Brazil issues EUR 1.2 million fine 

Under Brazil’s new internet privacy law (Marco Civil da Internet), Brazilian telecoms provider Oi has been fined 3.5 million reals  (EUR 1.2 million) for recording and selling its subscriber data, marking the first enforcement action under the legislation. Oi had  agreed with online advertising firm Phom Inc. to develop an internet activity monitoring programme to collect the browsing data  of its broadband customers. This data was then sold to behavioural advertising companies without customer consent. The fine  accounted for the economic benefit to Oi, the company’s financial condition, and the serious nature of the offence. 

Mozilla data leak 

Mozilla customers have received apologies after a data leak exposing thousands of email addresses and encrypted passwords  went unnoticed for a month. The email addresses of around 76,000 Mozilla Developer Network members and approximately  4000 encrypted passwords were leaked onto a public webserver, where they remained for 30 days. The breach is understood to  have occurred after a data sanitisation process failed and generated an information dump on the webserver. 

ICO defends ‘right to be forgotten’

Last month the House of Lords EU Committee published a report claiming that the ‘right to be forgotten’ is based on outdated  principles and is both ‘unworkable and wrong’. However, David Smith, deputy commissioner and director of data protection  for the Information Commissioner’s Office, has retaliated saying that the criticism is misplaced, “as the initial stages of its  implementation have already shown”. However the ICO has recognised that the right is misleading given that the removal of  links to information on search engines does not result in the information disappearing from the internet altogether. 

Facebook acquires server security firm

The social networking giant has announced its acquisition of secure server technology company, PrivateCore. The company founded  in 2012 and based in California, develops software to authenticate and secure server data with the goal of protecting servers from  malware and unauthorized access. Given Facebook runs tens of thousands of servers and has more than 1 billion monthly active  users, there is a lot of data that could be vulnerable without the right protections. The terms of the deal were not disclosed, but a  Facebook spokesperson did confirm that the social network plans to add PrivateCore’s technology to its server stack. 

UK unveils new data sharing proposals

Plans to be unveiled by the UK government this Autumn could see data including driving licenses, criminal records and  energy use information being shared amongst governmental departments. The data share is aimed at improving the review of  economic growth and population movements, to better identify those in need and to reduce fraud. The proposals may include a  new legislative framework to be introduced in 2015 as part of the Cabinet Office’s open policy-making process, which attempts  to develop proposals for areas where data sharing could improve governmental operation. 

Mobile firms battle for GCHQ security badge 

Vodafone has become the first telecoms company accredited with meeting the ‘cyber essentials plus’ cyber security standard  after its systems were audited. The scheme guidelines recommend businesses take a number of steps to improve the security  of their systems and data, including deploying firewalls and restricting system access. Once businesses have implemented  security measures in line with these guidelines, they can apply for certification indicating their commitment to cyber security.  Meanwhile, O2 has achieved the secure and government-approved network CAST certification awarded by the information  security arm of GCHQ, again being the first telecoms company to do so. 

Tech giants in New York privacy dispute 

Describing themselves as the “New York Amici”, Google, Microsoft and Twitter are amongst those who have filed in support of  Facebook’s dispute with the New York County District Attorney’s office over the collection of user data in bulk, under a gag order for  a fraud investigation. Facebook were directed to hand over to law enforcement officials, virtually all records and communications  for 381 accounts without giving notification to account owners. In appeal of the decision, Facebook have asked for the return  or destruction of the data and are also requesting a determination on whether the gag provisions of the warrant violate the  constitutional rights of its users. Neither the Attorney’s Office nor Facebook have commented on the proceedings further.