Rioting at the Capitol, watch your privacy settings!

Rioting at the Capitol, watch your privacy settings!

Key to bringing the mob to justice has been the event’s digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing. So when they stormed the Capitol their apps tracked them down and identified individuals from a trove of leaked smartphone location data.

Read more about this article here: https://www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html

DPA: Grindr 9.6 Million Euro for lack of consent for sharing data to 3rd parties

DPA: Grindr 9.6 Million Euro for lack of consent for sharing data to 3rd parties

Norwegian Data Protection Authority issues intention to fine gay/trans dating app Grindr 9.6 million Euro for lack of consent when sharing data with third parties for marketing purposes. User data included gps location and use of the app, the latter considered to be a special category of personal data (sexual orientation). Fine appears to be roughly 1 % of global turnover.

Read more about this article here: https://www.datatilsynet.no/en/news/2021/intention-to-issue–10-million-fine-to-grindr-llc2/

Digital corona passport a good idea?

Digital corona passport a good idea?

The idea of global vaccination and health data being stored in centralized systems has many privacy experts freaking out. As the first vaccines against COVID-19 roll out, governments and institutions across the world are scrambling to figure out how to provide proof that someone has been vaccinated. Paper certificates, PDFs, wristbands and mobile apps have all been suggested. leading to the adoption of digital “immunity passports” as a way to reopen the world. There’s a data privacy and security price to pay for being able to prove you’re vaccinated and its permanent access to the rest of your data or compulsory enrollment in a health app. To mitigate these risk there is a solution called “decentralized identity”. It’s a new consent-based mechanism for using verifiable credentials to prove who you are and things about you without anyone else — looking at you, Big Tech — managing, storing or selling your data.
Do you think verifiable digital credentials on a decentralized network with a mobile app can be the solution to meet the challenge of proving people have received a COVID-19 vaccination while providing them with the privacy and security they deserve?

Read more about this article here: https://cointelegraph.com/news/we-don-t-need-immunity-passports-we-need-verifiable-credentials

66% of EU Banks using US big tech cloud services forms risk

66% of EU Banks using US big tech cloud services forms risk

The European Commission is going after cloud computing, the online data storage business dominated by big American companies.
A draft bill seeks to address concerns about dependence on a small group of providers: chiefly Amazon Web Services, Google Cloud, IBM Cloud and Microsoft Azure.


The bill creates an oversight system designed “to preserving the Union’s financial system stability,”. Along with “monitoring of operational risks which may arise as a result of the financial system’s reliance on critical [outsourced services. It includes unrestricted rights to access and process all information deemed relevant, and also the “right to conduct audits and inspections,” and to issue “mandatory instructions.”.

In this package there are also measures to help digitalize the financial sector and modernize the EU’s rulebook for the online market. These include initiatives to harmonize companies’ online defences and regulate digital financial assets. The package also includes policy strategies on retail payments and capital markets.

Read more about this: https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/?

Does Instagram invade your privacy using camera access?

Does Instagram invade your privacy by camera access?

Last Thursday in the Northern District of California, Brittany Conditi filed a class-action complaint against Instagram and its parent company Facebook for invasion of privacy alleging that Instagram accessed users’ smartphone cameras when not using features that would require camera access, despite the defendants’ representations to the contrary.

Specifically, the party who initiated the lawsuit averred that “Instagram is constantly accessing users’ smartphone camera feature while the app is open and monitors users without permission, i.e., when users are not interacting with Instagram’s camera feature.”

Conditi argued that Instagram has broken its promise with users, as it has no reason to access users’ cameras when they are not using the camera feature.

read more about this: https://www.docketalarm.com/cases/California_Northern_District_Court/3–20-cv-06534/Conditi_v._Instagram_LLC_et_al/1/

Data breach approximately costs €125 per leaked data record

According to researchers at the American Ponemon Institute, cyber attacks are the leading cause of data leaks, followed by technical defects, configuration errors in the cloud and human error.

The “Cost of a Data Breach Report 2020” study conducted by IBM among 3,200 people from 524 organizations shows that the average cost per leaked or stolen data record has increased.

According to the study, the average cost per lost or stolen data record was $ 146 (approx. $ 123). With malicious attacks the costs are even slightly higher, around $ 175 per leaked data record, according to Darkreading.

The study covered 17 different sectors. The costs of data breaches are the highest in the healthcare sector. In the healthcare sector, a major data breach can easily cost about 7 million dollars (6 million euros). The high costs are caused by, among other things, customers who no longer have confidence, system downtime, lost sales, legal costs and fines.

On average, it takes 329 days before the leakage of data is detected by organizations.

Want to read more about this: https://www.darkreading.com/vulnerabilities—threats/advanced-threats/average-cost-of-a-data-breach-in-2020-$386m/a/d-id/1338660

Privacy activist files complaint against 101 European websites

One month after the cancellation of the data treaty “Privacy Shield” between the EU and the US, privacy activist Max Schrems is taking websites to court that still send data to the US.
There are also 8 Belgian and Dutch ones being sued: PostNL, Takeaway, Marktplaats and Lieferando. A month after that ruling, the Schrems organization has now taken stock of the situation, and has seen that 101 websites still use services such as Google Analytics and Facebook Connect, which now unlawfully send data to the US. “We performed a quick search of major websites in each EU country to see if they contain any code from Facebook and Google. These snippets of code send data about each visitor to Google or Facebook. Both companies admit that they have data on Europeans. pass it on to the US for processing, where they are legally required to make that data available to US agencies such as the NSA. Neither Google Analytics nor Facebook Connect are essential to keep the web pages up and running.

Read more at: https://noyb.eu/en/eu-us-transfers-complaint-overview