The Data Drop News for Friday, February 25, 2022
Irish regulator could halt Facebook, Instagram EU-US data flows in May. ‘Can’t ask people to agree to a data breach’: Belgian regulator rules cookie-consent pop ups are illegal. Data protection becomes a fundamental right in Brazil. Ontario pledges to become first province to protect workers from digital spying by bosses. Over 100 million Samsung smartphones shipped with a fatal security flaw. iOS 15.4 beta 4 adds anti-stalking alerts to AirTag and other Find My accessories. Google, Meta push back against changes to Australian privacy laws. Plus, the latest in privacy-enhancing technology.
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Irish regulator could halt Facebook, Instagram EU-US data flows in May
Data transfers between the EU and United States by Facebook and Instagram could be halted as soon as May, but the move would not immediately hit other big tech companies, according to Ireland's data privacy regulator.
Europe's highest court ruled in 2020 that an EU-U.S. data transfer pact was invalid due to concerns that U.S. government surveillance may not respect the privacy rights of EU citizens.
‘Can’t ask people to agree to a data breach’: Belgian regulator rules cookie-consent pop ups are illegal
The Belgian Data Protection Authority (DPA) has ruled that the Transparency & Consent Framework (TCF) most commonly used in Europe is illegal.
The European association of digital advertisers, IAB Europe, must pay a fine of €250,000 and will have two months to come up with changes to the current system. After that, the advertisers will get another six months to modify websites for compliance.
Data protection becomes a fundamental right in Brazil
The Brazilian Congress has enacted an Amendment to the Constitution that makes personal data protection a fundamental citizen right.
The changes make personal data protection an unchangeable clause, meaning any changes to this theme will have to be aimed at expanding and protecting citizen rights.
While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Under the amendment to article 5 of the country's Constitution, which relates to individual and collective rights, a new section has been added, noting "the right to protection of personal data, including in digital media, is ensured under the terms of the law."
Ontario pledges to become first province to protect workers from digital spying by bosses
In Canada, the Premier of the province of Ontario has pledged legislation that would force businesses to tell their employees if they monitor them online, putting Ontario in position to become the first province in the country to protect workers’ digital privacy. Labour Minister Monte McNaugton said he will propose amendments to the Employment Standards Act that will give employees a legal right to know if their company monitors their electronic devices, including computers, cellphones and GPS systems.
If passed, workplaces with 25 or more employees would be required to have a written policy outlining whether managers monitor employees’ online activity; and if they do, the policy would have to explain how, when, and why the employer collects the information.
Over 100 million Samsung smartphones shipped with a fatal security flaw
In a newly published paper, researchers based at Tel-Aviv University in Israel have detailed how they managed to extract cryptographic keys remotely, the keys to the Samsung secure kingdom, bypass FIDO2 authentication and ultimately access highly sensitive data such as passwords.
Over 100 million phones are potentially affected.
iOS 15.4 beta 4 adds anti-stalking alerts to AirTag and other Find My accessories
Apple has released the fourth beta of iOS 15.4 to developers. As promised by the company, the beta adds anti-stalking alerts to AirTags and other Find My accessories.
This follows reports of multiple privacy concerns mostly related to AirTag, as some people have been using the accessory to stalking and tracking others without consent, Apple has promised to add new security alerts in a future iOS update.
9to5Mac was able to confirm that iOS 15.4 beta 4 introduces such changes.
Google, Meta push back against changes to Australian privacy laws
In its submission to the Australian Attorney-General’s review of national privacy laws, Facebook parent company Meta has opposed consumers’ ‘right to object’ to the collection, use and disclosure of their data, while Google has opposed defining all location data as sensitive data.
The tech giant quoted a 2020 survey by the Office of the Australian Information Commissioner that found that “77 percent of respondents were supportive of having a right to object to certain data practices (for example, selling of personal information) while still being able to access and use the service.”
In its submission, Google also rejected the discussion paper’s suggestion to expand the definition of sensitive data to location data, saying it depended “on how identifiable the individual is and the degree to which the collection of location data would naturally be expected by the individual.”
The latest in privacy-enhancing technology
Secureframe locks in $56M
San Francisco based Secureframe, which offers a security compliance automation platform, has raised a $56 million Series B.
The company was valued at $88 million in March 2021, according to PitchBook data. Secureframe also announced that Salesforce veteran Seema Kumar has joined as Chief Operating Officer and Evan Horibe as the Vice President of Sales. Kumar joins Secureframe from New Relic where she served as Chief Marketing Officer.
Anecdotes, a compliance operating system platform, secures $25M Series A
Anecdotes, a compliance operating system, has announced that it has raised $25 million in a Series A round to develop new applications for its compliance operating system platform, specifically tailored to fast-growing clients’ needs.
The funding news comes on the heels of its 175% increase in post-IPO commercial customers after raising $5 million in seed funding in February 2021. The startup had commercial agreements with Similarweb, Riskified, Fiverr, Unity and more. The startup added 70 integrations with identity providers, security tools, collaboration software, ticketing and cloud infrastructures platforms in 2021 alone.
Trust Stamp Launches Privacy-First Identity Orchestration Platform
Atlanta, Georgia based Trust Stamp has announced the launch of an end-to-end Identity Orchestration Platform which enables organizations to transform security, privacy, and usability data with a range of AI-powered technologies including biometric, document verification, and data-protection.
Data Privacy Startup ID Ward Raises €1.1 Million To Launch Its Decentralised Advertising Technology
ID Ward, a data privacy startup based in London and Barcelona, has closed a €1.1 million funding round to expand its product and marketing teams and drive adoption of its privacy-focused, decentralised advertising technology across Europe and the UK.
The round was led by the specialist MadTech VC BlackSheep Ventures, and includes SyndicateRoom’s Super Angel Fund and notable UK Angel investors.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, free learning, or the Node Zero community, please visit datacollaboration.org.