PrivacyRules

#ClearviewAI has just been recently fined in Europe. The Dutch #dataprotection authority, Autoriteit Persoonsgegevens, imposed a 30.5 million euro fine on the company on September 3rd for breaching the General Data Protection Regulation (#GDPR).    Clearview presents itself as a facial recognition specialist, and has built up a database of over 30 billion photos by collecting everything it can find on the Internet, including selfies. All without consent. The database includes pictures of Dutch citizens, which led to the fine imposed by the Autoriteit Persoonsgegevens. These photos are used for biometric authentication purposes, and Clearview #AI claims to market it mainly to governments and affiliated agencies.     To date, this is the largest fine imposed on the start-up in the European Union. The UK, Italy, Greece and France have already imposed sanctions in the past. Today, the fines total more than 100 million euros.     In its press release, the Dutch regulator states that Clearview AI has not stopped violating the GDPR, even after its investigation has ended. An additional fine of 5.1 million euros will be imposed if it refuses to act. 

Poll of the week: Why is #ClearviewAI being sanctioned by the Netherlands #DPA ? Share with us your thoughts and check out the right answer tomorrow! #cybersecurity #dataprivacy #data #privacy #dataprotection #cybersecurity #GDPR

In this latest episode of the PrivacyRules #privacyespresso series, Stephan Mulders, lawyer at Van Diepen Van der Kroef Advocaten, PrivacyRules dutch law firm member, discusses the recent significant fines imposed by the Dutch Data Protection Authority (#DPA) on Uber and Clearview. Uber faces a €290 million fine, primarily for insufficient transfer mechanisms between #Uber USA and Uber Netherlands, marking the third time Uber has been fined by the DPA for #GDPR violations. Meanwhile, Clearview received a €30 million fine for scraping internet data and violating various GDPR regulations. The discussion dives into the details of the fines, the implications of joint controllers under the GDPR, and how enforcement of such violations is intensifying. Key points : - The Dutch DPA is showing its teeth. First, the 10 million Uber fine earlier this year, now € 290 m for Uber and € 30 m for Clearview. - Be careful with French taxi drivers. The three Uber fines originated from complaints from French taxi drivers and civil rights interest groups. It is thus essential to listen to your stakeholders very early and try to mitigate their grievances. Perhaps there is something to say about the Rhineland model. - The time of “cry and pray” is over. The consensus after Schrems II was that it was almost impossible to comply with, so the only advice was to pray that no sanctions would follow. The Dutch DPA is, however, not afraid to fine for past behavior. So, it is not unlikely that more companies will face similar fines for their #data transfers between 2020 and 2023 - Earlier, the DPA issued guidelines on web scraping for #AI purposes. The #Clearview fine shows that the DPA means to enforce those guidelines - In the past, the DPA took a somewhat controversial standpoint that economic interests cannot be legitimate as these are not explicitly covered by positive EU law. Now, the DPA uses a more subtle version, stating that a business model solely collecting data is not legitimate. - Personal liability will be a hard push for the DPA. In general, it is hard to pierce the corporate veil. This can only happen if the board acts seriously culpable in person. This is not likely as long as the board has convincing arguments to dispute the fine. Tune in to hear Stephan's analysis on these significant developments and what they mean for businesses handling personal data. Listen to the full episode 👉 https://bit.ly/4gARumP

Tracki describes itself as the world leader in #GPStracking. It markets and sells boxes designed to locate and track goods, vehicles or people in real time. Whether it's for child safety, tracking a company vehicle or monitoring a loved one, Tracki promises to meet every geolocation need. But the survey revealed that these devices are also used by many government agencies and military programs, in the #USA and elsewhere, to track their assets, personnel and vehicles.     As reported by #Malwarebytes, a member of the Coalition Against Stalkerware, Tracki has rapidly become the preferred tool of stalkers and other malicious individuals wishing to stalk their victims. Law enforcement agencies around the world regularly receive subpoenas related to the misuse of these boxes. As the survey points out, when you decide to use #spyware, you're not the only one who can track down the target. These companies do not always invest sufficiently in the security of their #data.     Research scientist Maia Arson Crimew uncovered this massive security flaw while delving into Tracki's system. Through detailed analysis of the company's source code and various internal tools, she found that numerous user credentials, passwords and other sensitive data were stored in cleartext and accessible to many employees without extensive authentication, i.e. a password shared by all technicians.     But what she defines as the worst part of this story is that a troubleshooting tool even made it possible to view virtually all the data on any Tracki device by simply entering its ID number.    Ultimately, the personal data of almost 12 million users would have been exposed, with all the associated risks of identity theft, harassment, #cyberstalking, #phishing and #ransomware that this leak represents. To know more 👉 https://bit.ly/3AOpJGT 

One of the world's 50 largest companies paid $75 million - around €68 million - to cybercriminals at the beginning of the year. The information comes from a report published at the end of July by the company Zscaler, subsequently confirmed by the company Chainalysis, which analyzes #cryptocurrency transfers. The sum was allegedly paid in #Bitcoin. The target company prefers to remain anonymous. The hackers, on the other hand, are part of a collective called #DarkAngels. This ransom is currently the largest sum ever paid to hackers. In 2023, Caesars Palace paid $15 million to #ScatteredSpider hackers to unlock their computer system. In 2021, financial group CNA Financial also gave in to the hackers' demands, transferring $40 million.     According to the #cybersecurity experts at Zscaler, Dark Angels hackers have adopted a strategy of their own. Unlike many other cybercriminal gangs, the Darks Angels do not develop new malware, and above all do not market it, unlike famous groups such as #Lockbit or #BlackCat.    They build on existing strains of code - leaked in the past - and improve them in-house. Experts have recognized the code behind the Ragnar Locker and Babuk #malware.     Rather than sending thousands of #phishing e-mails to different companies, Dark Angels hackers carefully select their victims. Financial and IT groups, among the most powerful in the world, are their preferred targets. 

Poll of the week: What is the largest ransom ever paid to hackers? Share with us your thoughts and check out the right answer tomorrow! #cybersecurity #dataprivacy #data #privacy #dataprotection #cybersecurity #databreach #ransomware

In this latest episode of the PrivacyRules #privacyespresso series, the discussion is led for the first time by Luiza Sato, partner at TozziniFreire Advogados, who is stepping in as host and joined by Mariano Peruzzotti, partner at Ojam Bullrich Flanzbaum, PrivacyRules Argentinian law firm member, to discuss an essential topic that affects many companies, the obligation to register databases in Argentina under the local #dataprotection law. Key points: - Argentina’s Data Protection Law requires companies to register their data processing activities with the Argentine #DataProtectionAuthority. - This obligation applies to both local and foreign companies that collect and process personal #data of individuals located in Argentina. - Foreign companies must now comply with this requirement by completing specific forms and submitting relevant information about their data processing activities. - There is no annual renewal needed for this registration, and there are no registration fees involved. - The registration process does not require companies to disclose sensitive or confidential data, only to explain how the data is processed. - The Argentine Data Protection Authority has become more active in enforcing these requirements, so non-compliance can lead to investigations and potential sanctions. This episode provides clear insights into the legal framework in Argentina and what companies, both local and foreign must do to comply with the regulations. Listen to the full episode : https://bit.ly/3Zj6OOm

With #iOS 17.4, Apple has begun to unbundle updates to its mobile operating system for Europeans. It is now possible to install a different App Store. This is how the AltStore and Epic Game Store were created. But things are about to go much further.     Identified with iOS as a #gatekeeper by the European Union, Apple has no choice but to comply with the #DMA's requirements in order to continue selling its products in Europe.     In a blog post aimed at developers, Apple explains that users in the European Union will have more choice when it comes to configuring their favorite apps by default. Since iOS 14, it has been possible to replace the browser or mail client. But the company had only done the bare minimum. Third-party editors were still obliged to use the default rendering engine - WebKit. It wasn't until the DMA came into force that things changed, giving alternative browsers greater flexibility.     To know more 👉 https://bit.ly/3X39RaG 

For many years now, #Google has been the target of numerous complaints. In 2020, users filed a class action lawsuit concerning the “intentional and illegal” recovery of personal data via Chrome, including when the #Chrome Sync function was deactivated. In 2022, the complaint was dismissed, the judge ruling that users had accepted the browser's terms of use.     That hasn't stopped the American giant from facing a new class action lawsuit, concerning this same collection of personal #data, and more precisely a consent that could prove misleading for users.     In concrete terms, according to Judge Milan Smith, who decided to relaunch the case, the consent options set up by Google would mislead users. A lack of transparency concerning (among other things) the Chrome Sync function, whose activation is required to access saved information (which should no longer be the case in the near future).     Google claims that Chrome Sync “helps people use Chrome seamlessly across multiple devices, while providing clear #dataprivacy controls”. For the American giant, users knowingly give their consent, by accepting the privacy policy proposed by Google Chrome. 

Poll of the week: Why is #google facing justice again ? Share with us your thoughts and check out the right answer tomorrow! #cybersecurity #dataprivacy #data #privacy #dataprotection #cybersecurity #GDPR