More than half of small firms plan on using Privacy Shield – survey Almost half of the organisations surveyed by the International Association of Privacy Professionals say they will use the Privacy Shield data-sharing framework in the next year. Agreed last summer, the deal between the European Union and the US aims to safeguard EU citizens' data when it is transferred to the States. It …
We hear constant stories about how the EU is required to share / provide data about its citizens to the US, because in the US you're obviously guilty until proven innocent. But we never get to hear details when US citizens visit the EU... How does that work these days?
I have a hunch why this is so of course, because last time the EU carefully raised a demand to acquire information about US citizens all of a sudden hell broke lose because that request was obviously an blatant intrusion of privacy.
We transfer EU citizens' data to the United States and we don't rely on Privacy Shield - we rely on AES and a key that never leaves British territory[1]. That's a "Privacy Shield" (unless No Such Agency is further along with quantum computing than we realise).
[1] It's computer generated and encoded on an RFID card which lives in a safe.
It could be something as simple as use of Cloud Computing storage so small companies may well be doing it, possible even unsuspectingly.
The US company (likely Google or Amazon) it lands with might never access the data but as they are hosting it they are processing it (for DP purposes and this is what the Privacy Shield truly boils down to - Principle 8 Overseas Transfers) so you need a protocol such as this.
Whether the Privacy Shield is worth the metaphotrical paper it is written on is a wholly different question (my view is 'is it buggery' for what its worth)
Social media megacorp Meta is the target of a class action suit which claims potentially thousands of medical details of hospital patients were shared with its Facebook brand.
The proposed class action [PDF], filed on Friday, centers on the use of Facebook Pixel, a tool for website marketing and analytics.
An anonymous hospital patient, named John Doe in court papers, is bringing the case — filed in the Northern District of California — alleging Facebook has received patient data from at least 664 hospital systems or medical providers, per the suit.
Opinion "We value your privacy," say the pop-ups. Better believe it. That privacy, or rather taking it away, is worth half a trillion dollars a year to big tech and the rest of the digital advertising industry. That's around a third of a percent of global GDP, give or take wars and plagues.
You might expect such riches to be jealously guarded. Look at what those who "value your privacy" are doing to stop laws protecting it, what happens when a good law gets through, and what they try to do to close it down afterwards.
The best result for big tech is if laws are absent or useless. The latest survey of big tech lobbying in the US reveals a flotilla of nearly 500 salespeople/lawyers touring the US state legislatures, trying to either draw up tech friendly legislation to insert into privacy bills, water then down through persuasion, or just keep them off the books.
BCS, The Chartered Institute for IT, has warned that proposed changes to Britain's data protection rules must not put the flow of data between the EU and the UK at risk.
The professional body said the supposed benefits of a leaner data protection regime – something the government promised last week – should not come at the expense of the UK's current "data adequacy" arrangement with the EU.
The UK remained compliant with the EU's General Data Protection Regulation (GDPR) when it formally left the EU at the end of 2020. Its interpretation of EU law meant that the trading bloc gave the UK an "adequacy" ruling, permitting data sharing across the border.
Legal experts say UK government plans to create new data protection laws will make more work and add costs for business, while also creating the possibility of challenges to data sharing between the EU and UK.
Last week, the Queen's Speech – in which the British government sets out its legislative plans – said the ruling Conservative party planned to replace the EU's General Data Protection Regulation (GDPR) to ease the burden on business with an approach to data protection that encourages innovation while retaining protection of personal data and privacy.
Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal.
DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.
That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck.
Kubecon Veeam acquisition Kasten kicked off this year's Kubecon with an updated version of its K10 product, aimed at securing the Kubernetes container orchestration platform.
Now known as "Kasten by Veeam", the company told the Valencia-based conference that version 5 of the K10 Kubernetes backup and data protection suite includes extra ransomware defenses.
K10 has received a number of updates since Kasten's acquisition by Veeam. Version 4.5 added coverage for platforms including Kafka, Cassandra, and the K3s Kubernetes distribution.
Updated The State of the Net conference in Washington, DC, has heard officials representing the EU and the US say they believe they are close to reaching a data-sharing agreement to replace Privacy Shield.
The earlier legal arrangements to ease the vital sharing data between the two jurisdictions was kiboshed in 2020 when the EU Court of Justice struck down Privacy Shield in what became known as the Schrems II ruling.
Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018*.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
In proposals aimed at IoT and machine data, the European Commission has put forward the Data Act, which promises to force manufacturers to share streams of after-sale data with third-party tech firms.
French data protection authority CNIL has declared that Google Analytics breaches Euro privacy law the General Data Protection Regulation (GDPR) because it transfers European netizens' data to America.
In a statement this morning CNIL said it "considers these transfers to be illegal," blowing a large hole in French usage of one of the world's most ubiquitous traffic-counting suites.
Precise details of exactly what laws Google Analytics breaches were not explained in the statement. We have asked CNIL for more detail and will update this article if it responds.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
