The Data Drop News for Friday, March 25, 2022
Updated: Mar 11
Facebook's parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. California Begins Slow Launch of Nation’s First Online Privacy Protection Agency. TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say. UK plans to abolish DPOs – and much more!
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Facebook's parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches
Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches.
The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed by Facebook to the Irish regulator in 2018. The DPC, which is Meta/Facebook’s lead privacy regulator in the European Union, opened this security-related inquiry in late 2018 after it received no less than 12 data breach notifications from the tech giant in the six-month period between June 7, 2018 and December 4, 2018.
Ireland Watchdog Sued for Years of 'Inaction' Over Complaints Regarding Google's Largest Data Breach Ever
The Data Protection Commission of Ireland, working as the government's watchdog, is now being sued for alleged years of inaction over complaints regarding "largest data breach ever."
Per the lawsuit, the watchdog was evasive in responding to security complaints filed against Google when the European Union's General Data Protection Regulation, or GDPR, was passed. The litigation came from the Irish Council for Civil Liberties, or ICCL, with John Ryan, its senior fellow, acting as the plaintiff in the case.
California Begins Slow Launch of Nation’s First Online Privacy Protection Agency
California has begun building the California Privacy Protection Agency, the first government body in the United States with the sole job of regulating how Google, Facebook, Amazon and other companies collect and use data from millions of people, reports the New York Times.
The agency will be a more than 30-person group with a $10 million annual budget to help enforce the state’s privacy law, which is among the most stringent in the country. It will be headed by Ashkan Soltani, a privacy expert who once served as the Federal Trade Commission’s top technologist.
Google Analytics To Stop Logging IP Addresses And Sunset Old Versions In Privacy Standards Overhaul
Major changes are coming to Google Analytics as the company navigates higher consumer privacy standards and increasingly complex international privacy laws.
For one, Universal Analytics, the web-based legacy analytics product, is on the way out, and will be shuttered entirely by July 2023, the company announced. All analytics customers will transition to Google Analytics 4 (GA4), which accommodates both web and app data collection and comes with built-in privacy features, not to mention a bevy of integrations across the Google portfolio, with metrics and features tied to YouTube, Search and the Google Cloud Platform.
TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say
TikTok can circumvent security protections on Apple and Google app stores and uses device tracking that gives TikTok’s Beijing-based parent company ByteDance full access to user data, according to the summaries of two major studies obtained by TheWrap that appear to confirm longstanding concerns raised by privacy experts about the popular video-sharing app.
The studies, conducted by “white hat” cybersecurity experts that hack for the public good, were completed in November 2020 and January 2021. TheWrap verified the studies and confirmed their conclusions with five independent experts. When asked by TheWrap, reps for TikTok — whose parent company ByteDance has had ties to the Chinese government — declined to confirm or deny the validity of the research.
UK plans to abolish DPOs – and much more
The UK government is well on its way to reform the UK data protection landscape. Its 150-page consultation that closed in November 2021 proposes ideas that would reduce burdens on business, but at the same time dilute the accountability principle.
The government’s aim, to reduce barriers to innovation, has been welcomed by many businesses but other stakeholders also recognise how the proposed regime would reduce the protection afforded to individuals. Some of the proposals are cosmetic, but others, if adopted, would change the UK data protection legislation in a more radical way. For example, the suggestions on replacing Data Protection Impact Assessment (DPIA), and the central record of processing, with more general requirements to identify and minimise data protection risks would take the UK a step away from the GDPR and its European counterparts.
A US surveillance program tracks nearly 200,000 immigrants. What happens to their data?
The Biden administration is proposing to expand a controversial surveillance program that tracks the whereabouts of more than 180,000 immigrants awaiting their day in court. But there is little transparency about what data is collected by the private company with an exclusive contract to run the program, or what may happen to that data in the future.
Health chiefs scrap controversial plan which would have seen a SINGLE glass of wine in pregnancy noted on a baby's medical file
Health chiefs in the UK have backtracked on controversial plans to record even a single glass of wine drank by mothers during pregnancy on their baby's medical certificate.
National Institute for Health and Care Excellence (NICE) bosses wanted to record all alcohol intake of mothers-to-be. It claimed the move would help to identify children at risk of foetal alcohol spectrum disorder (FASD) — an array of mental and physical birth defects, such as organ issues and learning difficulties, caused by expectant mothers drinking.
Your personal data is exposed to hackers — alarming report reveals mobile apps are not protecting your info
A new Check Point Research investigation reveals that mobile applications for leaving their users' personal data unprotected and accessible to hackers. The most unnerving aspect of the investigation is that malicious actors only need one thing to pull off a data breach: a browser. During a three-month research study, CPR investigators discovered that a whopping 2,113 mobile apps left their databases exposed and unprotected in the cloud. These apps ranged from 10,000+ downloads to more than 10 million downloads.
Major Study Finds Consumers Becoming Data 'Capitalists,' Willing To Trade Personal Info
Four years of government regulations, media coverage about consumer data self-sovereignty, and a global pandemic have had a material effect on the way most people think about the ownership and right to trade their personal data with business, especially media platforms and marketers. That's the top finding of an extensive study conducted by the Global Data & Marketing Alliance (GDMA) and Interpublic's Acxiom unit in major countries in 2018 and this 2022. the study found a marked increase in the percentage of consumers who now deem themselves "data unconcerned," meaning those who have "little or no concern about their data privacy."
In 2018, only 26% of respondents characterized themselves this way, versus 31% in 2022. Conversely, the percentage of consumers who consider themselves "data fundamentalists" -- meaning that they are unwilling to share their personal information -- declined two percentage points to 21%. Data pragmatists -- consumers who say they are "happy" to share their data with businesses so long as there is a clear benefit -- also declined by four percentage points to 47%.
Report: Census Bureau should set timeframes for protecting respondents’ data privacy
The US Census Bureau hasn’t provided deadlines or details for data products demonstrating its new method for protecting the privacy of 2020 census respondents, according to a Government Accountability Office report.
The bureau already employed differential privacy to mitigate the risk of census respondents being re-identified when it released redistricting data, used to redraw legislative boundaries every decade, in August. But GAO found there’s no way of knowing if that’s currently “realistic and achievable” with forthcoming data products.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships or the Node Zero community, please visit datacollaboration.org.