicians

22. September 2016

This week, heise-online reported that after last years attack on the German Parliament, this year on the 15th and 24th August the offices of several members of Parliament as well as their employees were targeted again in a new attack.

Emails containing malware were sent to the respective politicians. The Emails were supposedly sent by Heinrich Krammer working for the NATO-Headquarter.

The German Federal Office for Information Security (BSI) stated that the attacks probably originated from Russia. The BSI believes that the attacks might be linked to the hacking of private emails from Hillary Clinton’s campaign team in the US earlier this year.

The BSI assumes that the hackers might have been looking for potentially damaging information which could be released a few weeks before elections next year in an attempt to influence the result.

 

Category: Data breach · USA
Tags: , ,

WhatsApp’s new Privacy Policy has been challenged

21. September 2016

Two Indian students have asked the Delhi High Court for a public-interest litigation against Facebook regarding the recent changes on WhatsApp’s privacy policy. The students state in their petition that the changes “compromise the security, safety and privacy of data that belongs to users”.

The students asked the Court to order the Government to issue guidelines for messaging apps so that users’ rights are not compromised by the use of such apps.

WhatsApp changed its privacy policy some weeks ago. The main changes refer to data sharing with Facebook that acquired WhatsApp in 2014. Furthermore targeted ads and direct messages from businesses will be also allowed.

India is not the only jurisdiction where this legal challenge takes place. Other jurisdictions such as the EU and the U.S. Federal Trade Commission are also examining the recent changes.

WhatsApp stated that users are given the possibility to opt-out by turning off the data sharing function and that the only shared information relates to user names and phone numbers. The company also remarks that the use of the app is voluntary.

Category: Privacy policy
Tags: ,

No liability for free Wifi providers

16. September 2016

The European Court of Justice decided that free Wifi providers are not liable for illegal downloads.

The decision is based on a case between Sony and a German shop owner. Sony sued the German shop owner due to the fact that an internet user unlawfully offered music downloads by using the shop’s free Wifi. Although the case originated in Munich, the judges referred the issue to the European Court of Justice.

The European Court of Justice then found that free Wifi is provided by companies in order to attract potential customers. Therefore, they cannot be held liable for illegal acts committed by others using this respective internet network.

Furthermore, Sony can not claim compensation or seek reimbursement for its court costs.

Nevertheless, the European Court of Justice ruled that Sony could demand internet connections to be password protected, so that a user is required to identify himself before accessing the Wifi.

 

 

Category: EU · European Court of Justice
Tags: ,

Google Chrome will label unencrypted websites

Last week Google announced that specific icons will appear on HTTP websites that transfer data without using encryption methods. This measure will be implemented beginning 2017. However, not every unencrypted website will be marked. Furthermore, the icon will appear on those websites that transmit passwords or credit card data.

Currently, unencrypted HTTP websites are marked with a neutral sign. So that users are not always able to identify unsecure websites. The new indicator will consist of a red triangle. This is the same triangle that appears on broken HTTPS.

The number of websites that have started using a secure system (HTTPS) has increased considerably.

Google encourages website administrators to start using encrypted HTTPS websites in order to ensure a better functioning of websites and provides a guide to get started.

Category: Encryption
Tags: , ,

Data breach: What are the costs?

15. September 2016

Although it is difficult to predict the exact costs of a data breach as it depend on the individual case, the new Ponemon-IBM study tries to examine the costs arising in such a case.

The results can be summed up so that

  • the average breach caused $4 million in damage or in other words
  • roughly $158 per lost record have to be paid.

Privacy Ref, Bob Siegel tried to analyze what a data breach would cost for individual organizations as a part of a project with St. Joseph’s University professor Ronald Klimberg. For this projects undergraduate data analytics students compete to create the best metric in order to predict the impact of a data breach on an organization.

Category: Data breach
Tags: ,

German Draft Act concerning the adaption of the upcoming GDPR

14. September 2016

The German Minister of Interior just released a Draft Act concerning the adaptipon of  the General Data Protection Regulation (GDPR), which will come into force in 2018.

However, netzpolitik.org published an article dealing with the critics about the respective draft, which have a crushing impact. Especially, both the Minister of Justice and the Federal Data Protection Officer released statements raising concerns. They worry that due to the Draft Act the data protection level will decrease in Germany so that in the end it will be less than before the GDPR.

Concerns about the PNR Agreement between Canada and the EU

12. September 2016

Last week, Paolo Mengozzi, Advocate General of the Court of Justice of the European Union, released his opinion on the draft agreement between Canada and the European Union concerning the transfer of passenger name record data, which is also known as the PNR Agreement, due to concerns about the compatibility with the EU Charter.

The respective Agreement allows that the data collected from passengers – including information about passenger travel habits, payment details, dietary requirements and information containing sensitive data about the passengers health, ethnic origin or religious beliefs – for the purpose of reserving flights between Canada and the EU, has to be transmitted to the respective Canadian authorities in order to prevent and detect not only terrorist threats but also other serious transnational criminal offenses.

Although the EU signed similar agreements with the U.S. and Australia having the approval of the European Parliament before, the European Parliament now decided to give the Agreement with Canada to the European Court of Justice due to concerns about the compatibility with the EU Charter as they worry about privacy and and data protection issues.

In his opinion Paolo Mengozzi stated that certain provisions of the draft were not compliant with the EU Charter such as:

  • Canada’s ability to process the collected data beyond what it is strictly necessary to the original purposes of the Agreement,
  • the processing and retention of sensitive data by Canada and
  • a lack of safeguards and oversight mechanisms for the transfer of data collected for this Agreement to other foreign authorities.

Paolo Mengozzi explained that the draft should be reviewed so that it includes:

  • a clear definition of the categories of data included within the scope of the Agreement,
  • an exclusion of sensitive data from the scope of the Agreement and
  • limiting the number of ‘targeted’ persons individuals being suspected of participating in a terrorist threat or a serious transnational crime on a reasonable level.
Category: General

No class-action suit against Facebook for selling personal information to advertisers

7. September 2016

Facebook users claimed that the social network “automatically and surreptitiously” disclosed information to advertisers in case the users clicked on ads. They accused Facebook to pass on information such as how they are using the website. This approach could be seen as “contrary to Facebook’s explicit privacy promises.”

However, Facebook just defeated these accusations of a group lawsuit as a judge ruled that the plaintiffs did not have enough in common to pursue a class-action (Facebook Privacy Litigation, 10-cv-02389, U.S. District Court, Northern District of California).

In the past, lawsuits against Facebook and other internt companies concerning data protection issues were unsuccesful due to the fact that the plaintiffs have not been able to demonstrate how disclosures to third parties harmed them. In case the lawsuits went further, the respective company has won the case at later stages so that no class-action suits have been developed.

 

 

Category: Countries · USA
Tags: ,

“What’s at stake is individual control of one’s data when they are combined by internet giants”

1. September 2016

The concern due to WhatsApp sharing user information with Facebook is rising, especially in Europe.

As the Wall Street Journal reported, European privacy regulators are investigating WhatsApp’s plan to share the information of their users with its parent company Facebook.

The Article 29 Working Party representing the 28 national data protection authorities released a statement at the beginning of this week saying that its members were following “with great vigilance” the upcoming changes to the privacy policy of WhatsApp due to the fact that the new privacy policy allows WhatsApp to share data with Facebook, whereas the privacy policy only gives existing WhatsApp users the right to opt out of part of the data sharing. Therefore, the Article 29 Working Party concluded “What’s at stake is individual control of one’s data when they are combined by internet giants”.

Furthermore,

  • the ICO also issued a statement last week raising concerns due to the “lack of control”,
  • at the beginning of this week the consumer privacy advocates in the U.S. filed a complaint with the Federal Trade Commission due to the fact that WhatsApp promised that “nothing would change” when Facebook acquired WhatsAPP two years ago and on top of that
  • the Electronic Privacy Information Center and the Center for Digital Democracy turned to the Federal Trade Commission in order to get the confirmation that the upcoming changes to the privacy policy can be seen as “marketing practices” that are “unfair and deceptive trade practices”.
Category: Article 29 WP · EU · UK · USA
Tags: , , ,

Trust in current mechanisms to carry out international data transfer decreases

According to a survey conducted recently by the International Association of Privacy Professionals (IAPP), trust in current legal mechanisms to carry out data transfers to third countries, such as Standard Contractual Clauses and the EU-U.S. Privacy Shield, has decreased.

The results of this survey reveal that 80 percent of companies relies on the Standard Contractual Clauses approved by the EU Commission to carry out international data transfers, especially to the U.S.A. However, there is currently uncertainty regarding the validity of the Standard Contractual Clauses, which may be also invalidated by the ECJ, as already occurred with the former Safe Harbor framework.

Regarding the EU-U.S. Privacy Shield, which is operative since 1st August, the survey reveals that only 42 percent of U.S. companies plan to self-certify through this new framework, compared to the 73 percent that conducted self-certification with the Safe Harbor framework. The main reason for this may be related to the uncertainty regarding its validity. The Article 29 WP stated recently that the first annual review of the Privacy Shield will be decisive.

Finally, Binding Corporate Rules (BCR) are also used by companies to carry out intra-group data transfers. However, there are several reasons why not many companies implement them. One of these reasons relates to the high costs involved with the implementation. Moreover, the implementation process can last over one year. Also, BCR can be only used for international data transfers within the group, so that other mechanisms shall be used if data transfers outside the group take place.

Pages: Prev 1 2 3 ... 25 26 27 28 29 30 31 ... 37 38 39 Next
1 26 27 28 29 30 39