The Data Drop News for December 10, 2021
UK urged to review lobbying rules after former privacy chief joins law firm. Irish Regulator Submits Draft Decision on Instagram’s Use of Children’s Data. NIST Publishes Draft Security Criteria for Consumer Software. ‘Family Safety’ App Selling Precise Location Data of Millions of Users. Thousands of AT&T Subscribers Infected With Data-Pilfering Malware, Researchers Say. UK Supreme Court Landmark Decision Limits Data Privacy Class Actions in the UK. Apple sues NSO Group to curb the abuse of state-sponsored spyware. Workers Are Using ‘Mouse Movers’ So They Can Use the Bathroom in Peace. Plus, the latest in privacy-enhancing technology.
UK urged to review lobbying rules after former privacy chief joins law firm
Campaigners in the UK are urging the U.K. government to review rules governing what regulators can do when they leave office. The calls come as global law firm Baker McKenzie announced it had hired former U.K. Information Commissioner Elizabeth Denham just days after she left her role as the U.K.’s information commissioner, where she led the agency in charge of enforcing privacy rules against public bodies and private companies, including Facebook.
Irish Regulator Submits Draft Decision on Instagram’s Use of Children’s Data
The Irish data regulator has submitted a draft decision about Instagram’s user registration process to other EU data protection authorities, bringing the total number of Irish decisions regarding Meta companies (formerly Facebook) to three.
NIST Publishes Draft Security Criteria for Consumer Software
Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology for software security. NIST has now published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling”. The White Paper defines the security-related information that would have to be disclosed on the label and the specific security practices a software provider would have to follow.
‘Family Safety’ App Selling Precise Location Data of Millions of Users
According to a recent investigation by The Markup, Life360, a mobile app that bills itself as a family safety solution, is selling information about the whereabouts of millions of its users with “few safeguards to prevent the misuse of this sensitive information.
Thousands of AT&T Subscribers Infected With Data-Pilfering Malware, Researchers Say
Vulnerabilities in networking devices have allowed a new malware to infect thousands of AT&T customers in the U.S., according to new report from a Chinese cybersecurity company. The malware basically functions as a backdoor, one that could allow an attacker to penetrate networks, steal data, and perform other unsavory activity.
UK Supreme Court Landmark Decision Limits Data Privacy Class Actions in the UK
The UK Supreme Court has handed down its much-anticipated decision in the Lloyd v Google case, restricting claimants’ ability to bring data privacy class actions in the UK under the Data Protection Act. This decision will not directly impact litigation brought under the GDPR in EU member states.
Apple sues NSO Group to curb the abuse of state-sponsored spyware
Apple has filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware.. Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.
Workers Are Using ‘Mouse Movers’ So They Can Use the Bathroom in Peace
A wide variety of workers including teachers, lawyers, accountants, and students have started using "mouse mover" apps to keep their screens from falling asleep. This is being done in order to counteract overly-restrictive workplace policies related to keyboard and mouse activity. Such policies are generally enforced by "Bossware" technology which refers to the tracking technology used by some companies to ensure that their employees are active every moment they’re on the clock, even when working remotely.
PET News
The latest in privacy-enhancing technology
Identity verification startup Incode raises $220M
San Francisco-based Incode Technologies has raised a $220 million Series B funding round, giving the company a $1.25 billion valuation less than seven months after its $25 million Series A round. Incode initially launched an app that automatically recognized and shared photos with everyone in them.
iOS 15.2 lets you scan for Find My devices that may be tracking you
Apple’s new iOS 15.2 beta gives iPhone and iPad users the option to scan for nearby AirTags and Find My devices that may be tracking their movements. The beta adds a new “Items That Can Track Me” button to the Find My app. Tapping it will display a list of “Unknown Items” — if there are any nearby. The app then provide users with instructions on how to disable anything that shows up.
You.com search challenges Google with a new look and private mode
New search engine You.com has launched. It's the brainchild of former Salesforce chief scientist Richard Socher who claims his new search engine is built on trust, kindness, and facts. According to Socher: “We want to work on having more click trust and less clickbait on the internet"
IoT anomaly detection startup Shield-IoT lands $7.4M
Shield-IoT, a provider of AI-driven security and monitoring technologies for large-scale IoT networks, has announced that it has raised a $7.4 million Series A funding. Cisco has forecast that the number of IoT devices worldwide will reach 14.7 billion by 2023, up from 6.1 billion in 2018.
Piiano Raises USD 9M Seed Round
Piiano, a pioneer in data privacy engineering for the cloud, has announced that it has raised a $9M seed round. Founded by security experts Gil Dabah and Ariel Shiftan, the company claims it will deliver the industry’s first personal data protection and management platform that transforms how enterprises build privacy-forward architecture and operationalize privacy practices.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships or the Node Zero community, please visit datacollaboration.org.