Lines Drawn on New Data Privacy Bills

A second U.S. data privacy bill in as many months targets consumer protections while attempting to beef up enforcement of privacy rights.

The Consumer Online Privacy Rights Act would establish a new bureau within the Federal Trade Commission to enforce digital privacy rules. The proposed legislation also would give consumers greater control of their online personal data and provide greater protections by obligating companies to prevent privacy violations.

The legislation was introduced Tuesday (Nov. 26) by Sen. Maria Cantwell, D-Wash., the ranking Democrat on the Senate Commerce Committee.


Full Article Here

Top Travel Apps Fail Privacy and Security Standards

Mobile travel apps are among the most popular apps to download for smartphone users – especially those apps that enable them to snag the lowest prices on travel or secure the best possible deals. However, the ease and convenience of using these travel apps to line up great deals and save money comes with a very big price for privacy and security. According to a study conducted by mobile security solutions provider Zimperium, 100% of iOS-based apps and 45% of Android-based apps failed to receive a passing grade for privacy. Moreover, 100% of iOS-based apps and 97% of Android-based apps failed to receive a passing grade for security. In short, just about any travel app you download from the Google Play or Apple Store is not going to meet basic security and privacy standards.


Full Article Here

Georgia’s Supreme Court issues a landmark decision on vehicle data privacy

Back in 2014, a man named Victor Mobley was driving his 2014 Dodge Charger along a tree-lined road in Henry County, Georgia. Two people in a 1999 Chevrolet Corvette pulled out from a driveway and were hit by Mobley. They died, and Mobley survived.

Initially, the police determined that the Corvette driver must have pulled out without warning, and Mobley couldn’t stop in time. They saw nothing at the scene that would indicate that Mobley was driving too quickly until an officer plugged a device called a Crash Data Recorder into Mobley’s Charger and found that he had been doing nearly 100 miles per hour.

Here’s where things get sticky: that officer didn’t have a search warrant. The police got a warrant soon after, the issuance of which wasn’t dependent on the data obtained from Victor Mobley’s car, but after being convicted of a double first-degree vehicular homicide, Mobley appealed saying that the data from his vehicle was obtained illegally, in violation of the 4th Amendment. 

Full Article Here

Tech giants ask Congress for a data privacy bill to bypass state laws

Tech giants are calling on Congress to pass a data privacy law — just as long as it’s on their terms. Those terms include legislation that would pre-empt the many state laws already protecting people’s privacy. But consumer privacy advocates argued this move would hurt data privacy. 

In a letter signed by more than 50 CEOs, including Amazon’s Jeff Bezos and AT&T’s Randall Stephenson, the industry leaders called for federal privacy legislation that would “strengthen consumer trust and establish a stable policy environment.”

Full Article

Instagram Data Scraping by HYP3R Raises Privacy Concerns

Until recently, many of the social media privacy concerns that seem to swirl around Facebook on a regular basis never seemed to extend to Instagram, which is owned by Facebook. But all that could be changing as the result of a recent Instagram data scraping case that is attracting a lot of attention from privacy and security experts. A trusted Facebook marketing partner, HYP3R, had been scraping data from Instagram, storing it on its own servers, and then re-packaging all of that social media data for advertisers. The Instagram data scraping in question included physical locations, bio information, and photos – as well as some content (such as Instagram Stories) that were specifically intended to disappear after 24 hours.

Full Article

A Closer Look at the CCPA’s Private Right of Action and Statutory Damages

The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ. Code § 1798.150(a)(1), and to seek statutory damages of between $100 and $750 “per consumer per incident or actual damages, whichever is greater.” Id. § 1798.150(a)(1)(A). The ability to seek statutory damages is in addition to injunctive or declaratory relief. Id. § 1798.150(a)(1)(B),(C).

While consumers already had the right to bring suit under California’s data breach law, the CCPA’s provision allowing consumers to sue, known as a private right of action, adds a few new wrinkles. First, it provides for statutory damages. In many data breaches, demonstrating and quantifying damages caused by the breach can be difficult, making it hard for plaintiffs to successfully sue and obtain monetary damages. Statutory damages eliminates that hurdle by dispensing with the need to prove actual damages. Plaintiffs’ attorneys may be more likely to bring class action lawsuits on behalf of groups of data breach plaintiffs with this new tool in hand. The CCPA provides courts with a laundry-list of considerations for determining the amount of statutory damages to award. That list includes “the nature and seriousness of the misconduct, the number of violations, the persistence of the misconduct, the length of time over which the misconduct occurred, the willfulness of the defendant’s misconduct, and the defendant’s assets, liabilities, and net worth.” Id. § 1798.150(a)(2).

Full Article

PwC will have to work to rebuild trust after shock GDPR fine

The corporate world has gotten a shock of its recently when the data protection enforcement body of Greece has imposed a fine on one of the Big 4. PwC’s Greek holdings, “PRICEWATERHOUSECOOPERS BUSINESS SOLUTIONS SA”, has received a fine under Article 83 of the GDPR amounting to 150 000 EUR.

In addition, the Hellenic DPA has also imposed corrective measures on the organization to be complied with under the European Regulation.

Full Article

Before Capital One breach, internal staff raised red flags

Employees at Capital One Financial Corp. (NYSE: COF) had raised concerns about problems in the bank’s cybersecurity unit before a hacker broke into the company’s system and stole information of about 106 million individuals, the Wall Street Journal reports

Those concerns included those about high turnover and questions about why software meant to prevent hacks was not installed in a timely matter, according to the report. 

A Capital One spokeswoman told WSJ that protecting personal information is “essential to our mission” and that the company has “invested heavily in cybersecurity and will continue to do so,” the report notes. 

Full Article

The EU could hit Facebook with billions in fines over privacy violations

The European Union is reportedly nearing the end of its investigation into some of the cases it opened against Facebook under the EU’s General Data Protection Regulation or GDPR, the Wall Street Journal reports.

In total, Ireland’s Data Protection Commission, which is leading the investigation since Facebook’s HQ in Europe is in Dublin, has 11 cases against the social network.

Some of those cases have been finalized to a point where the Commission has passed along its final investigative reports. Decisions, along with any proposed fines and sanctions, are expected to be near completion by the end of September.

Full Article

Exclusive: Fearing data privacy issues, Google cuts some Android phone data for wireless carriers

NEW YORK/SAN FRANCISCO (Reuters) – Alphabet Inc’s Google has shut down a service it provided to wireless carriers globally that showed them weak spots in their network coverage, people familiar with the matter told Reuters, because of Google’s concerns that sharing data from users of its Android phone system might attract the scrutiny of users and regulators.

Full Article