Dropbox: new server location in Germany

27. September 2016

Heise online released an article last week talking about a new possibility for Dropbox users, namely to select a German server location.

As already announced, EU citizens are now able to save their data on a server located in Germany. However, this new storage possibility is only available for business use so far. The requirement is that more than 250 employees use Dropbox. Therefore, the new server location is not applicable for private use.

However, Dropbox did not build the new server location on its own. In fact, the infrastucture is provided by Amazon though AWS.

 

How to be prepared for the GPDR in 13 Steps

26. September 2016

Last week, the Belgian Data Protection Authority “Privacy Commission”, published Guidelines containing 13 Steps that will help organizations in order to prepare for the EU General Data Protection Regulation. The Guidelines were published in French and in Dutch.

The Belgian Data Protection Authority recommended to follow the steps shown below in order to be compliant with the GDPR:

  • Awareness: Instruct the relevant persons about the upcoming changes.
  • Internal Records: Document the stored data, where it came from and to whom it is transfered.
  • Privacy Notice: Review and update the Privacy Notice.
  • Individuals’ Rights: Check existing procedures in order to comply with individuals’ rights.
  • Access Requests: Review current procedures about access requests. Consider how these requests will be handled in accordance with the new GDPR time limits.
  • Legal Basis: Document all data processing procedures. Demonstrate the respective legal basis for each data processing procedure.
  • Consent: Review how consent is collected and recorded.
  • Children’s Personal Data: Plan procedures in order to verify the ages of individuals. Determine how to gather parental or legal guardian consent for processing procedures that involve children’s data.
  • Data Breach: Guarantee that procedures are implemented on how to handle data breaches.
  • Data Protection by Design and Data Protection Impact Assessments: Check these concepts. Consider how to implement them.
  • Data Protection Officer: Appoint and review the Data Protection Officer.
  • International: Check which Data Protection Authority will be responsible for you.
  • Existing Contracts: Review the current contracts.

Do Europeans care more about their data than Americans?

22. September 2016

Recode just published an interview with Margrethe Vestager, Europeans Commissioner for Competition, talking about her impression that Europeans care more about their data than Americans.

First, she elaborates that Europe has historically been more critical towards new technology practices such as data collection. In this context, Vestager said “I am an economist, so I know that there is no such thing as a free lunch” she went on “You pay with one currency or another — either cents, or you pay with your data, or you pay with the advertisements that you accept. And I think people are becoming more and more aware of the fact that their personal data do have a value.”

Vestager underlined her point of view that Europeans care more about their data than Americans by saying “What we see in Europe is that a huge proportion of citizens find that they are not in control” she added “They distrust the companies to protect their data, and I think that is very bad, because then there is a risk of withdrawing from all the benefits of our digital economy. And in order to build up trust I think it is very important that we enforce privacy rules, that we get privacy by design in new services, so that privacy is not just an add-on, that it is very basic.”

Therefore, according to Vestager the Europeans have a greater need to protect their data than Americans.

Persumed hacker attack on German politicians

This week, heise-online reported that after last years attack on the German Parliament, this year on the 15th and 24th August the offices of several members of Parliament as well as their employees were targeted again in a new attack.

Emails containing malware were sent to the respective politicians. The Emails were supposedly sent by Heinrich Krammer working for the NATO-Headquarter.

The German Federal Office for Information Security (BSI) stated that the attacks probably originated from Russia. The BSI believes that the attacks might be linked to the hacking of private emails from Hillary Clinton’s campaign team in the US earlier this year.

The BSI assumes that the hackers might have been looking for potentially damaging information which could be released a few weeks before elections next year in an attempt to influence the result.

 

Category: Data Breach · USA
Tags: , ,

WhatsApp’s new Privacy Policy has been challenged

21. September 2016

Two Indian students have asked the Delhi High Court for a public-interest litigation against Facebook regarding the recent changes on WhatsApp’s privacy policy. The students state in their petition that the changes “compromise the security, safety and privacy of data that belongs to users”.

The students asked the Court to order the Government to issue guidelines for messaging apps so that users’ rights are not compromised by the use of such apps.

WhatsApp changed its privacy policy some weeks ago. The main changes refer to data sharing with Facebook that acquired WhatsApp in 2014. Furthermore targeted ads and direct messages from businesses will be also allowed.

India is not the only jurisdiction where this legal challenge takes place. Other jurisdictions such as the EU and the U.S. Federal Trade Commission are also examining the recent changes.

WhatsApp stated that users are given the possibility to opt-out by turning off the data sharing function and that the only shared information relates to user names and phone numbers. The company also remarks that the use of the app is voluntary.

Category: Privacy policy
Tags: ,

No liability for free Wifi providers

16. September 2016

The European Court of Justice decided that free Wifi providers are not liable for illegal downloads.

The decision is based on a case between Sony and a German shop owner. Sony sued the German shop owner due to the fact that an internet user unlawfully offered music downloads by using the shop’s free Wifi. Although the case originated in Munich, the judges referred the issue to the European Court of Justice.

The European Court of Justice then found that free Wifi is provided by companies in order to attract potential customers. Therefore, they cannot be held liable for illegal acts committed by others using this respective internet network.

Furthermore, Sony can not claim compensation or seek reimbursement for its court costs.

Nevertheless, the European Court of Justice ruled that Sony could demand internet connections to be password protected, so that a user is required to identify himself before accessing the Wifi.

 

 

Category: EU · European Court of Justice
Tags: ,

Google Chrome will label unencrypted websites

Last week Google announced that specific icons will appear on HTTP websites that transfer data without using encryption methods. This measure will be implemented beginning 2017. However, not every unencrypted website will be marked. Furthermore, the icon will appear on those websites that transmit passwords or credit card data.

Currently, unencrypted HTTP websites are marked with a neutral sign. So that users are not always able to identify unsecure websites. The new indicator will consist of a red triangle. This is the same triangle that appears on broken HTTPS.

The number of websites that have started using a secure system (HTTPS) has increased considerably.

Google encourages website administrators to start using encrypted HTTPS websites in order to ensure a better functioning of websites and provides a guide to get started.

Category: Encryption
Tags: , ,

Data breach: What are the costs?

15. September 2016

Although it is difficult to predict the exact costs of a data breach as it depend on the individual case, the new Ponemon-IBM study tries to examine the costs arising in such a case.

The results can be summed up so that

  • the average breach caused $4 million in damage or in other words
  • roughly $158 per lost record have to be paid.

Privacy Ref, Bob Siegel tried to analyze what a data breach would cost for individual organizations as a part of a project with St. Joseph’s University professor Ronald Klimberg. For this projects undergraduate data analytics students compete to create the best metric in order to predict the impact of a data breach on an organization.

Category: Data Breach
Tags: ,

German Draft Act concerning the adaption of the upcoming GDPR

14. September 2016

The German Minister of Interior just released a Draft Act concerning the adaptipon of  the General Data Protection Regulation (GDPR), which will come into force in 2018.

However, netzpolitik.org published an article dealing with the critics about the respective draft, which have a crushing impact. Especially, both the Minister of Justice and the Federal Data Protection Officer released statements raising concerns. They worry that due to the Draft Act the data protection level will decrease in Germany so that in the end it will be less than before the GDPR.

Concerns about the PNR Agreement between Canada and the EU

12. September 2016

Last week, Paolo Mengozzi, Advocate General of the Court of Justice of the European Union, released his opinion on the draft agreement between Canada and the European Union concerning the transfer of passenger name record data, which is also known as the PNR Agreement, due to concerns about the compatibility with the EU Charter.

The respective Agreement allows that the data collected from passengers – including information about passenger travel habits, payment details, dietary requirements and information containing sensitive data about the passengers health, ethnic origin or religious beliefs – for the purpose of reserving flights between Canada and the EU, has to be transmitted to the respective Canadian authorities in order to prevent and detect not only terrorist threats but also other serious transnational criminal offenses.

Although the EU signed similar agreements with the U.S. and Australia having the approval of the European Parliament before, the European Parliament now decided to give the Agreement with Canada to the European Court of Justice due to concerns about the compatibility with the EU Charter as they worry about privacy and and data protection issues.

In his opinion Paolo Mengozzi stated that certain provisions of the draft were not compliant with the EU Charter such as:

  • Canada’s ability to process the collected data beyond what it is strictly necessary to the original purposes of the Agreement,
  • the processing and retention of sensitive data by Canada and
  • a lack of safeguards and oversight mechanisms for the transfer of data collected for this Agreement to other foreign authorities.

Paolo Mengozzi explained that the draft should be reviewed so that it includes:

  • a clear definition of the categories of data included within the scope of the Agreement,
  • an exclusion of sensitive data from the scope of the Agreement and
  • limiting the number of ‘targeted’ persons individuals being suspected of participating in a terrorist threat or a serious transnational crime on a reasonable level.
Category: General
Pages: Prev 1 2 3 ... 55 56 57 58 59 60 61 ... 67 68 69 Next
1 56 57 58 59 60 69