Weekly Newsletter: 12 April – 16 April 2021
GDPR EU Representative

April 19, 2021

New Warning For WhatsApp Users Over Account Suspension ‘Hack’ 

[#WhatsApp #Cybersecurity #TwoFactorAuthentification]

“A nasty new surprise for WhatsApp’s 2 billion users today, with the discovery of an alarming security risk. Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works. […]

Put simply, you must not send ANYONE a six-digit code sent to your phone EVER. It’s almost certainly a scam that will lead to one of your accounts being taken over. WhatsApp seems to be hit more than others by this issue, and should really mandate two-factor authentication (2FA) or develop a trusted device architecture, similar to Google and Apple.

Ironically, even WhatsApp’s two-factor authentication does not prevent the attack behind this latest warning. And that’s a real issue for any user who falls foul of this, because, even if they’ve followed all the security advice, it won’t help.”

To read more: Click here.

How MPC can solve blockchain’s data privacy conundrum 

[#Blockchain #Confidentiality #BigTech]

“Blockchain improves data protection but not confidentiality. Here’s why multi-party computation can be a solution. […]

While blockchain technology has facilitated great strides toward data protection, it, too, has its downfalls. Blockchain technology does not solve for confidentiality and privacy, which greatly hampers its potential as a disruptive platform that facilitates value transfer and, at a time when more and more people seek to join the industry, it is imperative that leaders seek an alternative solution that ensures confidentiality and privacy for all consumers. […]

Blockchain certainly increases the ability of users to decide who can see their personal information but it doesn’t stop that data from being exposed on an immutable ledger. […]

We urgently need to tackle this problem by utilizing a neutral platform or infrastructure that ensures the empowerment of each individual consumer, as the oncoming great differentiator for tech companies will no doubt be how the company handles consumer data.”

To read more: Click here

 

‘This was not a breach’: How Big Tech gaslights the world on data leaks

[#BigTech #Facebook #Linkedin #Clubhouse #DataBreaches]

“First Facebook. Then LinkedIn. Now Clubhouse. […] But if you think any of the above is a problem, Big Tech has a message for you:

You’re the crazy one.

[…] Facebook, LinkedIn and Clubhouse are by no means alone in trying to absolve themselves of blame. Read on to find out what to say if your company has leaked information online.

Say it’s public data […]
Don’t tell the regulator (and definitely don’t tell users) […]
Blame the intern (or a rogue employee) [🥺 ] […] 
From the EU’s own playbook — Call the leak misinformation […]
If it is a hack, call it “sophisticated” […]”

To read more: Click here

European Data Protection Board – 48th Plenary Session 

[#EDPB #Adequacydecision #DataTransfers]

“Opinions on draft UK adequacy decisions […] The EDPB notes that there are key areas of strong alignment between the EU and the UK data protection frameworks on certain core provisions such as: grounds for lawful and fair processing for legitimate purposes; purpose limitation; data quality and proportionality; data retention, security and confidentiality; transparency; special categories of data; and on automated decision making and profiling. […]

The EDPB underlines that several items should be further assessed and/or closely monitored by the European Commission in its decision based on the GDPR, such as:

– Immigration Exemption and its consequences on restrictions on data subject rights;
– The application of restrictions to onward transfers of EEA personal data transferred to the UK, on the basis of, for instance, future adequacy decisions adopted by the UK, international agreements concluded between the UK and third countries, or derogations.”

To read more: Click here

 

EU to propose GDPR-like fines for AI abuses

[#ArtificialIntelligence #TrackingSystem #GDPRFines]

“The European Union (EU) is set to propose a set of enforceable rules that will restrict the use of artificial intelligence (AI) systems against the threat of hefty GDPR-like fines for flagrant violations. Under the proposals drafted by the European Commission (EC), organisations operating in the EU will not be allowed to use AI for mass surveillance or for ranking social behaviour, according to Bloomberg. Systems deployed to manipulate human behaviour, exploit information about individuals or groups would also be banned in the EU. […]

Under the rules, authorisation would be required to use biometric identification systems in the public domain, while high-risk AI applications would need to undergo a thorough inspection before they’re deployed. […]

Member states, in these cases, would need to appoint assessment bodies to examine whether these systems are trained on unbiased data sets and have sufficient human oversight. […]”

To read more: Click here.

Court tells Uber to reinstate five UK drivers sacked by automated process

[#Uber #Profiling #ArtificalIntelligence]

“Ruling in Amsterdam overturns company’s decision to exclude operators for alleged sharing of account details. […]

In a judgment published on Wednesday, the district court of Amsterdam – where Uber’s European headquarters is located – said the ride-hailing app should reinstate the five British drivers, and one Dutch driver, because the decisions had been “based solely on automated processing, including profiling”. The judgment was made by default, as Uber did not attend the hearing; the company said it had been unaware of the legal action until last week. […]

Another driver, who did not wish to be named, told the Guardian he had been dismissed last year after the app found people had tried to log on to the app using his account from two different parts of London at the same time. He also lost his private hire licence after having worked for Uber for seven years, and has not worked since.

“I was very confused. I didn’t share my details. They didn’t say anything [about how they had come to conclusion he had shared his Uber sign-on]. They just close your account.””

To read more: Click here.

Facebook Just Gave 2.8 Billion Users A Reason To Quit Their Accounts

[#Facebook #Privacy #DataTracking]

“The revelations come from two very different sources: a university student and a prominent UK newspaper, but both are likely to significantly undermine trust in the social network.

[…] “So I decided to download my Facebook data after learning I was a part of the 533m breach,” he explained. “Clicked on a folder called “your_off_facebook_activity” and was unsurprised to learn that Facebook is following me all over the internet.” […] “But even after all that, you will still be tracked off of Facebook”, he notes. Pointing out that Facebook’s terms and conditions state “We’ll still receive activities from the businesses and organizations you visit… but it will be disconnected from your account.”

[…] The Guardian makes a similarly explosive discovery, based on internal documentation and the testimony of Facebook data scientist Sophie Zhang. “The investigation shows how Facebook has allowed major abuses of its platform in poor, small and non-western countries in order to prioritize addressing abuses that attract media attention or affect the US and other wealthy countries””

To read more: Click here.