Data Privacy
The details of over 500 million different Facebook accounts have been found on a website available for hackers.
When first reported by Business Insider, it is said that the information may be a couple of years old.
The information available includes phone numbers, Facebook IDs, full names, locations, birthdates, and email addresses
As Bloomberg reports, Judge Lucy Koh has denied Google's request to dismiss the class action case. Koh determined that Google "did not notify" users it was still collecting data while Incognito's privacy mode was active, giving the plaintiffs enough ground to move forward with their case. Incognito mode's limitations are well-known among enthusiasts - it's really there to keep sites out of your local search history and cookies, not to block all potentially identifying traffic.
Prof. Ulrich Kelber, the German federal commissioner for data protection and freedom of information, criticized the federal government in a press release. Germany has not implemented the EU data protection directive on data protection in the prevention, investigation, detection or prosecution of criminal offences and the execution of sentences for more than 1,000 days.
As a result, he lacks effective enforcement powers with the security authorities, which would be a basis for the judicial prosecution of data protection violations.
Facebook announced on Monday it will begin rolling out a notification for iPhone users globally about how data is used for personalized ads, in an attempt to get ahead of upcoming Apple privacy changes that Facebook claims will hurt its advertising business.
A prompt will tell users that providing access to their activity will give them personalized ads and will support businesses that rely on ads to reach customers.
The social media giant has been waging a public fight against Apple's plan to ask iPhone users whether to allow apps to track them across other websites and apps, warning that Apple's notification "suggest there is a tradeoff between personalized advertising and privacy," and will harm small businesses that rely on Facebook ads. Apple said its pop-up privacy notifications would start appearing on most iPhones in the next few months.
The privacy-focused search engine DuckDuckGo, increased its average number of daily searches by 62% in 2020 as users seek alternatives to impede data tracking.
In an interview with USA TODAY, Kamyl Bazbaz, DuckDuckGo vice president of communications said: "People are coming to us because they want more privacy, and it's generally spreading through word of mouth."
WhatsApp announced Friday a three-month delay of a new privacy policy originally slated to go into effect on February 8th following widespread confusion over whether the new policy would mandate data sharing with Facebook. WhatsApp stated it wouldn’t enforce the planned update to its data-sharing policy until May 15.
"We’re now moving back the date on which people will be asked to review and accept the terms. No one will have their account suspended or deleted on February 8. We’re also going to do a lot more to clear up the misinformation around how privacy and security works on WhatsApp. We’ll then go to people gradually to review the policy at their own pace before new business options are available on May 15," the firm said in a blog post.
"There's been a lot of misinformation causing concern and we want to help everyone understand our principles and the facts," said the company, which earlier this week ran full-page ads on several newspapers in India, where it has amassed over 450 million monthly active users.
WhatsApp has been informing its approximately two billion users via a pop-up message in the app that there have been changes to the terms of use.
Following an update to the terms of use and privacy policy, WhatsApp users must now agree that all information in the app may be used by the entire company. This includes user-stored data such as phone numbers, address book, profile names, profile pictures, status messages, and more.
In an effort to avoid the EU's privacy laws, Facebook will move all of its users in the United Kingdom into user agreements with the corporate headquarters in California. Google has done a similar move in February.
"Like other companies, Facebook has had to make changes to respond to Brexit and will be transferring legal responsibilities and obligations for UK users from Facebook Ireland to Facebook Inc. There will be no change to the privacy controls or the services Facebook offers to people in the UK," so Facebook's UK arm.
Twitter has been fined €450,000 by Ireland’s Data Protection Commission (DPC) for breaching Europe's General Data Protection Regulation (GDPR).
"The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach," so the DPC in a statement on its website.
The French data protection authority Commission Nationale de l'Informatique et des Libertés (CNIL) is imposing a record fine on Google - for the second time. This time the dispute is over web cookies. Amazon is also expected to pay 35 million euros.
According to the CNIL, Google is being accused of "placing advertising cookies on the computers of users of the google.fr search engine without prior consent and without adequate information." A total of three violations of Article 82 of the so-called French Data Protection Act have been identified, the authority reports.
.jpg){kind=link}
Gionee, a Chinese manufacturer of low-cost smartphones, has been found guilty by the Chinese courts of installing malware on more than 20 million devices it sold between December 2018 and October 2019.
According to the report, the company used a subsidiary to plant a "Trojan horse" to carry ads without the users' permission.
Tutanota is one of the few email providers that encrypt all incoming emails by default. However, a ruling by the Cologne Regional Court is now forcing the Hanover-based company to install a function with which investigators can monitor individual mailboxes and read emails in plain text.
A new security breach in the Ministry of Health's covid-19 notification system left personal data of over 200 million Brazilians exposed on the internet for at least six months. It was not only patients diagnosed with Covid-19 who had their privacy violated, as occurred in another exposure case reported last week. This time, the personal information of any Brazilian registered with SUS or beneficiary of a health plan was open for consultation.
"Each time you stop and go through the Ministry of Health's information security and data management policy, you find a more serious vulnerability. At the time of our complaint, we asked for an audit and received no response. Clearly, they have not taken and are not yet taking the treatment of data from millions of Brazilians seriously," says Fernanda Campagnucci, executive director of the NGO Open Knowledge Brasil (OKBR).
The Karlsruhe energy supplier EnBW wants to carry out video surveillance on Europaplatz due to a lack of police authority. According to their own statements, no personal data is collected and stored with artificial intelligence that is supposed to recognize behaviour patterns, the number of people and movements.
The aim is to implement a monitoring infrastructure in which the EnBW employee is in close contact with the police.
A leak of a file containing access information to internal systems of the Brazilian Ministry of Health exposed data on 16 million people for almost a month.
The data includes taxpayers id and telephone numbers, address, medications and even a history of pre-existing diseases. It is noteworthy that, among the names on the leaked list, are President Jair Bolsonaro; the Minister of Health, Eduardo Pazuello; the governor of the state of São Paulo, João Dória; the Mayor, Rodrigo Maia; and the president of the Senate, Davi Alcolumbre. They have all been diagnosed with Covid-19.
According to a request under the Municipal Freedom of Information and Protection of Privacy Act filed by the Mercury Tribune, the Guelph Police Service (GPS) has confirmed that a device called GrayKey has been acquired from the Atlanta-based technology company Grayshift.
The device enables low enforcement to unlock and copy data on iPhones. GPS stated in the letter that the GrayKey device "is used only by our technological crimes detectives" but that the agency has no internal policy or procedural documents and that no usage guidelines have been issued.
According to an article by Motherboard (Vice) the magazine has observed both the Android and iOS versions of the Muslim Pro app sending granular location data to the X-Mode endpoint multiple times.
X-Mode is a company that obtains location data directly from apps, then sells that data to contractors, and by extension, the military. Motherboard has used public records, interviews with developers, and technical analysis to discover the connection that the military uses data from X-Mode.
Google on Thursday was sued for allegedly stealing Android users' cellular data allowances though unapproved, undisclosed transmissions to the web giant's servers.
The complaint contends that Google is using Android users' limited cellular data allowances without permission to transmit information about those individuals that's unrelated to their use of Google services.
The European Union wants to introduce restrictions on the sale abroad of technologies used for espionage and surveillance. This is reported by "Politico" with reference to informed persons. In the future, facial recognition systems and hacking programs will require a license to be sold outside of the Union. Governments would also have to publish details of the exact nature of the licenses granted to individual companies.
The European Court of Justice (ECJ) has decided that a comprehensive and flat-rate storage of Internet and telephone connection data is not permissible. Exceptions are only possible when it is a matter of combating serious crime or the specific case of a threat to national security, the ECJ announced in a ruling on Tuesday.