Brazil issues EUR 1.2 million fine
Under Brazil’s new internet privacy law (Marco Civil da Internet), Brazilian telecoms provider Oi has been fined 3.5 million reals (EUR 1.2 million) for recording and selling its subscriber data, marking the first enforcement action under the legislation. Oi had agreed with online advertising firm Phom Inc. to develop an internet activity monitoring programme to collect the browsing data of its broadband customers. This data was then sold to behavioural advertising companies without customer consent. The fine accounted for the economic benefit to Oi, the company’s financial condition, and the serious nature of the offence.
Mozilla data leak
Mozilla customers have received apologies after a data leak exposing thousands of email addresses and encrypted passwords went unnoticed for a month. The email addresses of around 76,000 Mozilla Developer Network members and approximately 4000 encrypted passwords were leaked onto a public webserver, where they remained for 30 days. The breach is understood to have occurred after a data sanitisation process failed and generated an information dump on the webserver.
ICO defends ‘right to be forgotten’
Last month the House of Lords EU Committee published a report claiming that the ‘right to be forgotten’ is based on outdated principles and is both ‘unworkable and wrong’. However, David Smith, deputy commissioner and director of data protection for the Information Commissioner’s Office, has retaliated saying that the criticism is misplaced, “as the initial stages of its implementation have already shown”. However the ICO has recognised that the right is misleading given that the removal of links to information on search engines does not result in the information disappearing from the internet altogether.
Facebook acquires server security firm
The social networking giant has announced its acquisition of secure server technology company, PrivateCore. The company founded in 2012 and based in California, develops software to authenticate and secure server data with the goal of protecting servers from malware and unauthorized access. Given Facebook runs tens of thousands of servers and has more than 1 billion monthly active users, there is a lot of data that could be vulnerable without the right protections. The terms of the deal were not disclosed, but a Facebook spokesperson did confirm that the social network plans to add PrivateCore’s technology to its server stack.
UK unveils new data sharing proposals
Plans to be unveiled by the UK government this Autumn could see data including driving licenses, criminal records and energy use information being shared amongst governmental departments. The data share is aimed at improving the review of economic growth and population movements, to better identify those in need and to reduce fraud. The proposals may include a new legislative framework to be introduced in 2015 as part of the Cabinet Office’s open policy-making process, which attempts to develop proposals for areas where data sharing could improve governmental operation.
Mobile firms battle for GCHQ security badge
Vodafone has become the first telecoms company accredited with meeting the ‘cyber essentials plus’ cyber security standard after its systems were audited. The scheme guidelines recommend businesses take a number of steps to improve the security of their systems and data, including deploying firewalls and restricting system access. Once businesses have implemented security measures in line with these guidelines, they can apply for certification indicating their commitment to cyber security. Meanwhile, O2 has achieved the secure and government-approved network CAST certification awarded by the information security arm of GCHQ, again being the first telecoms company to do so.
Tech giants in New York privacy dispute
Describing themselves as the “New York Amici”, Google, Microsoft and Twitter are amongst those who have filed in support of Facebook’s dispute with the New York County District Attorney’s office over the collection of user data in bulk, under a gag order for a fraud investigation. Facebook were directed to hand over to law enforcement officials, virtually all records and communications for 381 accounts without giving notification to account owners. In appeal of the decision, Facebook have asked for the return or destruction of the data and are also requesting a determination on whether the gag provisions of the warrant violate the constitutional rights of its users. Neither the Attorney’s Office nor Facebook have commented on the proceedings further.