Article that holding data may now start becoming a liability

A hedge, says Wikipedia, is “an investment position intended to offset potential losses or gains that may be incurred by a companion investment”. Most stock market investors (and pension funds) buy shares in the hope that they will go up in value, and are distressed if they don’t. In the 1940s a genius called Arthur Winslow Jones invented an investment fund that could place bets on both rising and falling share prices and therefore make money no matter what happened. Thus was born the hedge fund, the defining characteristic of which is that it eschews optimism and profits from well-informed pessimism. Hedge funds are thus the predators of the capitalist jungle, constantly on the lookout for prey.

A few years ago some hedge-fund guys, pondering the threat of climate change, came on a campaign conceived and orchestrated by the Guardian, Keep it in the Ground. As the then editor, Alan Rusbridger, described it: “There are trillions of dollars’ worth of fossil fuels currently underground which, for our safety, simply cannot be extracted and burned. All else is up for debate: that much is not. We need to keep it in the ground”.

Full Article Here

Marriott & British airways fines

British Airways and Marriott received the largest-ever fines under the EU’s new General Data Protection Regulation this past week.

The U.K. Information Commissioner’s Office (ICO) fined British Airways a proposed $230 million for an incident that took place from June to September 2018 and compromised the data of 500,000 customers. The ICO gave Marriott a $123 million proposed penalty for the loss of 339 million guest records, reported in November 2018. Both companies have the opportunity to respond to the fine before the ICO issues a final decision, and both companies already indicated they will appeal the decision.

But the GDPR fines were important for reasons well beyond numbers. The GDPR is a very broad rule with little detail, and companies have had few insights into how regulators in the EU would interpret the law, particularly what they would consider “adequate” security measures.

Full Article Here

Facebook’s $5 billion fine doesn’t bode well for Libra

It looks like Facebook’s $5 billion settlement, which was ratified yesterday by the Federal Trade Commission, will likely go through. The deal was approved 3-2 along party lines, with the Republican commissioners voting for it and the Dems—who represent, arguably, the victims of the Cambridge Analytica data breach that may have helped elect Donald Trump—voting against it.

All that remains is for the U.S. Justice Department to rubber stamp it, and a settlement that The Verge described as an “embarrassing joke” will be finalized. The social network can get back to business, unencumbered by a year-long investigation into its cavalier handling of users’ personal data.

Full Article Here

Facebook Faces Activist, EU Judges in ‘Schrems II’ Privacy Case

Facebook Inc. warned the European Union’s top court that toppling a key system used by companies to transfer data out of the EU would threaten trans-Atlantic trade, in the latest twist of a six-year-old saga pitting the social media giant against privacy activist Max Schrems.

Facebook lawyers told the EU Court of Justice that the lawsuit threatens contractual clauses that companies rely on to transfer commercial data overseas. The new protocol was used as the only reliable option after Schrems won an earlier case throwing out an EU-U.S. data accord.

Full Article Here

British Airways faces $230 million fine…

London (CNN Business)British Airways faces a record $230 million fine after a website failure compromised the personal details of roughly 500,000 customers.

It would be the largest penalty yet under a tough privacy rule known as the General Data Protection Regulation, which came into force last year in the European Union.

Full Article Here

Facebook Faces Lawsuit for Data Breach Affecting Nearly 30 Million Users

Facebook Inc. failed to fend off a lawsuit over a data breach that affected nearly 30 million users, one of several privacy snafus that have put the company under siege.

The company’s disclosure in September that hackers exploited several software bugs to obtain login access to accounts was tagged as Facebook’s worst security breach ever. An initial estimate that as many as 50 million accounts were affected was scaled back weeks later.

Read More Here

LaLiga facing €250k fine for GDPR violations in app used to spy on users

Spanish soccer league LaLiga is facing a fine of €250,000 (approximately $283,000) for GDPR violations resulting from a convoluted wiretap in their smartphone app intended to curb piracy of soccer match broadcasts. The Spanish Agency for Data Protection (La Agencia de Protección de Datos, or AEPD) levied the fine this week due to the league’s violation of consent-related clauses in the GDPR, as LaLiga did not properly disclose the nature of the microphone usage, according to a report from Spanish newspaper ABC.

Link to Full Article

Look Out for the ‘Look Back’—Begin CCPA Prep Now

By Tarah Powell-Chen – This past summer the California legislature passed, and later amended, the California Consumer Privacy Act of 2018 (CCPA). The CCPA grants California consumers an unprecedented amount of rights regarding their personal information (PI) and an expansion of consumer privacy expectations. Although the CCPA does not go into effect until Jan. 1, 2020, a key provision known as the “look back” requires California businesses covered by the CCPA to begin preparing now. This article provides a brief overview of the key provisions included in the CCPA, the “look back” provision, how to take action for compliance now and the potential penalties for violating the CCPA.

Full Article

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants – NYT

By Gabriel J.X. Dance, Michael LaForgia and Nicholas Confessore –

For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews.

The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.


Full Article

Europe’s sweeping privacy rule was supposed to change the internet, but so far it’s mostly created frustration for users, companies, and regulators – CNBC

By Kate Fazzini – The European Union’s General Data Protection Regulation was celebrated as a revolution in how internet privacy could be legislated. It was a reaction to long-term concerns in the EU about information collection by tech giants like FacebookAlphabet and Apple.

Known as GDPR, the regulation gave sweeping new powers to individuals in how they can control their data, including the right to demand that companies tell them how their data is used, and to ask corporations to destroy their data, a tenet of the law known as “the right to be forgotten.”

Full Article