The Data Drop News for Monday, October 18, 2021
Updated: Oct 29, 2021
Facebook whistleblower urges US lawmakers to take action. GDPR fines top €1 billion in Q3 2021. California Adds Genetic Data to Agency Breach Disclosure Requirement. Mozilla Says Chrome’s Latest Feature Enables Surveillance. Police Are Giving Amazon Ring Cameras to Survivors of Domestic Violence. Microsoft Exchange Server’s Autodiscover Feature Leaked Credentials of Over 100,000 Users To Third-Party Untrusted Domains. New dark web file merges 3.8 billion Clubhouse and Facebook users. Ireland investigates TikTok over child, China data concerns. Plus, the latest in privacy-enhancing tech!
Pro tip: listen to The Data Drop at the gym, in the car, or anywhere and anytime you like by subscribing to our podcast.
Facebook whistleblower urges US lawmakers to take action
Former Facebook product manager Frances Haugen, the whistleblower behind a major leak of internal company documents, urged US lawmakers to provide more oversight over the social media giant.
Haugen said she joined Facebook because she thought the social media giant had the potential to bring out the best in people, but now believes that its products "harm children, stoke division, and weaken our democracy."
Haugen told the Senate subcommittee on consumer protection, product safety, and data security that "Congress can change the rules that Facebook plays by and stop the many harms it is now causing,"
GDPR fines top €1 billion in Q3 2021
In the EU, fines for regulation breaches totalled almost €1 billion in 2021’s third quarter, almost 20 times that of the first and second quarters combined.
The data was compiled by Finbold, a financial news agency, and highlights the enormous fines handed out by Member States – largely during July of 2021 which accounted for €755 million euros.
California Adds Genetic Data to Agency Breach Disclosure Requirement
California Governor Gavin Newsom signed a measure expanding the state’s definition of personal information under agency breach disclosure mandates to include genetic data.
Bill AB 825, which was approved by the California Senate last month and by the state Assembly in May, will expand the definition of personal information to include genetic data.
Also passed unanimously by both Senate and Assembly last month, SB 41 will establish the Genetic Information Privacy Act which will require companies to provide consumers information on the collection of biometric data. More importantly, the new law will provide consumers with the right to revoke consent with certain procedures, and require companies to destroy their biological samples within 30 days of revocation of consent.
Chrome’s Latest Feature Enabling Surveillance
Chrome 94 introduces a controversial idle detection API. Basically, websites can ask Chrome to report when a user with a web page open is idle on their device. It’s not just about your usage of Chrome or a particular website: If you’ve stepped away from your computer and aren’t using any applications, Chrome can tell the website you’re not actively using your computer.
Police Experiment with Amazon Ring Cameras
As these doorbell cameras have become more widespread, law enforcement agencies have experimented with using Ring devices in more targeted ways.
However, civil liberties groups have raised concerns about how Ring cameras and app may lead to racial profiling, excessive surveillance by police, and a loss of privacy—not just for the consumers who purchased the devices and opted into Ring’s privacy policies, but also for every passerby caught on a camera.
Microsoft Exchange Server’s Autodiscover Feature Leaked Credentials of Over 100,000 Users To Third-Party Untrusted Domains
Microsoft Exchange server’s incorrect implementation of the Autodiscover feature leaked at least 100,000 login names and passwords of Windows domains, according to Guardicore’s AVP of Security Research Amit Serper.
New dark web file merges 3.8 billion Clubhouse and Facebook users
A new "combination file" offered on the dark web that makes connections between Clubhouse and Facebook users is a threat to create a spike in specific attack types, namely phishing and account takeover attempts.
Ireland investigates TikTok over child, China data concerns
TikTok is facing two EU data privacy investigations, one into its handling of children’s personal data and another over its data transfers to China.
The Data Protection Commission’s first investigation will look at whether TikTok complies with the General Data Protection Regulation, or GDPR, when it handles children’s data, including the platform’s settings for people under 18 and age verification measures for kids under 13. The second investigation focuses on whether TikTok complies with GDPR when it transfers data to China, where its owner, ByteDance, is based.
TikTok has faced accusations that it’s a security risk because it sends user data to China.
The latest in privacy-enhancing technology
Duality nabs $30M for its privacy-focused data collaboration tools, built using homomorphic encryption
Privacy-enhancing data science platform Duality Technologies announced that it raised $30 million in a series B round, bringing its total raised to $49 million to date.
Duality, a startup founded by groundbreaking cryptographers and data scientists that is building tools to make it easier for companies to share data and collaborate with each other without compromising sensitive information, has raised some funding on the back of some significant early deals, including a contract with the U.S. Department of Defense.
Clumio Extends Data Protection To Amazon S3
Data protection software company Clumio unveiled its largest Amazon Web Services platform to date that provides ransomware protection through logical air-gap solutions.
The new platform, which is slated to launch in December, also provides the lowest Recovery Time Objective for business continuity, simplifies compliance reporting and optimizes Amazon S3 storage costs.
WhatsApp Adds Additional Layer of Security With End-to-End Encryption for Chat Backups
Users will now be able to opt in to creating a 64-bit encryption key for protecting chat backups that can either be stored manually or accessed server-side with a password.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, the Information Ownership Network, or the Data Collaboration University, please visit datacollaboration.org.