In this week’s Data Privacy News summary…
Facebook’s run-ins with EU privacy regulators may escalate as Europe’s top court next week weighs arguments from the Belgian data protection watchdog that it should have the power to go after the U.S. social media giant for breaches in Belgium.
If the Luxembourg-based Court of Justice of the European Union (CJEU) backs the Belgian authority (DPA), it could embolden national agencies in the 27-country bloc to take action against companies such as Alphabet’s Google, Twitter and Apple.
Under landmark EU privacy rules known as the General Data Protection Regulation (GDPR) and its one-stop-shop mechanism, the Irish privacy authority is the lead authority for Facebook as the company’s European head office is based in Ireland.
Google, Twitter and Apple also have their European headquarters in Ireland. GDPR however allows some leeway for other national privacy regulators to rule on violations limited to a specific country, which France and Germany have done.
The case before the CJEU on Oct. 5 came after a Belgian court sought guidance on Facebook’s challenge against the territorial competence of the Belgian regulator’s bid to stop the company from tracking users in Belgium through cookies stored in Facebook’s social plug-ins, regardless of whether they have an account or not.
Source & full story: Reuters
Small rivals of Alphabet Inc’s Google say signs are emerging of more benevolent behavior from the online advertising leader amid accusations by the U.S. government and states that the company uses its dominance to thwart competition.
Among the dozens of software companies who rely on Google as an intermediary to ad buyers and sellers, six told Reuters that the company has become more collaborative on data privacy and other changes with them and industry groups, helping these entities instead of ignoring requests as they have done in the past.
John Nardone, chief executive of Flashtalking – which works with advertisers to personalize messages – said Google recently agreed to open a pipeline to crucial data.
It was an undertaking “that previously I might not have imagined they’d be open to,” said Nardone, who publicly criticized Google’s rigidity last year.
Two other companies also said Google this year enabled them to use its services in ways previously restricted, one involving using outside algorithms to analyze Google data and the other gaining sales opportunities Google had reserved for itself.
Source & full story: Reuters
Households in the US with broadband network connections are increasingly likely to experience identity theft, new research has claimed. In fact, data suggests that up to 5.5 million homes in America are being targeted every year by cybercriminals who regularly try to steal the identities of consumers.
The growing threat of identity theft is a hot topic. The research found that it’s the top data security or privacy concern for over half of American consumers who have broadband.
The study was carried out by research specialists Parks Associates, which highlighted how with more of us using IoT devices and everyone having multiple online accounts, there are potentially rich pickings for cybercriminals via domestic broadband channels.
Source & full story: TechRadar
France’s data privacy watchdog CNIL recommended on Thursday that websites operating in the country should keep a register of internet users’ refusal to accept online trackers known as cookies for at least six months.
In specifying a registration timeframe, the guideline goes beyond European Union-wide data privacy rules adopted two years ago, adding an extra hurdle that a data protection lawyer said would put some of the companies exploiting such tools to target advertising out of business.
Under the CNIL guideline, which the watchdog said must be adopted by March, internet users have the right to withdraw their consent on cookies – small pieces of data stored while navigating on the Web – at any time and they can refuse trackers when they go on a website.
Etienne Drouard of American-British law firm Hogan Lovells, said:
The internet user’s silence actually implies a refusal [to accept cookies]… But the CNIL imposes the collection of a refusal and [recommends] that this refusal lasts six months,
He said, predicting that stipulation would mark a “death sentence” for some publishers, media, video-on-demand platforms and advertisers.
The guidelines apply to all companies offering services in France or based in the country, said the CNIL, which has a reputation as a staunch defender of data privacy rights.
Source & full story: Reuters
Customers of Kylie Jenner’s make-up company have been warned that their personal data could have been compromised following a data breach at ecommerce platform Shopify. Blame for the event has been laid at a pair of ‘rogue’ Shopify staff members, who allegedly stole order records from Kylie Cosmetics. The theft is estimated to have targeted at least 100 sellers operating on the Shopify platform.
Shopify says it has terminated two “rogue” employees who were involved in a scheme to steal customer information from some of the company’s merchants.
The Ottawa-based technology company says fewer than 200 merchants were included in the breach, but that an unknown number of customers of those merchants may have had their information stolen.
Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected.
The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.
The information stolen includes basic things such as names and email addresses, as well as data about what products they purchased, but did not include financial information such as credit card or banking details.