Biden bans investment in Chinese surveillance tech. Cybercrimes take advantage of rapid digital transformation. Ransomware attacks up the ante on data privacy compliance. Colorado data privacy bill passes state Senate. The more states decide data privacy laws, the more corporations win out. New York City enacts Tenant Data Privacy Act. Plus, this week's Drop Shots!
Pro tip: get The Data Drop on your phone by subscribing to our podcast.
Biden bans investment in Chinese surveillance tech
President Biden has issued a new executive order that bars Americans from investing in Chinese firms that have been linked to the country’s military or are engaged in selling surveillance technology used to repress political dissenters or religious minorities in China.
The order lists 59 firms and intensifies the on-going commercial and ideological battle between Beijing and Washington, one that Mr. Biden has termed the struggle between “autocracy and democracy.”
Cybercrimes take advantage of rapid digital transformation
Over the past year, COVID-19 and social distancing restrictions have forced companies to explore more rapid transformations to digital services. Now, it appears that cybercrime rates have kept pace right along with them.
From January 2020 through December 2020, malware detections rose by 565% and spyware app detections grew by 1,055%. That's according to the 2020 Malwarebytes "State of Malware" report.
Ransomware attacks and other malicious software are taking advantage of the shift to remote work which too often results in hasty changes that leave valuable data exposed.
For example, many recent attacks have come from malware sites posing as video conferencing domains, while others exploit unencrypted or poorly protected data that was created as part of hasty efforts to move systems online.
Ransomware attacks up the ante on data privacy compliance
The recent uptick in major US cyberattacks, including ransomware attacks on the Colonial Pipeline, healthcare providers, and Walmart, has prompted the Biden Administration to issue a new Executive Order aimed at protecting the nation's cybersecurity networks.
The order requires IT service providers who have contracts with the federal government to share information about cyber-incidents. It also seeks to move the federal government towards safer computer networks, secure cloud services, encryption and multifactor authentication within the next 6 six months.
Experts warn that businesses in the private sector must move to meet or exceed the new measures being taken by the federal government.
Colorado data privacy bill passes state Senate
Will Colorado become the third US state to enact a new data privacy law?
The Colorado State Senate unanimously passed a new consumer data privacy bill which would grant GDPR-like protections to its residents if signed into law by Governor Jared Polis.
Even then, the law wouldn’t take effect until July 2023.
The more states decide data privacy laws, the more corporations win out
Colorado is just one of 26 US states currently considering data privacy laws. 14 of those states - including Colorado - are basing their consumer privacy laws on the more business-friendly framework adopted by Virginia rather than the stricter set of rules used by California.
Key differences between the two laws include whether or not an individual can sue a company over the misuse of data and what exceptions are made for certain companies.
Ashkan Soltani, the former chief technologist for the Federal Trade Commission and a co-author of the California Consumer Protection Act said, "Industry gets 50 attempts to get what they want. And they have the resources and knowledge and access to try to promote weaker bills in each of these states. The ultimate aim is to try to weaken a national standard."
Of course, a federal bill in the United States would override any state-level protections, but Congressional inaction is what opened the door for states to set their own parameters around data privacy in the first place.
WhatsApp tricking users for consent?
In India, an ongoing court case against WhatsApp alleges that the Facebook-owned company is tricking users into consenting to its controversial new privacy policy.
The new terms include key changes for user privacy, such as giving Facebook access to data collected on WhatsApp.
WhatsApp has refused to alter the new policy, but they are allowing users to continue using the app without agreeing to the new terms. However, this comes with reminders from the company to accept the new policy, and it's these reminders that are the latest source of contention.
An affidavit filed in the case states that millions of WhatsApp's users who have not yet agreed to the new privacy terms are being bombarded with notifications on a daily basis, and that these repeated notifications are intended to coerce the user into agreeing to the policy regardless of whether or not they want to do so.
UK attempting to collect mass public health records
The UK government wants to extract the general practice history of every patient in England by the first of July.
While the National Health Service says this will improve the collection of patient information and allow for better planning of healthcare services it also raises concerns that some portion of these sensitive medical details could be sold to third parties.
This data in question covers the most private details of a person’s life including mental health episodes, smoking and drinking habits, diagnoses of diseases, and other intimate information than can easily be weaponized by unscrupulous companies or bad actors.
New York City enacts Tenant Data Privacy Act
New York City has passed new data privacy legislation that specifically targets owners of multi-family dwellings.
The Tenant Data Privacy Act addresses perceived privacy issues surrounding the use of smart access systems in multi-unit housing such as key cards and phone-based entry systems.
The legislation requires landlords provide tenants with a privacy notice, obtain consent for data collection, and set strict timelines around retention of "doorway data", among other protections.
The law goes into effect in soon but it grants landlords an 18-month grace period for existing units to come into compliance with the new requirements
This week's Drop Shots
Your quickfire news items from the world of data privacy
Philippines consider stiff data privacy fines
The Philippines are considering increasing the punishments for data privacy violations, with increased fines and up to 7 years imprisonment per violation.
The call for data privacy as a human right
It's been 10 years since the UN declared internet access to be a human right. So why not make data privacy a human right as well? Marketing expert Philip Kushmaro recently made just this argument in Forbes.com.
Data privacy awareness on the rise
Awareness of personal data privacy is growing. That's according to a new survey by the personal data management company Invisibly which indicates that less than a third of consumers are unaware that companies routinely profit off of their data.
New GDPR investigations underscore need for revised US/EU agreement
European investigations into whether Amazon and Microsoft’s cloud-based services infringe EU privacy rules have once again shone a spotlight on how—and when—the United States and the European Union intend to come up with a new Privacy Shield policy.
The Data Drop News is a production of the Data Collaboration Alliance, a nonprofit working to advance data ownership through pilot projects in sustainability, healthcare, education, and social inclusion. We also offer free training in the Data Collaboration methodology. Listen to the Data Drop on our website or wherever you listen to your favorite podcasts.