Tag: Europe

1
Facebook fined £500,000 over Cambridge Analytica scandal
2
Cambridge Analytica closes its doors
3
Excel skills of English Council leads to the exposure of “hidden” personal information
4
Facebook wants you to know that it’s accountable for your privacy
5
Update everything: Discovery of Wi-Fi flaw in connected devices
6
Gartner: Worldwide spending on information security to reach $93 billion in 2018
7
UK companies taking on cybersecurity-related insurance in soaring numbers
8
The EU-US Privacy Shield has been released
9
‘EU-US Privacy Shield’ agreed for trans-Atlantic data flow
10
EU and U.S. Agree in Principle on New Trans-Atlantic Data-Transfer Agreement

Facebook fined £500,000 over Cambridge Analytica scandal

By Cameron Abbott and Sarah Goegan

The UK Information Commissioner’s Office (ICO) has issued a notice of intent to levy a £500,000 fine against Facebook for breaches of the UK’s Data Protection Act 1998. The ICO found that Facebook failed to protect its users’ data and be transparent about how that data was being harvested. This failure, ICO said, did not enable users to understand how and why they may be targeted by a political party or campaign.

The fine comes as part of a larger investigation by ICO into misuse of data in political campaigns, and responds to the highly publicised allegations that Cambridge Analytica used data obtained from Facebook to target voters in the 2016 US presidential election.

Read More

Cambridge Analytica closes its doors

By Cameron Abbott and Sarah Goegan

Cambridge Analytica, the data company embroiled in the Facebook privacy scandal, is closing down. The firm’s parent company, SCL Elections, announced that it and some of its affiliates including Cambridge Analytica had commenced insolvency proceedings in the UK, and would immediately cease all operations.

In a statement, Cambridge Analytica said it had been “vilified” and the subject of “numerous unfounded accusations” about its activities, which it says are legal and widely accepted in online advertising. It blamed negative media coverage of allegations the company improperly used the data of 87 million Facebook users (which you can read about here, here and here) for a mass exodus of clients.

Read More

Excel skills of English Council leads to the exposure of “hidden” personal information

By Cameron Abbott and Keely O’Dowd

The Kensington and Chelsea London Borough Council (Council) was recently fined £120,000 (approximately AUD$217,920) by the UK Information Commissioner’s Office (ICO) for the unauthorised processing of personal data belonging to 943 people who owned vacant properties in the Borough.

Read More

Facebook wants you to know that it’s accountable for your privacy

By Cameron Abbott and Samantha Tyrrell

Facebook has always been confronted with privacy-related scrutiny, including being the respondent in the proceedings that ultimately brought down the EU-US privacy shield. On 28 January 2018, Facebook revealed its “privacy principles” to users for the first time. Via a series of educational videos and a ‘Privacy Check Up’ function, Facebook has shared the core principles it uses to guide its approach to privacy. Facebook will also roll out a new hub which will allow users to more easily control their privacy settings.

Read More

Update everything: Discovery of Wi-Fi flaw in connected devices

By Cameron Abbott, Rob Pulham and Olivia Coburn

A Belgian researcher has discovered a weakness in WPA-2, the security protocol used in the majority of routers and devices including computers, mobile phones and connected household appliances, to secure internet and wireless network connections.

The researcher, Mathy Vanhoef, has named the flaw KRACK, for Key Reinstallation Attack.

Any device that supports Wi-Fi is likely to be affected by KRACK, albeit devices will have different levels of vulnerability depending on their operating systems. Linux and Android are believed to be more susceptible than Windows and iOS, and devices running Android 6.0 are reportedly particularly vulnerable.

Read More

Gartner: Worldwide spending on information security to reach $93 billion in 2018

By Cameron Abbott and Olivia Coburn

Global spending on information security products and services will reach $86.4 billion this year, according to US-based technology research and advisory firm Gartner, Inc.

This figure is an increase of 7 per cent over 2016, and is expected to grow to $93 billion in 2018.

Read More

UK companies taking on cybersecurity-related insurance in soaring numbers

By Cameron Abbott and Allison Wallace

There was a 50% growth in the adoption of cybersecurity-related insurance in the UK between 2015 and 2016.

CFC Underwriting discovered the trend after polling industry representatives at the 2016 Cyber Symposium late last year.

The underwriter, which provides cyber insurance to more than 20000 clients globally, found the factors driving clients to purchase these kinds of policies included the “fear factor” of a cyber attack (23%) and the impending introduction of the European General Data Protection Regulation in 2018 (26%).

More than half of the respondents to the poll (53%) indicated they believed electronic computer crime will lead to an increase in insurance claims. Earlier figures released by CFC Underwriting revealed it handled over 400 claims on cyber policies in 2016, a 78% increase on 2015.

The EU-US Privacy Shield has been released

By Cameron Abbott and Meg Aitken

The European Commission has now officially released the EU-U.S. Privacy Shield, which sets out the key requirements and principles for trans-Atlantic data flow between Europe to the US.

Read our colleague’s article on the announcement here.

Alternatively, access the European Commission’s Press Release here.

‘EU-US Privacy Shield’ agreed for trans-Atlantic data flow

By Cameron Abbott and Meg Aitken

A new trans-Atlantic data transfer framework has been agreed between the European Commission and the United States this week. Known as the ‘EU-US Privacy Shield’, the new arrangement is intended to offer greater legal certainty for businesses and afford EU citizens increased protection when their data is transferred across the Atlantic to the US.

The new regulations will replace the US-EU Safe Harbor framework, which was invalidated by the European Court of Justice last October on the basis that the generalised access that public authorities had to the data and content of electronic communications violated fundamental privacy rights. Read our earlier blog post on the Safe Harbour decision here.

The key features of the new EU-US Privacy Shield are:

  • Stronger obligations on US companies to protect the personal data of EU citizens
  • More robust enforcement powers granted to both EU and US regulators, including greater monitoring and prosecution by the US Department of Commence and Federal Trade Commission (FTC)
  • Clearer conditions, limitations, redress avenues and safeguards for data transferred across the Atlantic
  • Expanded obligations for US companies to prove compliance
  • Several new avenues for EU citizens to lodge complaints about data misuse, including the establishment of a new independent privacy Ombudsman

The new Privacy Shield is still awaiting final approval from the College of Commissioners and will be subject to further review by the Article 29 Working Party before it is introduced. Much of the detail has not been released, so while the principles have been articulated, the impact on the obligations of affected companies is still far from clear.

Read the European Commission press release here for further details.

Our US and EU colleagues have drafted a more detail description which can be accessed here for further information.

EU and U.S. Agree in Principle on New Trans-Atlantic Data-Transfer Agreement

By Cameron Abbott and Melanie Long

On 26 October 2015, European Commissioner Vera Jourová, announced that the European Union had agreed in principle with the US on a new trans-Atlantic data-transfer agreement. Commissioner Jourová made the announcement in a speech, before the Committee on Civil Liberties, Justice and Home Affairs, which addressed the recent judgment of the European Court of Justice that invalidated the safe harbour scheme between the two countries (Schemes decision). Commissioner Jourvá said, “there is agreement…in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the Court.” She also added that she expected both sides to make progress on the remaining technical points of discussion by mid-November, when she is scheduled to visit the US. The European Commission is also planning on issuing an explanatory Communication on the consequences of the Schemes decision so that businesses and industry have ‘clear explanations and a uniform interpretation of the ruling.’ The European Commission are also working towards a pending deadline set by European data protection authorities who have said that if, by the end of January 2016, no appropriate solution is found with the U.S. authorities, they will take all necessary and appropriate steps (including enforcement action) to enable data transfers to the U.S. that respect fundamental rights.

The European Commission’s press release can be found here.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.