What’s Going On In The World of Privacy – October 2019
This blog article is part of our “What’s Going On In The World of Privacy” series. Every month, we publish roundup of the previous month’s privacy related news to help you stay in the loop.
October was definitely a creepy and scary month - and not just because of Halloween. Surveillance of children in schools, data breaches affecting over 250 million people, and misuse of two-factor authentication all made an appearance in spookiest month of the year.
But don’t worry! There were quite a few treats amongst the tricks as well.
Data Breaches & Leaks
Just like September, October was full of data breach reveals. VPN services, financial institutions, and NGOs all admit to have experienced breaches. Interestingly, however, many of these announcements were about incidents that happened several years ago.
- Three million people were affected by a data breach at the Italian bank UniCredit.
- NordVPN confirmed that it suffered a data breach in 2018, but stated that no usernames or passwords were stolen.
- Financial information of 37 thousand Canadians was compromised in a TransUnion Canada data breach.
- Telecom company Beeline revealed that almost nine million Russians’ addresses, names, and phone numbers were stolen in 2017, but they did not publicly announce it until now.
- An unsecured Ukrainian owned database of 20 million Russian tax records was discovered. It is unclear what entity manages the database or why.
- Hacker “Gnosticplayers” claimed responsibility for stealing data from 218 million players of the mobile game Words With Friends.
- Due to an insider leak, an unknown number of Russian Sberbank’s credit card customers had their data stolen and put up for sale online.
- In New Zealand, an NGO providing essential primary healthcare revealed a data breach that exposed medical data of over one million patients.
- Giant customer support platform Zendesk announced that ten thousand support and chat accounts were compromised in a 2016 data breach.
- Security researchers discovered a non-password protected database of 7.5 million Adobe accounts via an online search.
Privacy Fails & Concerns
Surveillance tools, including facial recognitions systems, were a top privacy concern in October. Strangely, it seems France is leading the way in the development of these tools, despite protests from its own data protection authority.
- France has potential plans to monitor individuals’ social media and purchasing history to identify tax fraud. CNIL, the French data protection authority, has spoken out against it.
- More and more US schools are surveilling their students’ online activities. They claim this helps prevent violence and self-harm.
- Despite CNIL’s protests, France also plans to implement a national facial recognition ID system for government services.
- Twitter stated that it accidentally used the security emails and phone numbers of users for advertising purposes.
Legislation, Investigations & Recommendations
October has proved that privacy legislation is getting stricter, even in countries like the US and China. However, activists were still unhappy with certain governmental decisions, such as the UK, US, and Australian intention to prevent end-to-end encryption on Facebook.
- The Court of Justice of the European Union ruled that pre-ticked cookie consent forms are non-GDPR compliant.
- A US senator proposed jail time and fines for tech executives that violate privacy laws.
- Germany announced a new system of determining GDPR fines.
- China released a new privacy law titled “Measures on Online Protection of Children’s Personal Data”.
- The UK postponed its plans for an age verification system for accessing adult content online.
- Privacy experts criticized US, UK, and Australian governments’ attempts to prevent Facebook from rolling out end-to-end encryption on Instagram and Messenger.
- Brazil plans to create a single citizen database that will contain a variety of personal information about all its citizens. The government has stated that it intends to take into account security and its new data protection legislation.
- The European Data Protection Supervisor expressed concerns about whether or not the terms and conditions between Microsoft and EU institutions are compliant with data protection laws.
- California police will no longer be allowed to use facial recognition software on body cameras.
- Eighteen months later, the Australian information commissioner has still not released its findings on Cambridge Analytica.
- A study focused on how well countries protect the privacy of its citizens concluded that Ireland deserved the number one spot.
Fines & Lawsuits
Data breach related lawsuits topped the headlines in October. There were of course several fines issued as well, but it seems that class action lawsuits are gaining popularity.
- Greece issued two fines of 200 thousand EUR to a telephone service provider for retaining subscribers’ data without consent and continuing to send them advertising.
- UK court of appeals allowed the UK class action privacy lawsuit against Google to go ahead.
- 500 thousand British Airways passengers were given permission to sue the company over a data breach.
- A lawsuit for 100 million GBP has been filed against Equifax in the UK on behalf of the customers affected by the 2017 data breach.
- Australia’s competition watchdog is suing Google for misleading customers about how it collected location data about them.
- Turkey fined Facebook 282 thousand USD for not complying with data protection laws.
Tech & Innovation
Organizations are clearly realizing the importance of privacy. In October, a number of tech companies have released new tools that give users greater control over their privacy. Some seem to doubt how helpful or honest some of these tools are, however.
- A new online tool allows Canadians to discover what personal data political parties have collected about them.
- Instagram improved its privacy settings and now offers greater control to users over third-party app access.
- Google plans to fix an issue with their Pixel 4 phones that allowed people to unlock them using the owners’ sleeping faces.
- Firefox now offers personalized privacy reports that tells users how often it blocked third-party cookies, trackers, and fingerprinting tools.
- Apple improved Siri privacy by letting users delete recordings and opt out of sharing.
- Facebook’s new Portal 2.0 has a privacy switch, but people are not sure how useful it really is.
- Browser Opera decided to join the privacy trend and is now offering stricter privacy controls.
- Google also announced new privacy tools for Maps, YouTube, and Google Assistant. These tools allow you to manage and erase the data that Google collects about you.
In general, October demonstrated that privacy concerns are not going away anytime soon. Governments around the world are starting to realize that data protection and privacy issues are global issues. Companies are actively trying to present themselves as privacy friendly. Moreover, consumers are now starting to fight for compensation for data breaches. Perhaps this is an indication of what 2020 has in store for us.