Tag: Facebook

Facebook: private messages from more than 81.000 people for sale

5. November 2018

According to a BBC report, more than 81.000 Facebook profiles were hacked. Private messages and other information was offered for 10 cents per account.

The BBC had the allegations checked by the IT security company Digital Shadows, who confirmed that over 81.000 of the profiles posted online contained private messenger messages. Furthermore, data from more than 176.000 accounts, including e-mail addresses and telephone numbers were available. This information did not necessarily have to come from a hack, as some of it was also open on public Facebook profiles

The BBC Russian Service also emailed the address that offered the data. The respondent – someone called “John Smith”- wrote that the offered data was neither from profiles involved in the Cambridge Analytica scandal nor of the recent security breach revealed in September. He said that his hacker group could offer data from 20 million users, of whom 2.7 million were Russians. But Digital Shadows doubts this because Facebook should have noticed such a big leak.

Facebook reported that its security has not been compromised. The data might be obtained through malicious browser extensions. According to Facebook executive Guy Rosen, they “have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores”.

 

Facebook sues BlackBerry for patent infringement, claiming it stole Voice-Messaging Tech

5. September 2018

On Tuesday, September 5th, Facebook Inc. filed a lawsuit against BlackBerry Ltd., accusing the ladder of patent infringement, the news agency Bloomberg reports.

The complaint of the social media company contains the allegations that BlackBerry has been stealing its voice messaging technology. Furthermore, the accusation includes technology that improves how a mobile device delivers graphics, video and audio and another that centralizes tracking and analysis of GPS data.

According to Facebook a total of six patents are targeted, for which the company intends to claim unspecified damages in San Francisco federal court.

The lawsuit, in turn, follows BlackBerrys’ lawsuit in march, accusing the company of infringement on its mobile messaging tech for its own messenger, as well as its Instagram photo sharing app and WhatsApp messaging service.

Category: General · Instagram · USA
Tags: ,

EU Commission: Using Personal Data In Political Campaigns

29. August 2018

Following the Facebook-Cambridge Analytica case, the EU Commission intends to prohibit the misuse of Collection data of voters in order to influence elections. As the Irish Times reports, the EU Commission is drafting an amendment to existing party funding rules prohibiting parties profiting from data collections of the kind as alleged against Cambridge Analytica.

Cambridge Analytica has been accused of obtaining information of millions Facebook users without the data subjects’ consent by using a personality-analysis app during Donald Trump’s presidential campaign.

It is expected that sanctions will have the extent of approximately 5 percent of the annual budget of a political party. An official said “it is meant to ensure that something like Cambridge Analytica can never happen in the EU”.

Considering the upcoming election of the European Parliament in May 2019, various measures are to be recommended or imposed by the EU Commission that shall be followed by the member states in order to prevent misuse of voters’ personal data or the online manipulation of voters. While it is intended to recommend the governments to watch over and clamp down on groups sending personalized political messages to users of social media without their consent, the member states shall also be stricter about the transparency requirements of political advertisement on national level by amending national law.

Last month, Vera Jourova, EU justice commissioner, said: “voters and citizens should always understand – when something is an online campaign – who runs the campaign, who pays for it and what they want to achieve.”

However, she also made clear that the EU will respect free expression and that the EU is not going to regulate online activities of political parties. “The internet is a zone for free expression. Everybody can be a journalist or an influencer, and these are the things that we don’t want to touch”, she stated.

The ICO intends to fine Facebook a maximum of £500.000

12. July 2018

The British Information Commissioner’s Office (ICO) intends to fine Facebook a maximum of £500,000 after investigating the Facebook/Cambridge Analytica case. Back then, the Investigation started because of allegations that information of about 50 million Facebook users were obtained by Cambridge Analytica without the data subject’s consents by the use of a personality-analysis app. Present estimate suggest that about 87 million users were affected, as the ICO reports.

As stated by the ICO, it intends to fine Facebook for two breaches of the Data Protection Act 1998. It is further said, that Facebook should have contravened the law by failing to safeguard people’s information and failing to be transparent regarding the harvesting of people’s data by others. Facebook, however, will have the possibility to respond to the Notice of Intent. Afterwards a final decision will be made.

Unlike the much higher fees (up to €20 million or 4% of their global annual turnover, whichever is higher) that might be imposed under the General Data Protection Regulation (GDPR), depending on the individual case, £ 500.000 is the maximum possible under the British Data Protection Act 1998. The reason that the Data Protection Act 1998 and not the General Data Protection Regulation was applicable is the time of the events, since they happened before the 25th May 2018, which was the time the General Data Protection Regulation became directly applicable in all member states.

Category: EU · USA
Tags: ,

Facebook: EU Data may not have been shared with Cambridge Analytica

27. June 2018

As Bloomberg reports, Facebook said that evidence suggests that EU data may not be shared with Cambridge Analytica at all. Stephen Satterfield, a director on Facebook’s Privacy and Public Policy team told European Union lawmakers in a hearing: “The best information we have suggests that no European user data was shared by Dr. [Aleksandr] Kogan with Cambridge Analytica”. Aleksandr Kogan was the researcher who developed the app that allowed Cambridge Analytica to receive data from millions of Facebook users, which were later sold to the consulting firm working on the Donald Trump U.S. presidential campaign.

Facebook clarifies that they cannot be 100 per cent certain about this matter and that they will have to await the results of their own internal investigations, following the conclusion of the investigations of the U.K. Information Commissioner’s Office (ICO) that are being undertaken at the moment. In March this year, the offices of Cambridge Analytica were investigated by the ICO amid the allegations information of Facebook’s user data was obtained without the data subject’s consents.

Richard Allen, Facebook’s vice president of policy solutions, explaining the evidences that led Facebook to the conclusion that European data may not be shared with Cambridge Analytica, said that Kogan’s contract with Cambridge Analytica instructed Kogan to collect data from Americans to be used in the political campaigns. Allan further said, that Kogan may still have collected European data, while most of the people who installed the app were Americans.

“But the data he delivered to Cambridge Analytica were the Americans’ data because that’s all they wanted,” Allan stated.

However, Facebook previously had announced that about 2.7 million Europeans may have had their data shared with Cambridge Analytica. Ursula Pachl, deputy director-general of European consumer group BEUC said: “I have to say I was a bit surprised by the statements,” by further adding, “this is a contradiction, I don’t know how it can be explained.”

French Data Protection Commission threatens WhatsApp with sanctions

21. December 2017

The French National Data Protection Commission (CNIL) has found violations of the French Data Protection Act in the course of an investigation conducted in order to verify compliance of WhatsApps data Transfer to Facebook with legal requirements.

In 2016, WhatsApp had announced to transfer data to Facebook for the purpose of targeted advertising, security and business intelligence (technology-driven process for analyzing data and presenting actionable information to help executives, managers and other corporate end users make informed business decisions).

Immediately after the announcement, the Working Party 29 (an independent European advisory body on data protection and privacy, set up under Article 29 of Directive 95/46/EC; hereinafter referred to as „WP29“) asked the company to stop the data transfer for targeted advertising as French law doesn’t provide an adequate legal basis.

„While the security purpose seems to be essential to the efficient functioning of the application, it is not the case for the “business intelligence” purpose which aims at improving performances and optimizing the use of the application through the analysis of its users’ behavior.“

In the wake of the request, WhatsApp had assured the CNIL that it does not process the data of French users for such purposes.

However, the CNIL currently not only came to the result that the users’ consent was not validly collected as it lacked two essential aspects of data protection law: specific function and free choice. But it also denies a legitimate interest when it comes to preserving fundamental rights of users based on the fact that the application cannot be used if the data subjects refuse to allow the processing.

WhatsApp has been asked to provide a sample of the French users’ data transferred to Facebook, but refused to do so because being located in die United States, „it considers that it is only subject to the legislation of this country.“

The inspecting CNIL thus has issued a formal notice to WhatsApp and again requested to comply with the requirements within one month and states:

„Should WhatsApp fail to comply with the formal notice within the specified timescale, the Chair may appoint an internal investigator, who may draw up a report proposing that the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act issue a sanction against the company.“

 

Spain imposes fine against Facebook

13. September 2017

The Spanish Data Protection Authority imposes a fine of €1,2m against Facebook. The social media network collects Personal Data of the users without a permission for this.

The responsible Data Protection Authority considers that Facebook collects personal information like gender, religious attitudes, personal preferences and personal beliefs without informing the persons concerned about the concrete use of this data.

The Data Protection Authority criticizes the unclear wording of Facebooks privacy policy. Moreover Facebook uses the personal data for advertising purposes without a permission. This constitutes a breach against Spanish Data Protection law.

Furthermore Facebook recognizes as well third party pages the user is referred if he clicks on links and illegally tracks visitors who are not Facebook users.

Finally is criticized that Facebook does not remove data, if a user unsubscribe the network. The collected information is stored for month even if the user terminates its account.

Not only Spain started an investigation against Facebook and imposes a fine as well as Spain also Belgium, France, Germany and the Netherlands are investigating against Facebook due to breaches against the local Data Protection law.

European Commission: €110 million fine for Facebook

23. May 2017

According to an European Commission Press release from the 18 May 2017, Facebook was fined €110 million by the Commission for providing misleading information about the takeover of WhatsApp.

Facebook acquired WhatsApp in 2014. Back then Facebook informed the European Commission that it would not be able to establish reliable automated matching between the users of Facebook and WhatsApp. Two years later, in August 2016, Facebook announced an update to its terms of service and privacy policy. The update included the possibility to link phone numbers of WhatsApp users with their respective Facebook accounts.

According to the Press release and contrary to the statement given by Facebook during the merger process 2014, the Commission has found that the possibility of automated linking of Facebook and WhatsApp users already existed in 2014.

Commissioner Margrethe Vestager, who is in charge of the competition policy, said: “Today’s decision sends a clear signal to companies that they must comply with all aspects of EU merger rules, including the obligation to provide correct information.”

It is the first time that the European Commission has imposed a fine on a company for the provision of misleading information since the Merger Regulation came into force in 2004.

Facebook & Instagram improve privacy for user data

10. April 2017

The social networks Facebook and Instagram improve the privacy of their customer data. In the past, a research held by the Civil Liberties Association (ACLU) had revealed data usage by third parties in he Internet analysis company “Geofeedia”, in which the company publicly viewed customer data from Facebook, Instagram and Twitter regarding participation in protest actions, which were evaluated and sold to government agencies. Facebook and Instagram responded by improving the conditions with regard to data usage so that they should be more stringent now. Accordingly, software developers are now expressly forbidden to use data from the networks for monitoring purposes. By the end of 2016 Twitter had already issued appropriate regulations.

European Commission proposes new ePrivacy Regulation

10. February 2017

On January 10, the European Commission published a proposal for an ePrivacy Regulation. After the adoption of the General Data Protection Regulation (‘GDPR’), a new ePrivacy Regulation would be the next step in pursuing the European Commission’s Digital Single Market Strategy (‘DSM’).

If adopted, the ePrivacy Regulation will replace both the ePrivacy Directive (2002/58/EC) and the Cookie Directive (2009/136/EC). In contrast to a Directive that has to be implemented into national law by each EU Member State, a Regulation is directly applicable in all Member States. Thus a Regulation would support the harmonisation of the data protection framework.

What’s new?

Since 2009, when the ePrivacy Directive was revised last, important technological and economic developments took place. In order to adapt the legal framework to the reality of electronic communication, the scope of the proposed Regulation is widened to apply to the so called ‘over-the-top’ (‘OTT’) service providers. These OTT providers, such as WhatsApp, Skype or Facebook, run their services over the internet.

By ensuring the privacy of machine-to-machine communication, the Regulation also deals with the Internet of Things and thus seems not only to consider the current situation of electronic communication, but also to prepare for upcoming developments within the information technology sector.

Electronical communications data (metadata as well as content data) cannot be processed without complying with the requirements of the Regulation. Metadata can be processed, if necessary for mandatory quality of service requirements or for billing, calculating interconnection payments, detecting or stopping fraudulent, or abusive use of, or subscription to, electronic communication services.

Content data can be used for the sole purpose of the provision of a specific service to an end-user, if the end-user or end-users concerned have given their consent to the processing of his or her electronic communications content and the provision of that service cannot be fulfilled without the processing of such content or if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes that cannot be fulfilled by processing information that is made anonymous, and the provider has consulted the supervisory authority.

Regarding the use of cookies, the end-users’ consent is still the basic requirement, except for first party non-privacy intrusive cookies. These cookies can now be used without the consent of the end-user. The proposed Regulation furthermore allows to use browser settings as consent.

In contrast to the draft of the Regulation leaked in December 2016, the official proposal does not contain the commitment to ‘Privacy by default’, which means that software has to be configured so that third parties cannot store information on or use information about a user’s device.

The Commission’s proposal of the Regulation just demands that software must offer the option to prevent third parties from storing information on or using information about a user’s device.

ePrivacy Regulation and GDPR

Both the ePrivacy Regulation and the GDPR are part of the above mentioned ‘DSM’. Several commonalities prove this fact. For instance, the fines in both Regulations will be the same. Furthermore, the EU Data Protection Authorities responsible for the enforcement of the GDPR will also be responsible for the ePrivacy Regulation.  This will contribute to the harmonisation of the data protection framework and increase trust in and the security of digital services.

What’s next?

After being considered and agreed by the European Parliament and the Council, the Regulation could be adopted by May 25th, 2018, when the GDPR will come into force. It is to see whether this schedule is practicable, considering how long the debate about the GDPR took.

Pages: 1 2 3 Next
1 2 3