We bring you a round up of articles and updates in the data sphere
02 Feb.
Should law enforcement use Google location data?
—
The Register has reported that the American Civil Liberties Union is against the use Google location data as evidence to prosecute individuals, stating that it is unconstitutional and should be excluded from court proceedings. Public defenders say that geofence warrants violate the Fourth Amendment, which protects citizens from unreasonable searches by the government. Google has stated that they will support the work of law enforcement whilst also refusing broad access requests.
01 Feb.
Nigerian data protection industry reaches value of N5.5 billion
—
The minister of Communications and Digital Economy, Isa Pantami, has stated that the Nigeria Data Protection Bureau (NDPB) is valued at N5.5 billion. Pantami has emphasized the importance of data protection regulations and institutions to facilitate investments in Nigeria as well as, data privacy being a constitutional right for law abiding citizens. The current aim of the National Information Technology Development Agency is to encourage corporate bodies and individuals alike, to comply with data protection law, in order to create a ‘culture of privacy’.
31 Jan.
Data protection regulators requested to provide reports on ‘big tech firms’ to the European Commission
—
Upon request of the European Commission, all national data protection regulators should provide bi-monthly reports of any large international investigations. This new development is in response to privacy campaigners who have criticised how the Irish DPC handles investigations into big tech firms. Though an ombudsman report claimed that the Commission examined DPC ‘big tech’ cases regularly and appropriately, the Irish Council for Civil Liberties claimed that in 2 years, only 4 cases of direct communication between the Commission and Ireland’s DPC were logged. The ICCL maintain that there should be greater communication between the two entities.
30 Jan.
10 million JD Sports customers affected by cyber-attack
—
The stored data of 10 million JD Sport customers, who ordered from the retailer between November 2018 and October 2020, may be at risk due to a cyber-attack. There is a possibility that hackers were able to obtain personal information such as names, addresses, email accounts, phone numbers and the final four digits of bank cards. The company believes that hackers were not able to access full payment card details. JD are in the process of contacting the affected customers and working alongside the UK’s ICO to respond to the incident.
27 Jan.
European Commission hope to finalise the European Health Data Space (EHDS) by June 2024
—
The goal of the EHDS is to regulate health data sharing across the EU for private individuals, researchers, and policymakers. Euractiv reported that the Working Party on Public Health, a body of the EU Health Council, reached a consensus on secondary use of data in Chapter IV of the Commission’s proposal. The Commission see the value in secondary use of data, in its raw form, to support innovative developments in the field of personalized medicines.
26 Jan.
$25 million lawsuit filed against Foot Locker
—
Foot Locker has been found to violate consumer privacy law by wiretapping the chat feature on their website and eavesdropping on customer conversations without their consent. This allowed third party companies to monitor these conversations and harvest data for their use. The complainant argued that this practice violates the California Invasion of Privacy Act which bans wiretapping and eavesdropping without the consent of affected parties.
25 Jan.
Luxembourg Bill: Storing personal data as an exception and not the rule
—
A bill presented in Luxembourg is proposing that the collection of personal data will be limited in quantity and substance, making the storage of personal data an exception and not the rule. The goal is to protect citizen rights whilst also allowing authorities access to data for safeguarding and national security. The exceptions will be IP addresses and civic identity data however, this data will only be stored for 6 months.
24 Jan.
The Federal Trade Commission focus efforts on limiting corporate surveillance
—
The FTC’s Division of Consumer Protection seek to safeguard consumers from companies that track their online behavior’s and target them with personalised adverts. The Trade Commission aim to offer these protections through creating clear rules on how companies can keep consumer data private and safe. The FTC are also monitoring companies who use dark patterns and have already imposed a hefty $100 million fine on Vonage Holdings Corp for use of dark patterns in November 2022.
23 Jan.
UK ICO offers data protection guidance to SMEs
—
The ICO stated that incorporating good data protection practices from the outset will save businesses time and money whilst also increasing customer confidence. Lack of trust toward businesses is evident, with an ICO survey showing 91% of people worry about their personal information being sold to third party companies. The Commissioner’s Office have provided some tips for beginners in business; ranging from listing the information that needs to be collected to, having a data breach action plan in place.
20 Jan.
WhatsApp fined more than €5 million by the Irish DPC
—
The Irish Data Protection Commission have issued a relatively low fine of € 5.5 million to WhatsApp for breaching the EU’S GDPR. The popular messaging app was found to breach transparency regulations by only allowing users to access the app if they agreed to the terms of service. Initially, the DPC did not want to impose this sum as, they had previously fined WhatsApp € 225 million for similar transparency breaches. However, upon the European Data Protection Board’s findings, the Irish data watchdog has been directed to impose this penalty.
19 Jan.
ICO shifts away from big fines to focus on preventative measures
—
It appears that the Information Commissioner’s Office have adopted a different approach than European data protection authorities. The UK’s data watchdog seeks to implement a preventative approach to data breaches instead of issuing big fines. John Edwards, head of the ICO, has expressed that hitting companies with big fines is inefficient and could be more harmful in the long run. Instead, Edwards believes the more effective approach is to prevent data protection breaches.
18 Jan.
Apple launches new security updates
—
Apple has begun their increased data protection role out with the introduction of major security updates. These data protection tools have been introduced to combat user data stored in the cloud from being stolen. ‘Advanced Data Protection’ is a new feature that secures iCloud backups with end-to-end encryption, meaning only people who have access to the trusted device can see this data. This feature and several other updates will be available in the iOS 16.3 update.
17 Jan.
European data protection authorities issue €2.92 billion in GDPR fines
—
A GDPR and Data Breach survey carried out by DLA Piper has shown that fines issued by European data protection authorities have increased significantly since 2021. The biggest fine being €405 million issued against Meta for allegedly failing to protect children’s personal data. It appears that the increase in fines is due to greater focus toward artificial intelligence. The growing use of AI has presented more threats to the protection of personal data.
16 Jan.
TikTok announce transparency plan to avoid complete ban in the U.S.
—
Silicon Angle reported that TikTok has revealed a transparency plan to quell U.S. government concerns over the app’s link to the Chinese government. The Wall Street Journal reported that TikTok has announced a $1.5 billion plan to change it’s U.S. operations. A TikTok spokesperson has stated that they have already made progress and aim to complete implementing these changes in order to address concerns. However, U.S. government officials doubt that this ‘new plan’ is substantial enough to pacify lawmakers.
13 Jan.
Meta sues ‘data scraping for hire’ service
—
Meta sues Voyager Labs for collecting information from 600,000 users in an effort to ‘crack down on data scraping for hire’. Many social media platforms such as Facebook, YouTube, Instagram, LinkedIn and Telegram have been targeted in data scraping campaigns. Meta alleged that Voyager used 38,000 fake accounts to collect data from Facebook user accounts. Voyager has been found to assist law enforcement in acquiring information on potential suspects through use of their software. Meta have stated that they seek to protect their users from campaigns such as these.
12 Jan.
Twitter disputes that leaked data was hacked from its systems
—
Earlier this week, it was reported that the email addresses of over 200 million Twitter users were obtained due to a hack. The emails linked to these accounts could be downloaded by anyone who paid a small fee. Twitter have refuted this claim, stating that there is no evidence the data was harvested due to ‘flaws in their systems’. Security researchers reported that the data was a compilation of previous leaks.
11 Jan.
France fines TikTok 5 million euros for online tracking failures
—
The CNIL found that it was harder for users to reject online tracking on TikTok than it was to accept. They also found that users were not provided with enough information surrounding TikTok’s use of cookies. Representatives of the popular app have stated that these issues have since been addressed, making it easier for users to reject non-essential cookies. They also highlighted their cooperation throughout the investigation.
10 Jan.
5 easy ways to protect your data in 2023
—
Incorporating data protection practices into our lives should be prioritized. With the increase in scams, data breaches and hacks, it is important that we remain vigilant and knowledgeable on how to protect ourselves on the internet. The linked article provides tips ranging from using unique passwords to regularly updating your apps.
09 Jan.
Algorithmic Transparency Recording Standard
—
The Central Digital and Data Office and Centre for Data Ethics and Innovation are working alongside public sector organizations, helping them provide information regarding the algorithmic tools they use. The government aims to promote greater algorithmic transparency as part of the National Data Strategy. Greater transparency means that organizations are required to be open about how algorithmic tools support decisions.
06 Jan.
Meta fined €390 million by the Irish DPC
—
The Irish Data Protection Commissioner alleged that Meta breached GDPR rules by unlawfully processing data for advertising purposes. Meta relied on the legal basis of consent to process user data. However, if users did not consent to how their data would be used, they could not use the social media platform. Privacy campaigners have applauded this decision, it gives users the ability to decide if their data is used for targeted online advertisements. Meta plan to appeal the fine.
