SypherPrivacyTalks - September 2024 - Week 40
by Sypher | Published in News - September 30, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Meta pays the price for storing hundreds of millions of passwords in plaintext
π΅ Ireland's Data Protection Commission (DPC) recently announced a €91m fine after concluding a multi-year investigation into a 2019 security breach by Facebook's parent company. The DPC opened an investigation into the incident in April 2019, after Facebook told it that 'hundreds of millions' of users' passwords had been stored in plain text on its servers.
The DPC concluded that Meta had failed to meet EU legal standards, as the passwords were not protected by encryption. The DPC also found that Meta failed to notify it of the breach within the required 72 hours of becoming aware of it. Meta also failed to properly document the breach, the DPC said… read more
Read the DPC communication.
Kia patches bug that allowed access to cars with just a license plate number
π Vulnerabilities in a website for Kia car owners could have allowed attackers to remotely control millions of cars. The issues could have allowed attackers to gain immediate control of key vehicle functions using only the car's licence plate number.
The bugs also allowed attackers to harvest the victim's personal information, such as name, address, email address and phone number, and create a second user on the vehicle without the owner's knowledge... read more
European Commission publishes Competition Policy Brief on generative AI and virtual worlds
thelens.slaughterandmay.com • 4 min read
π‘The European Commission has recently published a Policy Brief on competition in generative AI and virtual worlds. The Policy Brief examines emerging market trends and perceived risks to competition in these sectors. It also examines the tools at the Commission's disposal to address potential concerns. Its publication follows the Commission's call for input in January 2024 and workshops and interviews with stakeholders over the summer.
For comments on key findings on emerging market dynamics, risk assessment and competition enforcement tools … read more
Fleets reminded of GDPR obligations for personal data in vehicles
π A new white paper and legal analysis from Privacy4Cars clarifies GDPR obligations to delete personal data in fleet vehicles, particularly navigation and smartphone data.
It outlines the roles and responsibilities of specific processors when it comes to deleting data. It also clarifies the need for documented procedures, robust processes and the use of relevant software... read more
You can download the whitepaper here.
Mozilla hit with privacy complaint in EU over Firefox tracking tech
π΅οΈβοΈ Mozilla, the non-profit organisation behind the Firefox web browser, has been hit with a complaint from privacy rights group NOYB, accusing it of breaching GDPR by tracking Firefox users by default without their permission.
Mozilla is an organisation that is often seen as working to strengthen the privacy rights of web users, such as by making cookies siloed to prevent cross-site tracking. However, NOYB has taken issue with a new feature recently introduced in Firefox called "Privacy Preserving Attribution", which it claims turns the Firefox browser "into a tracking tool for websites"… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Alex Haney on Unsplash
