Security News

Today, 69% of the population above the age of 16 in the EU have heard about the GDPR and 71% of people heard about their national data protection authority, according to results published last week in a survey from the EU Fundamental Rights Agency. Data protection rules are fit for the digital age: The GDPR has empowered individuals to play a more active role in relation to what is happening with their data in the digital transition.

Open Rights Group has instructed lawyers to lodge a complaint with the UK's data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation. The complaint to the ICO relates to the failure by the NHS and Public Health England, which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment, which is required under the GDPR before processing of data in high-risk situations.

Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.

Two years after the GDPR went into effect, official data show that Data Protection Authorities, crippled by a lack of resources, tight budgets, and administrative hurdles, have not yet been able to create adequate GDPR enforcement. The GDPR's first two years have been marked by crisis, whether internal, external, political, geopolitical, or administrative.

TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for Indian outlet Medianama titled "Internet Lessons from COVID19", Cerf - a Google vice-president and chief internet evangelist - opens by pointing out that networks have more than proven their worth by facilitating interactions and economic activity that would otherwise have had to be conducted face-to-face and therefore may not have been conducted at all.

Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is "Personal data" as defined by the EU's GDPR and that this data is illegally processed. The complaint against Google, which was filed with the Austrian Data Protection Authority, is based on the claim that Google's Android operating system generates the advertising ID without user choice as required by GDPR. "In essence, you buy a new Android phone, but by adding a tracking ID they ship you a tracking device," said Noyb lawyer Stefano Rossetti.

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. "The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.

The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data Protection Regulation laws that were imposed by the EU in 2018. "However, the irony of a EU-funded web site about GDPR having security issues isn't lost on us."

Synthetic data is helping highly regulated companies safely use customer data to increase efficiencies or reduce operational costs, without falling under scope of stringent regulations. The GDPR does not expressly reference synthetic data, but it expressly says that it does not apply to anonymous information: according to UCL, "Information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable." Synthetic data is considered personal data which has been rendered anonymous and therefore falls outside the material scope of the GDPR. Essentially, these important global regulatory mandates do not apply to collection, storage and use of synthesized data.

A European consortium based in Switzerland plans to this week launch an opt-in location-detecting app to expedite contact-tracing those who have encountered coronavirus carriers. The new group, named Pan-European Privacy-Preserving Proximity Tracing, promises a GDPR-compliant app that sounds a lot like Singapore's TraceTogether service, but also offers considerable detail on how the service is designed to preserve privacy.