fbpx

More than half of organisations subject to GDPR collect more data than the regulation permits

A Data Risk and Security report released by the security software company Netwrix has revealed that companies are failing to follow GDPR and security best practices.

The survey of just over a thousand respondents revealed that security professionals are often bypassing many of the six stages of the data lifecycle. While security issues are mitigated at some stages, many important stages are being overlooked, resulting in vulnerable systems.

Source: More than half of organisations subject to GDPR collect more data than the regulation permits, a study has found

Microsoft’s Free Rein Over EU Staff Data Sparks Privacy Warning

Microsoft Corp.’s licensing agreements with European Union authorities gave the U.S. tech giant free rein to oversee data processing activities for more than 45,000 EU officials, the institution’s own privacy watchdog warned.

The EU’s in-house data protection regulator said in its findings of a probe that institutions’ lack of control “over which sub-processors Microsoft used and lack of meaningful audit rights also presented significant issues.”

Source: Microsoft’s Free Rein Over EU Staff Data Sparks Privacy Warning – Bloomberg

Facebook says 5,000 app developers got user data after cutoff date

A Facebook privacy mechanism blocks apps from receiving user data if users didn’t use an app for 90 days. Facebook said 5,000 apps continued to receive user data regardless.

The incident is related to a security control that Facebook added to its systems following the Cambridge Analytica scandal of early 2018.

Source: Facebook says 5,000 app developers got user data after cutoff date | ZDNet

ICO Teams Up with CMA and Ofcom in Digital Regulation Cooperation Forum

On July 1, 2020, the UK Information Commissioner’s Office (“ICO”) launched a joint endeavor with the Competition and Markets Authority (“CMA”) and Office of Communications (“Ofcom”), named the Digital Regulation Cooperation Forum (“DRCF”).

The DRCF is intended to promote collaboration between the three regulators and pool their collective expertise with regard to data, privacy, competition, communications and content in digital markets and services. It also intends to engage regularly with the UK government.

Source: ICO Teams Up with CMA and Ofcom in Digital Regulation Cooperation Forum

EDPS Investigation into EU institutions’ use of Microsoft products and services

EDPS issued a Public Paper detailing its findings and recommendations on the use of Microsoft products and services by EU institutions.

These findings may help any public administrations when contracting ICT services, because of the similarities between the General Data Protection Regulation (GDPR) and Regulation (EU) 2018/1725 which applies to the EU institutions.

Source: The Hague Forum: Reinforcing cooperation for fair IT contracts in Europe | European Data Protection Supervisor

Why Trump’s administration is going after Europe’s privacy rules

US officials are ramping up criticism of flagship GDPR law, which they say protects cybercriminals.

At the heart of the issue for many U.S. critics of the GDPR is the WHOIS database, an online directory created in the 1970s, which became an important tool for global law enforcement agencies fighting cybercrime.

Source: Why Trump’s administration is going after Europe’s privacy rules – POLITICO

California begins enforcing broad digital privacy law, despite calls for delay 

The California privacy law took effect in January, but the attorney general had to wait until July to enforce.

California’s privacy law, often called the broadest law for digital privacy in the United States, can finally be enforced starting Wednesday. And despite industry calls for the state to hold off because of the novel coronavirus pandemic, Attorney General Xavier Becerra is forging ahead.

Source: California begins enforcing broad digital privacy law, despite calls for delay – The Washington Post

Tech companies to pay $100,000 for collecting data on kids without parental consent

Attorney General Bob Ferguson announced that California-based technology company Super Basic LLC and its parent company Maple Media LLC will pay $100,000 to resolve an investigation by the Attorney General’s Office.

Ferguson’s investigation found the companies’ social media platform, “We Heart It,” allowed children to create accounts, collected their personal information and allowed third-party advertisers to collect data from them, all without legally required parental consent.

Source: AG Ferguson: Tech companies to pay $100,000 for violating Children’s Online Privacy Protection Act by collecting data on kids without parental consent | Washington State

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

The privacy invasion is the result of the apps repeatedly reading any text that happens to reside in clipboards, which computers and other devices use to store data that has been cut or copied from things like password managers and email programs. With no clear reason for doing so the apps deliberately called an iOS programming interface that retrieves text from users’ clipboards.

Source: TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica

House Investigating Company Selling Phone Location Data to Government Agencies

A Democratic-led committee said it was conducting an investigation of the products sold by data broker Venntel.

The Democratic-led House Committee on Oversight and Reform has opened an investigation into the sale of the location data drawn from millions of U.S. mobile phones to law-enforcement agencies. Venntel Inc. is a Virginia-based data broker and software company that has contracts with the Department of Homeland Security.

Source: House Investigating Company Selling Phone Location Data to Government Agencies – WSJ

>