Decision in Microsoft case about to be challenged

18. October 2016

As the Washington Post reported, the Justice Department asked the appeals court for the Southern District of New York to look at the decision concerning Microsoft’s refusal to comply with a search warrant for an alleged drug trafficker’s emails stored on a server in Ireland.

The case which this ruling was based on dealt with Microsoft receiving a warrant in December 2013. However, although it originally has been a case of compliance with a federal law enforcement request, now turned out to be a discussion over government access to digital data held overseas. This is due to increasing challenges to governments if they try to intercept data across borders.

Therefore, Microsoft and a number of tech firms and privacy groups reason that in case the government’s view will be applied, the outcome will be that U.S.-american businesses might lose billions of dollars in revenue.

 

Not a single EU Member State has implemented the EU PNR so far

14. October 2016

The European Passenger Name Records Directive (EU PNR) was passed earlier this year.

Although the European Commission spent tens of millions Euros on 15 national PNR schemes, not a single member state has implemented the respective Directive. There were national PNR schemes in order to help lay the groundwork for an EU-wide level proposal.

A commission spokesman commented that member states have until May 2018 to integrate the directive into their national laws.

However, Dimitris Avramopoulos, the European Commissioner for migration said that “The commission will be putting pressure on member states to implement it as soon as possible: we cannot wait for two years”.

Category: EU Commission
Tags:

According to a global survey companies are not ready for the GDPR

12. October 2016

Dell just published the results of a global survey about the GDPR perceptions and readiness. Among other findings, the main result is the lack of awareness of the requirements, the preparation and the impact:

  • More than 60 % answered that they are aware that something is going on with the GDPR. However, they said that they do not know what exactly is happening.
  • Just 4 % outside of Europe commented that they are very knowledgeable about the details of the GDPR. Nevertheless, only 6 % of those in Europe answered that they are very familiar with the requirements.
  • On top of this, less than 1 of 3 companies feel that they are prepared for the GDPR.
  • Furthermore, about 70 % said that their company is definitely not, or do not know if their company is, prepared for the GDPR today. However, only 3 % of them have a plan in order to get ready.
  • Fewer than 50 % commented that they feel confident to be ready in time when the GDPR comes into effect in 2018. Nevertheless,  just 9 % expect to be fully prepared.

 

Data breach might cost Yahoo $1billion

11. October 2016

The New York Post published that Verizon, which is about to purchase Yahoo for $4.8 billion, is now asking Yahoo for a $1 billion discount.

This is due to the fact that Yahoo announced only two weeks ago that it had been hacked two years ago and that at this time usernames and passwords for 500 million accounts were stolen. Furthermore, it was revealed that Yahoo had been ordered by a secret Foreign Intelligence Surveillance Court to investigate emails for terrorist signatures under the Foreign Intelligence Surveillance Act, but not under section 702.

According to the New York Post, a source said that AOL CEO, Tim Armstrong, “is getting cold feet” due to the “lack of disclosure” and therefore he is asking “Can we get out of this or can we reduce the price?”

 

Category: Data breach · USA
Tags: , ,

Spains DPA: Investigations due to WhatsApp sharing data with Facebook

10. October 2016

After Hamburg’s Data Protection Commissioner strongly recommended that Facebook should stop processing German data gained from WhatsApp, after the U.K. Information Commissioner, the ICO, also started to investigate the agreement betweent WhatsApp and Facebook and after Italy’s data protection authority, the Garante, has started to look into this issue, now Spain’s data protection authority, the AEPD, raises concerns.

Therefore, Spain’s data protection authority advises users to read the terms and conditions especially before accepting them. Furthermore, it offers guidance on changing the respective settings.

MasterCard: Biometric Corporate Card Program is now also available in Germany

7. October 2016

A new biometric corporate credit card programm, called Identity Check Mobile, has been released by BMO Financial Group (BMO) and MasterCard in Canada and in the U.S. at the beginning of the year.

This programm enables cardholders to verify their transactions by using facial recognition and fingerprint biometrics in case they purchase online.

Introducing this verification process will increase security when purchasing without a face-to-face interaction so that the possibility of a card being used by anyone who is not the cardholder will be reduced.

Steve Pedersen, Vice President, Head, North American Corporate Card Products, BMO Financial Group commented on the programm by saying “The use of biometric technology has become more common for consumers looking for convenient and secure ways to make purchases using their smartphones, so this was the natural next step for us as innovators in the payment security space” he continued  “Mitigating the risk of fraud is always our top priority, and the inclusion of this technology is going to make payment authentication easier, and strengthen the security of the entire payments ecosystem.”

MasterCard just published that starting from the 4th Octobre 2016 this form of payment is also available in Germany.

Centre for Information Policy Leadership just held GDPR workshop

6. October 2016

Last month, the CIPL held its second workshop in Paris as part of its two-year GDPR implementation project.

During this workshop almost 120 business delegates as well as 12 data protection authorities, four European Member State governments both the European Commission and the European Data Protection Supervisor, a non-DPA regulator and several academics and on top of all of the named above the IAPP participated in order to develop best practices and to build a bridge between authorities and economy.

This time, the workshop mainly focused both on the role of the data protection officers and on the privacy impact assessment, also called PIA.

In this context it was also announced that the Article 29 Working Party is going to release its first guidelines concerning the GDPR either before the end of the year or at the beginning of 2017. These guidelines will include advise on data portability and the role of the DPO. Furthermore, the Article 29 Working Party will also release guidance on risk, PIAs and certifications later on.

CISPE published Code of Conduct

5. October 2016

The Cloud Infrastructure Services Providers in Europe, CISPE, published a Data Protection Code of Conduct for Cloud Infrastructure Service Providers.

CISPE is a relatively new accosiation including more than 20 cloud infrastructure providers that operate within Europe.

The CISPE Code of Conduct focuses on transparency and compliance with EU data protection laws. Therefore, the CISPE Code of Conduct has been designed in such a way that it will be compliant with the GDPR coming into force in May 2018. The CISPE Code of Conduct has been built on internationally recognised state-of-the-art of security measures increasing the data security for cloud customers.

In the press release, Axelle Lemaire, French Minister for Digital Affairs and Innovation, commented that “The CISPE Code of Conduct show that the European cloud computing industry is capable to provide secure and compliant services for all personal and technical data in Europe and improve trust in digital services.”

UK Data Protection Commissioner speaks about “Brexit” and the GDPR

Last week, Elizabeth Denham, held her first speech as UK Information Commissioner (ICO). In this speech she referred, amongst others, to the effects of the Brexit with regard to the application of the GDPR.

Denham remarked that the GDPR involves the modernization of European Data Protection and the necessity of these new rules in order to ensure cross-border commerce and the protection of individuals. As the GDPR may be applicable before the UK has left the EU, she ensured that the ICO will keep on providing guidance and advice on the GDPR.

Furthermore, she stated that even after the UK has formally left the EU, flows of personal information will be still necessary, so that the level of data protection in the UK should be essentially equivalent to the one in the EU. Therefore, she encourages businesses to improve and adapt their practices to the GDPR.

Category: GDPR · UK
Tags: , ,

Apple offers hackers up to $200,000

29. September 2016

Forbes just released an article saying that Apple invited some of the best hackers to its headquarter in Cupertino.

Among them:

  • the 19-year-old teenage prodigy who was the first to jailbreak an iPhone 7, and therefore now being a world-renowned iOS hacker as well as an
  • ex-NSA employee who has repeatedly found security lacks concerning Mac OS X  Luca Todesco.

The meeting should have been secret and kept confidential, but unfortunately some details leaked. So for example that Apple plans to brief them on the launch of its bug bounty program. The hackers will be rewarded with up to $200,000 in case they can provide Apple with information on vulnerabilities about its laptops and phones. Furthermore, the mentioned program is expected to be put into effect before the end of the month due to the fact that this has been promised at the Black Hat security conference in Las Vegas last months. Nevertheless, Apple pursues an invite-only list-strategy in order to get quality over quantity.

Pages: Prev 1 2 3 ... 31 32 33 34 35 36 37 ... 44 45 46 Next
1 32 33 34 35 36 46