Security News

Instagram Retained Deleted User Data Despite GDPR Rules
2020-08-14 13:25

"Instagram didn't delete my data even when I deleted them from my end," Pokharel told TechCrunch. The flaw was in a feature that Instagram launched in 2018 in response to the European General Data Privacy Regulation, which requires any companies operating in Europe to notify the authorities within 72 hours of confirming a data breach or face stiff financial penalties.

Oracle and Salesforce targeted in €10bn GDPR lawsuit backed by profit-making litigation fund
2020-08-14 11:20

Salesforce and Oracle are to face a GDPR lawsuit in London and the Netherlands that could cost them up to €10bn in fines, a legally aggressive privacy campaign group has claimed to The Register. Dr Rebecca Rumbul of the Privacy Collective told The Register: "We're looking at informed consent. Bluekai would collect data not just on one particular site but other sites too and then aggregate that data. The key thing is, under GDPR who is the data processor legally? You should be able to figure that out."

UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat
2020-08-05 11:25

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog - while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again, The Register can reveal. Marriott has secured an extension for fine negotiations to 30 September, having secured two already; one from January to 31 March and a second that ran through May. On top of that, the company set aside $65m to cover its proposed fine, down from the Information Commissioner's original intention to impose a £99m penalty.

340 GDPR fines for a total of €158,135,806 issued since May 2018
2020-07-16 05:00

Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.

Does analyzing employee emails run afoul of the GDPR?
2020-06-29 05:00

A desire to remain compliant with the European Union's General Data Protection Regulation and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. At the same time, new technologies are applying artificial intelligence and machine learning to solve HR problems like analyzing employee data to help with hiring, completing performance reviews or tracking employee engagement.

EU Commission: The GDPR has been an overall success
2020-06-26 04:00

Today, 69% of the population above the age of 16 in the EU have heard about the GDPR and 71% of people heard about their national data protection authority, according to results published last week in a survey from the EU Fundamental Rights Agency. Data protection rules are fit for the digital age: The GDPR has empowered individuals to play a more active role in relation to what is happening with their data in the digital transition.

Legal complaint lodged with UK data watchdog over claims coronavirus Test and Trace programme flouts GDPR
2020-06-04 14:12

Open Rights Group has instructed lawyers to lodge a complaint with the UK's data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation. The complaint to the ICO relates to the failure by the NHS and Public Health England, which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment, which is required under the GDPR before processing of data in high-risk situations.

Week in review: Windows RDP backdoor, GDPR enforcement, application threats and security trends
2020-05-31 07:00

Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.

GDPR enforcement over the past two years
2020-05-27 04:00

Two years after the GDPR went into effect, official data show that Data Protection Authorities, crippled by a lack of resources, tight budgets, and administrative hurdles, have not yet been able to create adequate GDPR enforcement. The GDPR's first two years have been marked by crisis, whether internal, external, political, geopolitical, or administrative.

Vint Cerf suggests GDPR could hurt coronavirus vaccine development
2020-05-15 07:44

TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for Indian outlet Medianama titled "Internet Lessons from COVID19", Cerf - a Google vice-president and chief internet evangelist - opens by pointing out that networks have more than proven their worth by facilitating interactions and economic activity that would otherwise have had to be conducted face-to-face and therefore may not have been conducted at all.