Landmark ruling against GCHQ

Last week the Investigatory Powers Tribunal ruled that The Government Communications Headquarters (GCHQ), the British intelligence agency had collected intelligence illegally up until December 2014. This decision is the first time in its 15 year history that the Tribunal, with sole jurisdiction over GCHQ, MI5 and MI6, has ruled against the intelligence and security services. The Tribunal also declared that intelligence sharing between the UK and the US was unlawful before December 2014, as the rules governing the relationship were kept secret.

Google’s Advisory Council publishes findings

Following the public meetings conducted last year across Europe on how to implement the “Right to be Forgotten”, Google’s Advisory Council published its findings last week. Contrary to many EU regulators and the Article 29 Working Party, Google’s advisers concluded that it is in the best interests of the public to focus any de-listings on local European versions of the search engine and not extend it to the .com domain.

Germany approves collective action in data protection bill

The German federal cabinet has approved a draft bill to improve the enforcement of consumers’ data protection rights. The draft bill establishes collective action to be brought by consumer organisations. It will then be introduced to help consumers not only identify data protection violations but also reduce the cost and effort for each individual in pursuing such violations. The proposal will next be discussed in Germany’s legislature.

Russia brings forward data processing restrictions

The implementation of proposed changes to the Russian data protection law has been brought forward by a year, and will now be effective from 1 September 2015. Amongst other things, the proposed changes restrict the processing of personal data on servers located outside of Russia. Companies that process personal data in Russia as either a data controller or a processor must ensure that such data relating to Russian citizens is stored on servers in the Russian Federation.

Anthem’s massive cybersecurity breach

US health insurer Anthem confirmed last week that an IT system containing data on up to 80 million people was breached. Anthem said that personal details, including employment and income information, had been accessed. Medical and financial data had not been affected. It has been reported that the information which was accessed had not been encrypted as this is not required under the US Health Insurance Portability and Accountability Act. The insurer issued a warning on Friday to customers about an email scam targeting customers whose information may have been breached.

TurboTax sees fraudulent filings

As people across the US are preparing their annual tax returns, TurboTax, an online service, had to stop allowing the submission of electronic filings last week, due to an increase in fraudulent activity. It was reported that a number of people logged on to find that their tax return had already been filed by someone else. TurboTax has denied that the breach was in their system.

China requires real-name online registration

The Cyberspace Administration of China announced new regulation last week which requires users to register accounts under their real names for blogs, discussions forums and related services. Users will be able to use aliases on social media sites but there is an overriding ban on “harmful” usernames that harm national security or hurt “national honour”. The regulations will come into effect on 1 March 2015 and place the responsibility of enforcing the restrictions on the websites.