CJEU rules electronic communication location data must only be used in investigations of ’serious crime’

Location data drawn from electronic communications must only be used by law enforcement investigations involving ‘serious crimes’ and to prevent ‘serious threats to public security’, the European Court of Justice (CJEU) has ruled.

In its decision, the court said that, unless it’s for a serious crime or in the interest of public safety, countries are prohibited from obtaining location data under the European Union’s 2002 Privacy and Electronic Communications Directive.

Source: CJEU rules electronic communication location data must only be used in investigations of ’serious crime’ | News | GRC World Forums

Microsoft email server flaws exploited to hack at least 30,000 US organizations

The Chinese state-sponsored group dubbed Hafnium ramped up and automated its campaign after the patch was released. In the US, the group infiltrated at least 30,000 organizations using Exchange to process email, including police departments, hospitals, local governments, banks, credit unions, non—profits and telecommunications providers.

Worldwide, the number of victims is reportedly in the hundreds of thousands. A former national security official Wired talked to said thousands of servers are getting compromised per hour around the world.

When Microsoft announced its emergency patch, it credited security firm Volexity for notifying it about Hafnium’s activities. Volexity president Steven Adair now said that even organizations that patched their servers on the day Microsoft’s security update was released may have still been compromised.

Source: Microsoft email server flaws exploited to hack at least 30,000 US organizations | Engadget

Google Workspace has high data protection risks, says Dutch government

A Dutch government report identifying “10 high data protection risks” for users of Google Workspace, formerly known as G Suite, has been revised after Google’s response, and now says eight high risk issues still remain.

Dutch Government’s Data Protection Impact Assessment still considers that there are legal obstacles to adopting Google Workspace around the roles and obligations of data processors and data controllers under the EU’s General Data Protection Regulation (GDPR).

Source: Dutch government: Did we say 10 ‘high data protection risks’ in Google Workspace block adoption? Make that 8 • The Register

Thought-detection: AI has infiltrated our last bastion of privacy

Our thoughts are private – or at least they were. New breakthroughs in neuroscience and artificial intelligence are changing that assumption, while at the same time inviting new questions around ethics, privacy, and the horizons of brain/computer interaction.

Research from the UK and an update from Elon Musk on human trials at his brain interface company show software is now eating the mind.

Source: Thought-detection: AI has infiltrated our last bastion of privacy | VentureBeat

Privacy Debated in Fight Over Google Chrome Browser History Tracking

The plaintiffs in the class action claim they signed up for Chrome because Google explicitly said they would not have their browsing history sent to Google unless they decided to “sync” the browser with their account.

Despite these assurances, Chrome tracked their web browsing and sent it to Google, in violation of federal law and the newly minted California Consumer Privacy Act.

Google attorney Andrew Schapiro said plaintiffs had misconstrued the issue, saying that each of the plaintiffs was notified their web browsing history would be tracked when they agreed to the terms of service.

The attorney for Google also said the plaintiffs misunderstand how the advertising tracking component of the company works, because it tracks web browsing based on the website not on the browser.

Source: Privacy Debated in Fight Over Google Chrome Browser History Tracking – Courthouse News Service

UK Post Office to use biometrics for client identification

The Post Office is rolling-out of a suite of online and in-branch products in a new partnership with digital identity company Yoti. The rollout includes a free-to-use app that will combine customers’ personal data and biometrics to create a secure, reusable ID on their phone.

Companies can use Post Office and Yoti identity verification services for fraud detection, E-signatures and customer authentication services. The technology uses secure biometric face matching and liveness detection.

Source: Post Office partners with Yoti and unveils digital identity services –

Greece Moves Ahead with Biometric Border Management System

Greece is planning to implement a biometric border management system that will record all crossings at ports, airports and border check points.

This means that all ports, airports and border check points in Greece will be equipped with biometric detection systems for facial recognition and fingerprinting.

Information on the movements of third country nationals within the Schengen Area will be collected and stored at Hellenic Police headquarters. Traveler data will be stored for five years and includes names, passport numbers, four fingerprints, and biometric photos

Source: GTP Headlines Greece Moves Ahead with Biometric Border Management System | GTP Headlines

A New Day for GDPR Damages Claims in Germany?

Until now, damages claims awarded by German courts pursuant to Article 82 of the General Data Protection Regulation (GDPR) – in particular, claims for non-material damages – have been relatively low. However, a more recent decision issued by the Federal Constitutional Court indicates that views in Germany may be evolving on this topic, and courts may soon be willing to entertain higher damages claims.

In a case decided in January 2021, Germany’s Federal Constitutional Court held that the issue of whether or not (and if so, the extent to which) a damages claim brought pursuant to Article 82 GDPR is subject to certain evidentiary requirements must be decided under European law and – if necessary – clarified by the Court of Justice of the European Union (CJEU).

If the CJEU continues to follow its data protection-friendly line of reasoning and pursue effective enforcement of data protection law, damages claims pursuant to Article 82 GDPR and legal proceedings based on such claims may become the new norm and much more important in the future.

Source: A New Day for GDPR Damages Claims in Germany? | Inside Privacy

‘Millions of people’s data is at risk’ — say Amazon insiders

Amazon is amassing an empire of data as the online retailer ventures into ever more areas of our lives. But the company’s efforts to protect the information it collects are inadequate, according to insiders who warn the company’s security shortfalls expose users’ information to potential breaches, theft and exploitation.

The warnings about privacy and compliance failures at Amazon come from three former high-level information security employees — one EU-based and two from the U.S. — who told they had repeatedly tried to alert senior leadership in the company’s Seattle HQ, only to be sidelined, dismissed or pushed out of the company in what they saw as professional retaliation.

Source: ‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security – POLITICO

Judge Approves Historic $650M Facebook Privacy Settlement

More than 1.5 million Illinois Facebook users will receive at least $345 each under the terms of the landmark deal.

A federal judge gave his final blessing Friday to a $650 million deal to resolve claims that Facebook illegally collected and stored users’ facial data without consent, making it one of the largest privacy-related settlements in U.S. history.

The approval comes more than five years after lead plaintiff Nimesh Patel sued Facebook in one of three consolidated class actions in 2015, claiming the social network started mapping users’ faces for its “Photo Tag Suggest” function in 2011.

The plaintiffs say Facebook did so without their permission and failed to inform them how long their data would be stored as required by the Illinois Biometric Information Privacy Act of 2008.

Source: Judge Approves Historic $650M Facebook Privacy Settlement – Courthouse News Service

1 2 3 541