Facebook's Onavo Protect VPN Offers Less Privacy Protection Than Other Apps | WIRED
Onavo, on the other hand, expressly combs through, analyzes, and tracks user data over time, feeding it directly to Facebook. The service also states that it may retain users' data for as long as they have an account and beyond. And Facebook does leverage that data for its own purposes; the Wall Street Journal reported in August that the company used data from Onavo to track the popularity of competitive startups and other user preferences, and to inform acquisition decisions.
facebook  security  dataprotection  technology 
4 hours ago
Skype can't fix a nasty security bug without a massive code rewrite | ZDNet
A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer.

The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.

But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work.
security  Skype  dataprotection  example 
4 hours ago
#Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc • The Register
According to documents provided by Equifax to the US Senate Banking Committee, and revealed this month by Senator Elizabeth Warren (D-MA), the attackers also grabbed taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.
security  databreach  equifax  US  example 
4 hours ago
Mountain of sensitive FedEx customer data exposed, possibly for years | Ars Technica
In all, Kromtech Security Center said, researchers found 119,000 scanned documents stored in a publicly available Amazon S3 bucket. The photo ID scans were accompanied by completed US Postal Service forms that included names, home addresses, and phone numbers of people who requested to have mail delivered by an authorized agent.

"Citizens from all over the world left their scanned IDs—Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia—to name a few,"
databreach  example  fedex  dataprotection  research 
5 hours ago
US Law Enforcement Use of Face Recognition Systems Threatens Civil Liberties, Disproportionately Affects People of Color: EFF Report | Electronic Frontier Foundation
Researchers at the Georgetown Law School estimated that one in every two American adults—117 million people—are already in law enforcement face recognition systems.

This kind of surveillance will have a chilling effect on Americans’ willingness to exercise their rights to speak out and be politically engaged, the report says. Law enforcement has already used face recognition at political protests, and may soon use face recognition with body-worn cameras, to identify people in the dark, and to project what someone might look like from a police sketch or even a small sample of DNA.
surveillance  US  facerecognition  dataprotection  privacy  technology  research  eff 
5 hours ago
Facebook ordered to stop collecting user data by Belgian court | Technology | The Guardian
Facebook has been ordered by a Belgian court to stop collecting data on users or face daily fines of €250,000 a day, or up to €100m.

The court ruled on Friday that Facebook had broken privacy laws by tracking people on third-party sites in the latest salvo in a long-running battle between the Belgian commission for the protection of privacy (CPP) and the social network.
belgium  data  facebook  dataprotection  cookies  tracking  example  regulation 
5 hours ago
The Car of the Future Will Sell Your Data
"A Government Accountability Office report published in July found none of the 13 carmakers in the study that collected data from connected vehicles had easy-to-read privacy notices and most don’t explain data sharing and use practices."
personaldata  privacy  consent  US 
2 days ago
12,000 Influencers Had Their Data Leaked by Marketing Firm Octoly [UPDATED] - Fashionista
This would be a notifiable breach under GDPR, with just 72 hours to report it, not a few weeks
privacy  dataprotection  GDPR  breach  personaldata 
15 days ago
Europe’s new data protection rules export privacy standards worldwide – POLITICO
When the region’s regulators roll out the changes — known as the General Data Protection Regulation, or GDPR — on May 25, it will represent the biggest overhaul of the world’s privacy rules in more than 20 years.
data  privacy  GDPR  dataprotection  business  standards  policy  EU 
15 days ago
Windows 10 shows users what data it collects and phones in
Tool to view data being sent to Microsoft by Windows 10 coming soon, but no opt-out in sight
consent  GDPR  windows10 
16 days ago
SecureDrop | The open-source whistleblower submission system managed by Freedom of the Press Foundation.
SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.
security  privacy  journalism  tool  opensource  software  technology  whistleblowing 
17 days ago
Lord Holmes: The general public must know their rights and responsibilities when it comes to data | PoliticsHome.com
We have everything we need and more to engage in the most marvellous of public debates [...] We are born human, we have the ethics, we can plot the innovation all rooted in transparency and trust, commerciality and care and an unyielding focus on proportionality and purpose putting data sharing at the heart of a new 21st Century social contract.
GDPR  rights  education  dataprotection  personaldata 
17 days ago
DECODE is an experimental project to develop practical alternatives to how we use the internet today - four European pilots will show the wider social value that comes with individuals being given the power to take control of their personal data and given the means to share their data differently.
innovation  personaldata  dataprotection  EU  experiment  project 
17 days ago
Two-thirds of startups ill-prepared for GDPR
Only 29% of startups polled encrypt the personal data collected, and only 34% said they had a data breach notification plan in place.
#gdpr  research  business  dataprotection 
17 days ago
Trump signs bill renewing NSA's internet surveillance program
The law renews for six years and with minimal changes the National Security Agency (NSA) program, which gathers information from foreigners overseas but incidentally collects an unknown amount of communications belonging to Americans.
privacy  surveillance  NSA  US  legislation  dataprotection 
25 days ago
DuckDuckGo adds tracker blocking to help curb the wider surveillance web | TechCrunch
“Our vision has been to set the standard of trust online,” says CEO and founder Gabe Weinberg, discussing the new products. “[To date] we’ve been really focused on the search engine because it’s really complicated to compete with Google in their core market. But now that we feel we can handle that we are making progress on this broader vision of protecting people across the Internet.
security  privacy  technology  search  DuckDuckGo  cookies  tracking 
25 days ago
Poland's proposed GDPR exemptions spark outrage
The Polish government is considering exempting small- and medium-sized businesses from having to comply with key requirements of the incoming General Data Protection Regulation, causing alarm among privacy advocates, members of the European Parliament and the country's data protection authority.
GDPR  poland  legislation  EU  business 
25 days ago
Audit exposes UN food agency’s poor data-handling by @irinnews
A key World Food Programme web-based computer system is unreliable and the agency doesn’t protect sensitive personal data
personaldata  ngo  data  technology  example  charities 
4 weeks ago
Welcome to the neighbourhood. Have you read the terms of service?
"The whole point of a smart city is that everything that can be collected will be collected"
personaldata  privacy  consent 
5 weeks ago
Electronic mail marketing guide | ICO #PECR
You must not send marketing emails or texts to individuals without specific consent. There is a limited exception for your own previous customers, often called the ‘soft opt-in’.

You can send marketing emails or texts to companies. However, it is good practice to keep a ‘do not email or text’ list of any companies that object.
marketing  guide  email  pecr  dataprotection  consent 
5 weeks ago
Firms behind 44 million spam emails, 15 million nuisance calls and one million spam texts fined by the Information Commissioner’s Office | ICO
- Barrington Claims Limited, previously based in Llanelli but now registered in Port Talbot, fined £250,000 for over 15 million automated calls,
- London-based Newday Limited fined £230,000 for over 44 million spam emails,
- Goody Market UK Limited, in Liverpool, fined £40,000 for 111,367 spam texts and
- Macclesfield-based TFLI Limited fined £80,000 for over 1.19 million spam texts.
example  ICO  spam  fine 
5 weeks ago
Chrome will block the most annoying ads starting February 15th
Say good bye to auto-playing music, but not to ads tracking you across the web.
advertising  marketing  browsers  Chrome  Google 
9 weeks ago
Facebook steps up facial recognition use
"The new facial recognition feature will not apply to users in the European Union or Canada, where privacy regulators have prevented the use of such technology."
image_recognition  facebook  privacy 
9 weeks ago
The General Data Protection Regulation - how you can prepare for #GDPR
Advice from law firm @pinsentmasons, with updates on if/how #Brexit will impact the regulations.
GDPR  dataprotection  guide  brexit  UK 
9 weeks ago
How the Supreme Court could keep police from using your cellphone to spy on you - The Washington Post
Revisiting the 'third-party doctrine' in the US, which holds that information you share with a third party is no longer private.
privacy  US  personaldata 
9 weeks ago
Re-permissioning: Helping you prepare for the GDPR - by Cheetah Mail
A useful paper on how to approach re-gaining and reviewing consent for email marketing before #GDPR begins in May.
consent  marketing  GDPR  research 
10 weeks ago
The Anonymisation Problem - Computerphile - YouTube
Nice summary of the pitfalls in anonymising personal data
privacy  security  dataprotection 
10 weeks ago
Consent Receipt Specification - Consent & Information Sharing - Kantara Initiative
A consent receipt is a record of a consent provided to an individual at the point in a person agrees to the sharing of personal information.  Its purpose is to capture the privacy policy and its purpose for sharing personal information so it can be easily used by people to communicate and manage consent and sharing of personal information once it is provided. 
consent  privacy  dataprotection  technology  standards 
10 weeks ago
About Us – @OpenConsent
Our Vision: is to  develop transparency over privacy and personal data control.  Currently, we enable organisations to provide usable transparency over privacy and information sharing practices.
consent  openconsent  transparency  privacy  dataprotection 
10 weeks ago
ICO fines Flybe, Honda for breaking data rules. They were, um, trying to comply with GDPR • The Register
[Article from March 2017] An investigation by the commissioner's office found that Exeter-based airline Flybe had "deliberately sent more than 3.3 million emails to people who had told them they didn't want to receive marketing emails from the firm".

Those emails ironically were asking customers to update their marketing preferences, including whether they wanted to receive emails like the ones Flybe had just sent, and offered customers the chance to be "entered into a prize draw" for contributing.
example  ICO  gdpr  email  consent  dataprotection  marketing 
11 weeks ago
EU Privacy Regulators Gang Up on Uber Over Its Data Breach | Fortune by @superglaze
On Wednesday, the [EU] regulators decided to form a task force to deal with the Uber breach, in which the company covered up the fact that hackers had stolen the details of 57 million users around the world.
uber  databreach  EU  regulation  law  example  dataprotection 
11 weeks ago
Data Protection Bill: “Framework for data processing by Government” | @medConfidential
The first statutory “Framework for data processing” (in Government), snuck into the Data Protection Bill (clauses 175-178, page 99), legalises government using any data for anything it wishes (such Home Office typos or punitive DWP processing). None of the other rules apply besides what Ministers write into the framework, and they can change it at whim.
dataprotection  legislation  UK  government  privacy  GDPR 
11 weeks ago
Learning with Privacy at Scale - Apple
Capturing usage data from devices with consent, and without violating user privacy
privacy  dataprotection  research 
11 weeks ago
Germany Preparing Law for Backdoors in Any Type of Modern Device
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
security  Germany  lawenforcement  government  policy  surveillance  technology 
11 weeks ago
Millions caught in virtual keyboard app data breach
Android replacement keyboard app leaks data on 31 million users
breach  personaldata  security  privacy  android 
11 weeks ago
Cybersecurity Campaign Playbook | Belfer Center for Science and International Affairs
Advice to political campaigns for working securely, protecting data and managing breaches
politics  privacy  guide  dataprotection  security 
11 weeks ago
Guide to the General Data Protection Regulation (#GDPR) | ICO
The guide explains the provisions of the GDPR to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection.
ICO  guide  GDPR  dataprotection  legislation 
11 weeks ago
How the GDPR affects cookie policies – IT Governance Blog
Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organisation that uses them to track users’ browsing activity.
GDPR  consent  cookies 
12 weeks ago
Ads.txt – Authorized Digital Sellers – IAB Tech Lab
The mission of the ads.txt project is simple: Increase transparency in the programmatic advertising ecosystem. Ads.txt stands for Authorized Digital Sellers and is a simple, flexible and secure method that publishers and distributors can use to publicly declare the companies they authorize to sell their digital inventory.
advertising  cookies  transparency  dataprotection 
12 weeks ago
Concept | noyb.eu
noyb will use best practices from consumer rights groups, privacy activists, hackers, and legal tech initiatives and merge them into a stable European enforcement platform. Together with the many new enforcement possibilities under the new EU data protection regulation (GDPR), noyb will be able to bring privacy cases in a much more effective way than before.
privacy  GDPR  nonprofit  digitalrights  personaldata 
12 weeks ago
What every Browser knows about you
This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission.
Most of the data points are educated guesses and not considered to be accurate.
privacy  security  browsers  personaldata  data  demo 
12 weeks ago
« earlier      

Copy this bookmark: