GDPR Services: fines and stories worth reading from January 2018
Since our launch in the GDPR Services niche, we’re closely monitoring the public news sector. We gathered in this collection a few newsworthy cases and funny happenings. While there is no doubt that some GDPR material is genuinely newsworthy, we also want to see whether real-life repercussions of GDPR can distort news values. To test this, we look more closely at the perceived news value of GDPR generated news. We seek to establish whether the presence of GDPR generated news is now a factor in the generation of news and whether this over-rides more traditional notions of news value.
Disclaimer: The European General Data Protection Regulation (GDPR) is the most important change in global data privacy regulation from the last 20 years. The regulation, since it appeared, fundamentally reshaped the way in which personal data is handled across every sector, from tech giants to healthcare, banking and beyond. Interesting stories pop-up in a timely namer, and since we’re wested in the GDPR Services sector, we’re reporting them for your consideration. Please note, that these are always public news; they represent their unique method to present its content serving their owners agenda. Take every bit of report as a simple: FOR YOUR INFORMATION.
HELPS YOU TO MEET GDPR REGULATIONS
A compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.
- The largest fine to date
- was announced Monday, 21.01.2019, by the French data protection authority: 50 million euros to be paid by Google. The fine is for failing to adequately disclose to users how it collects data about them across all of its services, including its search engine, Google Maps and YouTube. It’s the fourth such fine to be levied, and Facebook remains under investigation in multiple EU jurisdictions, with more fines likely to follow. Google says it will fight back. Google confirms it will appeal its recent $57 million fine for breaching Europe’s strict new privacy rules
- GoDaddy injected user tracking JavaScript without consent
- GoDaddy has injected JavaScript right into customer websites for the purposes of tracking; which may slow down websites or damage them entirely. THEY DID IT WITH IMPLIED CONSENT. Read more about Shocking news: GoDaddy injected user tracking JavaScript without consent.
- FBI…yes, the USA’s Federal Bureau of Investigation
- Millions of files and 3 TB of data were leaked from a database of FBI investigations and bank transactions of the Oklahoma Securities Commission. They were on an unprotected cloud Rsync server, found by Chris Vickery. The data has more than 17 years of archival information, including SSNs and emails. Read more about: US government data leak exposes years of investigations.
- nightmare for German politicians
- Personal data from hundreds of German politicians including email correspondence, phone numbers and payment cards has been leaked via a tweet this week. While some of the data is genuine, the cache contains numerous fakes too. Read more about German politicians’ personal data leaked online.
- MongoDB exposed millions of job-seekers’ resumes
- Nearly a terabyte of a MongoDB database was left open online. It contained 200M resumes of job seekers, along with personal data and driver’s licenses. The data appears to have been scraped from various job-seeker websites. Read more about No more privacy: 202 Million private resumes exposed.
- legal costly auch
- Neiman Marcus will pay out a $1.5M settlement over a data breach that hit its stores across more than 40 states in 2013. About 370,000 payment cards were compromised. Read more about Neiman Marcus to pay $1.5M settlement over 2013 data breach.
- LGPD will enter into force in Brazil
- On 15 August 2020, the Lei Geral de Proteção de Dados Pessoais (LGPD), or the General Law on the Protection of Personal Data, will enter into force in Brazil. This law has been hailed by many as the first GDPR-like law in Latin-America, helping Brazil to ensure a high level of data protection. Organizations will have had 18 months to prepare for this new piece of legislation.
- DISPELLING COMMON MYTHS ABOUT THE GDPR AND CONSENT
- The General Data Protection Regulation (GDPR) is a set of rules and requirements regarding user privacy on the web. It gives individuals a lot more control over how their personal data is collected, stored, and used. Cookies do not actually fall under the purview of the GDPR. Instead, cookies are handled by the ePrivacy Directive (or the ‘Cookie Law’). Read more about THE REAL STORY ON COOKIES: DISPELLING COMMON MYTHS ABOUT THE GDPR AND CONSENT
on-demand GDPR COMPLIANCE
A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.
- LinkedIn, Facebook’s BFF
- LinkedIn, which has mostly avoided the scrutiny and controversies of other social platforms, was dinged over a shady advertising practice. Among the many ways that the European Union’s new GDPR rules are expected to impact social media companies, Ireland’s Data Protection Commissioner found that LinkedIn had used the email addresses of 18 million non-LinkedIn users to target ads on Facebook. Read more about LinkedIn violated data protection by using 18M email addresses of non-members to buy targeted ads on Facebook
- massive data leak due to an insecured ElasticSearch repository
- A medical records management provider has had a massive data leak due to an insecured ElasticSearch repository. The provider is Ascension Data & Analytics, and researcher Bob Diachenko worked with TechCrunch to determine the provenance of millions of the scanned records that includes patient names, birth dates, SSNs and credit histories. Read more about Document Management Company Left Credit Reports Online.
- another massive data leak due to an insecured ElasticSearch repository
- An unsecured ElasticSearch repository leaked more than 1M online betting details, including user names, postal and IP addresses and betting details. The data appears to originate from a series of online casinos and contains partial payment card numbers used to place the bets. The gaming sites haven’t yet responded to reporters’ queries. Read more about Online casino group leaks information on 108 million bets, including user details.
- another massive data leak due to an insecured ElasticSearch repository
- An unsecured ElasticSearch repository leaked more than 1M online betting details, including user names, postal and IP addresses and betting details. The data appears to originate from a series of online casinos and contains partial payment card numbers used to place the bets. The gaming sites haven’t yet responded to reporters’ queries. Read more about Online casino group leaks information on 108 million bets, including user details.
- yet another massive data leak due to an insecured ElasticSearch repository
- Real-time location data has been leaked online by 27 different Indian government agencies. The transit data — including license plates of buses and route details — was discovered on an Elastic storage repository, and the researcher contacted Indian CERT to have the servers locked down. Read more about Real-time location information leaked by 27 Indian government agencies.
- the funniest tweet about GDPR in 2018 was this
- Remember all those privacy notifications in your email inbox from last year? Thanks to GDPR, this Tweet stood out by far.
- tech giant oopsie
- Amazon accidentally sent a German man 1,700 Alexa voice recordings from a stranger. The man was hoping to download a copy of his Alexa voice history through Amazon’s GDPR compliance, but the online retailer mistakenly sent him the wrong files. Amazon explained the mistake as an “unfortunate case of human error and an isolated incident”. Read more about Alexa user gets access to 1,700 audio files from a stranger.
- Two other tech giant oopsies
- 2 more breaches were announced this January. MongoDB, an Open Source Document Database provider; OXO, a NYC-based manufacturer; and Amazon India had independent events. OXO was compromised during July to November 2018 and only discovered it in December, and the leak involved customer names and payment card data. Amazon revealed data of about 400,000 of its Indian sellers’ tax forms on its merchant portal by mistake. The MongoDB Leak exposed millions of job-seekers’ resumes. Read more about Data Exposed in OXO, Amazon and MongoDB Leaks.
data protection OFFICER
Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.
