Data Digest № 033

Data Digest ¦ November 19th, 2020, 11:00 pm

Welcome to Datawallet’s Data Digest, where we review and occasionally analyze the latest news and the most critical developments in the data industry. Here’s a look at the latest developments:

EU Commission releases a draft set of new SCCs 

On November 12, 2020, the European Commission published a draft implementing new Standard Contractual Clauses (SCCs) for the transfer of personal data to countries outside of the European Economic Area. These SCCs reflect changes required under the Schrems II decision (read our full breakdown of the ECJs ruling on the “EU-US Privacy Shield” here) and are expected to fully replace the current SCCs in the beginning of 2021. Organizations that make international transfers of personal data to third countries must take a close look at the obligations imposed by the new SCCs in order to remain compliant. Click here to read more

Study finds that around 45% of businesses had a data breach in the past 12 months 

Atlas VPN’s recent findings based on a survey conducted by Kaspersky and B2B International reveal that as many as 45% of businesses had a data breach in the last 12 months. Researchers interviewed 4,179 companies from the financial services, government, manufacturing, IT and telecommunications, and retail and wholesale industries. It was found that 45% of businesses lost data to hackers in the past 12 months and as many as 78% of surveyed businesses reported a cyber threat in their systems last year. Find the full results .

Zoom settles with FTC over claims that the company lied about its end-to-end encryption practices 

Zoom agreed to upgrade its security practices in settlement with the FTC. The FTC complaint alleges that Zoom lied abouts its end-to-end encryption practices in its June 2016 and July 2017 HIPAA compliance guides, as well as a January 2019 white paper and an April 2017 blog post. The agency said in a statement that when Zoom incorrectly claimed its video calls were protected by end-to-end encryption, the company engaged in “deceptive and unfair practices that undermined the security of its users.” You can read more about the settlement here

European privacy company files complaints against Apple’s IDFA

The European privacy campaign non-profit noyb filed two complaints against Apple over the company’s Identifier for Advertisers (IDFA). The IDFA is a unique identifier that Apple assigns to each iPhone in order for third parties to track users for ad targeting. The complaints allege that Apple’s IDFA breaches regional privacy laws on digital tracking because consent is not obtained for the initial identifier storage. Additionally, noyb asserts that third parties had accessed the IDFA without user consent. You can read more about the complaints here.   

German court reduces 1&1 Telecom GDPR fine by 90%

Last December, 1&1 Telecom GmbH was handed a GDPR fine of €9.55m. This fine came after complaints were made that personal information could be obtained as easily as calling the company’s hotline and giving the name and birth date of a customer. One customer reported a criminal complaint of stalking after his ex-wife obtained his contact information by faking her identity and giving his name and birthdate to the call center. Almost a year later, a district court in Bonn determined that the €9.55m fine was “unreasonably high.” You can read more about this here

The US military has been buying location data from apps

Motherboard has learned that the US military is buying the location data of individuals harvested from ordinary apps. One of these applications is a Muslim prayer app with over 98 million downloads, which is part of a supply chain that sends users’ personal information to brokers, contractors and the military. You can read more about the discovery on the Vice website here.

Get the Data Digest in your inbox