Rioting at the Capitol, watch your privacy settings!

Rioting at the Capitol, watch your privacy settings!

Key to bringing the mob to justice has been the event’s digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing. So when they stormed the Capitol their apps tracked them down and identified individuals from a trove of leaked smartphone location data.

Read more about this article here: https://www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html

DPA: Grindr 9.6 Million Euro for lack of consent for sharing data to 3rd parties

DPA: Grindr 9.6 Million Euro for lack of consent for sharing data to 3rd parties

Norwegian Data Protection Authority issues intention to fine gay/trans dating app Grindr 9.6 million Euro for lack of consent when sharing data with third parties for marketing purposes. User data included gps location and use of the app, the latter considered to be a special category of personal data (sexual orientation). Fine appears to be roughly 1 % of global turnover.

Read more about this article here: https://www.datatilsynet.no/en/news/2021/intention-to-issue–10-million-fine-to-grindr-llc2/

Digital corona passport a good idea?

Digital corona passport a good idea?

The idea of global vaccination and health data being stored in centralized systems has many privacy experts freaking out. As the first vaccines against COVID-19 roll out, governments and institutions across the world are scrambling to figure out how to provide proof that someone has been vaccinated. Paper certificates, PDFs, wristbands and mobile apps have all been suggested. leading to the adoption of digital “immunity passports” as a way to reopen the world. There’s a data privacy and security price to pay for being able to prove you’re vaccinated and its permanent access to the rest of your data or compulsory enrollment in a health app. To mitigate these risk there is a solution called “decentralized identity”. It’s a new consent-based mechanism for using verifiable credentials to prove who you are and things about you without anyone else — looking at you, Big Tech — managing, storing or selling your data.
Do you think verifiable digital credentials on a decentralized network with a mobile app can be the solution to meet the challenge of proving people have received a COVID-19 vaccination while providing them with the privacy and security they deserve?

Read more about this article here: https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials

Facebook fined in South-Korea for 5 million euros

Facebook fined in South-Korea for 5 million euros

South Korea’s privacy watchdog (PIPC) has fined Facebook millions for providing users’ personal information to companies.

According to the data protector, the data of at least 3.3 million local Facebook users would have been shared without permission with up to 10,000 companies. Personal data such as relationship statuses, work experience and education were shared with other companies when the users logged in to the online services of those companies with their Facebook account. The personal information of their Facebook friends was also shared without permission. The privacy watchdog states that the social network did not cooperate in the investigation that has been running since 2018, for example by submitting incomplete and false documents. Facebook however says it has cooperated well.

Read more about this: Facebook fined in South Korea for sharing user data without consent | ZDNet

66% of EU Banks using US big tech cloud services forms risk

66% of EU Banks using US big tech cloud services forms risk

The European Commission is going after cloud computing, the online data storage business dominated by big American companies.
A draft bill seeks to address concerns about dependence on a small group of providers: chiefly Amazon Web Services, Google Cloud, IBM Cloud and Microsoft Azure.


The bill creates an oversight system designed “to preserving the Union’s financial system stability,”. Along with “monitoring of operational risks which may arise as a result of the financial system’s reliance on critical [outsourced services. It includes unrestricted rights to access and process all information deemed relevant, and also the “right to conduct audits and inspections,” and to issue “mandatory instructions.”.

In this package there are also measures to help digitalize the financial sector and modernize the EU’s rulebook for the online market. These include initiatives to harmonize companies’ online defences and regulate digital financial assets. The package also includes policy strategies on retail payments and capital markets.

Read more about this: https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/?

Security Awareness training is most effective when repeated every six months

Security Awareness training is most effective when repeated every six months

Awareness training in the field of cybersecurity and phishing must be repeated after approximately six months to ensure that employees continue to recognize phishing emails properly. This is evident from a study that was carried out by a number of German universities at an organization from the public sector. In Germany, public organizations are required to implement an information security management system (ISMS) to increase employee awareness of information security. The research focused on the question of how effective these awareness training courses will still be over time. To this end, it was periodically tested whether employees were able to recognize phishing emails.
The research showed that the participants were still perfectly capable of recognizing phishing emails after four months. That was no longer the case if the phishing training was six months or more ago, ZDNet writes.

Read more about this: https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/?

Does Instagram invade your privacy using camera access?

Does Instagram invade your privacy by camera access?

Last Thursday in the Northern District of California, Brittany Conditi filed a class-action complaint against Instagram and its parent company Facebook for invasion of privacy alleging that Instagram accessed users’ smartphone cameras when not using features that would require camera access, despite the defendants’ representations to the contrary.

Specifically, the party who initiated the lawsuit averred that “Instagram is constantly accessing users’ smartphone camera feature while the app is open and monitors users without permission, i.e., when users are not interacting with Instagram’s camera feature.”

Conditi argued that Instagram has broken its promise with users, as it has no reason to access users’ cameras when they are not using the camera feature.

read more about this: https://www.docketalarm.com/cases/California_Northern_District_Court/3–20-cv-06534/Conditi_v._Instagram_LLC_et_al/1/