fbpx

NSA alerted Microsoft to major Windows 10 security flaw

The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies.

Microsoft issued a software update on Tuesday to fix the vulnerability, as part of its normal schedule for releasing software patches.

Source: NSA alerted Microsoft to major Windows 10 security flaw – CNN

EU court adviser: data privacy laws should apply in national security cases

The European Court of Justice should uphold its 2016 decision that personal data cannot be seized and held indiscriminately by governments even on national security grounds, the court’s advocate general said in an opinion on Wednesday.

Reacting to four cases in France, Belgium and Britain in which governments called for greater powers to override data privacy, the advocate general, Manuel Campos Sánchez-Bordona, argued that EU law applies.

Source: EU court adviser: data privacy laws should apply in national security cases – Reuters

Google Chrome to drop third-party cookies by 2022

Chrome will replace third-party cookies with browser-based tools and techniques aimed at balancing personalization and privacy.

Google announced support for third-party cookies in its Chrome browser would be phased out “within two years.” The company seeks to replace them with a browser-based mechanism.

Google’s stated objective is to create “a secure environment for personalization that also protects user privacy.” Google says that for ad targeting it’s “exploring how to deliver ads to large groups of similar people without letting individually identifying data ever leave [the] browser.”

Source: Google Chrome: Third-party cookies will be gone by 2022 – MarTech Today

US Government-funded Android phones come preinstalled with unremovable malware

An Android phone subsidized by the US government for low-income users comes preinstalled with malware that can’t be removed without making the device cease to work, researchers reported on Thursday.

The first is heavily obfuscated malware that can install adware and other unwanted apps without the knowledge or permission of the user. The second unpleasant surprise is something called Wireless Update. While it provides a mechanism for downloading and installing phone updates, it also loads a barrage of unwanted apps without permission.

Source: US Government-funded Android phones come preinstalled with unremovable malware | Ars Technica

2019 registers over €400m in data protection fines in Europe

Last year, the data protection authorities in the EEA imposed 190 fines with a total cost of over €410,000,000, according to a new report by Federprivacy.

The study analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA).

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20. The strictest has been the UK (ICO) with €312,000,000 of sanctions (76% of the total).

Source: #Privacy: 2019 registers over €400m in data protection fines in Europe

New EU Guidance Published on Cybersecurity and Medical Devices

New European medical device guidance will require manufacturers to carefully review cybersecurity and IT security requirements in relation to their devices and in their product literature.

This new guidance comes at the same time as a draft guidance on privacy by design has been published by the European Data Protection Board requiring product developers to implement privacy into the design of their products.

Source: New Guidance Published on Cybersecurity and Medical Devices

Top Apps Invade User Privacy By Collecting and Sharing Personal Data

A new report published today by the Norwegian Consumer Council (NCC) looks at the hidden side of the data economy and its findings are alarming.

Scrutinizing 10 popular apps in Google Play Store, such as Grindr, Clue, and Perfect365, the NCC report’s technical analysis reveals comprehensive tracking and profiling practices. Personal data is systematically collected and shared with dozens of third-party companies without users’ knowledge.

Source: Top Apps Invade User Privacy By Collecting and Sharing Personal Data, New Report Finds

What we’ve learned from California’s Consumer Privacy Act so far

Though CCPA went into force Jan.1, some of the law’s implications are already becoming clear.

First, privacy is not cheap. CCPA delegates rule-making authority (as well as enforcement) to the California Department of Justice.

The second lesson is that privacy laws are prolix. CCPA runs about 10,000 words. That virtually demands that businesses retain dedicated CCPA specialists to advise them — their own readings and the advice of non-specialist lawyers won’t cut it.

Finally, state heterogeneity in privacy law is now inevitable. Some states introduced their own clone-and-revise versions of CCPA in 2019, but none passed. A number of state legislatures will likely restart the CCPA clone-and-revise process in 2020.

Full article: What we’ve learned from California’s Consumer Privacy Act so far | TheHill

German Constitutional Court to hold hearing on surveillance powers of the “German NSA”, the BND

The Federal Constitutional Court will hold a hearing on the BND Act on January 14th and 15th, 2020.

Plaintiffs expect a fundamental ruling defining the limits of intelligence gathering abroad. An alliance of six media organisations and the Gesellschaft für Freiheitsrechte (GFF) had filed a constitutional complaint against the BND Act, which gives broad surveillance powers to the Federal Intelligence Service (BND).

Source: German Constitutional Court to hold hearing on surveillance powers of the “German NSA”, the BND – GFF – Gesellschaft für Freiheitsrechte e.V.

Research reveals that most websites are not compliant with GDPR and ePrivacy Directive

Research has found that only 11.8% of consent management platforms (CMPs) meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.

A study conducted by researchers at MIT CSAIL, Denmark’s Aarhus University and University College London, analysed how prevalent CMP designs impact people’s consent choices.

Full article: #Privacy: Research reveals that most websites are not compliant with GDPR

>