Security News

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation laws in the country, almost a month after a similar decision was reached in Austria. Of the data protection decree, which govern the transfers of personal data to third countries or international entities.

A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "Persons behind the IP address."

The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling. Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation in the use and operation of Google Analytics - commonly used throughout web publishing and ecommerce - because of its movement of personal data to the United States.

The incoming head of the UK's data watchdog has "Gone on the record" to say he will be fair and impartial in his dealings with tech companies despite once describing Facebook as "Morally bankrupt pathological liars." Speaking on Thursday at a hearing of the Digital, Culture, Media and Sport Committee via video link from New Zealand, he was asked about his criticism of big tech companies.

85 percent of the small- to medium-sized enterprises in the UK are familiar with GDPR, but more than half are still not cleaning their data and therefore not adhering to the GDPR's legal requirements, a REaD Group survey reveals. The survey of 1,110 SMEs also revealed that only 40 percent hold their customer and prospect data in a CRM or other database: a surprisingly low figure given that businesses need to maintain contact with their customers for sales and marketing purposes, and never more so than over the past 15 months.

Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. In an SEC Form 10-Q filed today, Amazon states that this massive fine came out of CNPD in July 2021, which fined them for improper processing of personal data.

Former Brave chief policy officer Johnny Ryan is continuing his crusade against the online advertising industry by filing a lawsuit against Google, Facebook, Amazon, Twitter, and US telco AT&T in Germany. Ryan's latest campaign organisation, the Irish Council for Civil Liberties, said in a statement that online advertising amounts to "The Biggest. Data. Breach. Ever" and accusing internet adland of compiling "Secret dossiers" on every single netizen.

When you're implementing a password policy for your AD with GDPR compliance in mind it's a good idea to use a 3-rd party tool to help your password policy reach your entire end-user directory. During a password change in Active Directory, this service will block and notify users if the password they have chosen is found in a list of leaked passwords and provides dynamic feedback for password compliance.

New TSA security directive is a needed shock to the systemThe Department of Homeland Security's Transportation Security Administration announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector. VMware fixes critical vCenter Server RCE vulnerability, urges immediate actionVMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible.

The upcoming physical return to the office is also set to bring the influx of IoT devices that may be installed on networks as part of new COVID-19 workplace compliance policies. Some of these devices may collect large quantities of personal data that needs to be protected and is subject to the GDPR. GDPR Privacy by Design.