#67: If you are not paying for the lunch, you are the lunch

Ransomware is an ever growing issue in the world of cyber security and privacy. More and more organisations face severe repercussions on malicious attacks by different professional groups. In this episode we take a bit of a side step  and discuss ransomware attacks with an absolute legend, Quentyn Taylor, Head of Information Security at Canon EMEA. Quentyn accounts how ransomware has developed into a multilayer "industry" of its own kind, with several layers of actors specializing in different parts. One player gets in, the otherone takes the data and third one might use it. In plain terms, Quentyn just explains it much more interestingly. We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

28 Syys 20211h

You can sigh in relief, the past week was slower on privacy news front and we did our best to keep it short! We continue the discussion on Facebook View glasses as the news came last week from both the Italian as well as the Irish data protection authorities that they are looking into privacy issues related to the glasses. We marvel at AWS delivering early the updates required by the new Standard Contractual Clauses in their data processing agreement (kind reminder to fellow privacy experts: September 27 is the deadline for having the new SCCs ready for use with new contracts, and updates to old contracts should be covered by December 27, 2022). And lastly, we are happy to have Heikki rant a bit about cookies.   Italian and Irish authorities looking into Facebook view (glasses) https://www.dataprotection.ie/en/news-media/latest-news/data-protection-commission-statement-concerning-facebook-view-glasses   AWS customer terms updated with new SCCs https://aws.amazon.com/blogs/security/new-standard-contractual-clauses-now-part-of-the-aws-gdpr-data-processing-addendum-for-customers/     German consumer advocates investigate cookies https://marketresearchtelecast.com/consumer-advocates-warn-companies-about-cookie-banners/158935/   Whatsapp challenges DPC fine https://www.irishtimes.com/business/technology/whatsapp-challenges-dpc-s-225-million-fine-1.4675957   We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

21 Syys 202140min

This week we discuss at length Facebook launching “Ray-Ban Stories” – cool-looking sunglasses, but just slightly on the creepy side when it comes to privacy. It was also reported last week that Facebook is able to read your Whatsapp messages, but at closer scrutiny the story isn’t as straight-forward as that. And lastly, in the light of the messages coming from the UK on updating their privacy rules, we would like to ask: privacy colleagues in the UK, are you OK?   Facebook launching “Ray-Ban Stories” https://about.fb.com/news/2021/09/introducing-ray-ban-stories-smart-glasses/   Facebook reads your Whatsapp messages – or does it? https://www-businessinsider-com.cdn.ampproject.org/c/s/www.businessinsider.com/facebook-reads-whatsapp-messages-encryption-2021-9?amp   Class action against TikTok in the Netherlands https://siliconcanals.com/news/tiktok-in-a-6b-class-action-lawsuit/    UK’s New Direction for Data Protection https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1016395/Data_Reform_Consultation_Document__Accessible_.pdf   ICO calls on G7 countries to reform cookie rules https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/09/ico-to-call-on-g7-countries-to-tackle-cookie-pop-ups-challenge/   CNIL sanction for retention times https://edpb.europa.eu/news/national-news/2021/french-dpa-175-million-penalty-against-ag2r-la-mondiale_de   Germany’s sovereign cloud https://fortune.com/2021/09/08/germany-sovereign-cloud-google-t-systems/   Critique – once again – on the Irish DPA https://www.iccl.ie/digital-data/2021-gdpr-report/     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

14 Syys 20211h 14min

In this week’s episode we discuss a much awaited decision – Irish Data Protection Commissioner’s first fine against big tech. In an attempt to at least scrape the surface, we cover what the decision against Whatsapp was all about, and what is to be expected going forward. In other news we are tentatively positive about Cloudflare’s updates in their global data processing practices and big fans of Norwegian DPA’s clear guidelines on international data transfers. In the weird and wonderful section we discuss the Hush app available for iOS – but do we end up using it or not?   And hey, to all boomers out there: we’re now on LinkedIn! (But not yet on TikTok, that will still take some time.)   Whatsapp decision from Ireland https://edpb.europa.eu/system/files/2021-09/dpc_final_decision_redacted_for_issue_to_edpb_01-09-21_en.pdf   Age control on Instagram https://about.fb.com/news/2021/08/asking-people-for-their-birthday-on-instagram/   Cloudflare updates to data processing https://blog.cloudflare.com/oblivious-dns/   Norwegian DPA’s data transfer guidelines https://www.datatilsynet.no/rettigheter-og-plikter/virksomhetenes-plikter/overforing-av-personopplysninger-ut-av-eos/   TIA template from IAPP https://iapp.org/resources/article/transfer-impact-assessment-templates/   Weird and wonderful https://apps.apple.com/us/app/hush-nag-blocker/id1544743900     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod LinkedIn: https://www.linkedin.com/company/tietosuojapod/about/ Email: tietosuojapod@protonmail.com

7 Syys 20211h

That time of the week again, a new episode of PrivacyPod is out! This week we discuss UK’s confusing messages on their plans to update their privacy legislation and what this means for the UK adequacy. Also in the news the usual suspects: Google bringing privacy updates for Android, Apple being after all not so transparent with regard to how they have been combatting CSAM in the past, and COPPA violations by Angry Birds. Google’s privacy updates for Android https://mobiledevmemo.com/googles-approach-to-privacy-is-att-lite/ https://cunderwood.dev/2021/07/29/privacy-changes-come-to-the-google-play-store/ Angry Birds sued over COPPA violations https://www.jurist.org/news/2021/08/new-mexico-sues-angry-birds-developer-over-child-privacy-violations/   Apple already scanning for CSAM in iCloud Mail https://9to5mac.com/2021/08/23/apple-scans-icloud-mail-for-csam/ UK’s plans for privacy overhaul https://www.theguardian.com/technology/2021/aug/26/uk-to-overhaul-privacy-rules-in-post-brexit-departure-from-gdpr?CMP=fb_a-technology_b-gdntech https://www.gov.uk/government/news/uk-unveils-post-brexit-global-data-plans-to-boost-growth-increase-trade-and-improve-healthcare   Belgian Court rules on use of American cloud https://www.linkedin.com/posts/luisalbertomontezuma_belgian-conseil-detat-aws-schrems-activity-6837178667035111424-2rcw/   European Commission: EU policy does not require localization of data https://www.europarl.europa.eu/doceo/document/E-9-2021-002521-ASW_EN.pdf

2 Syys 20211h 4min

In this week’s episode we delve deep into a report from the EDPB on data protection authorities’ resources. We look behind the numbers and graphs and explain what the report tells us about the state of privacy in the EU. Other than that, it’s the usual stuff: Facebook not being transparent, ICO being awesome in providing guidelines to companies and a couple of weird and wonderful decisions from around Europe.   EDPB report: Overview on resources made available by Member States to the Data Protection Authorities and on enforcement actions by the Data Protection Authorities https://edpb.europa.eu/system/files/2021-08/edpb_report_2021_overviewsaressourcesandenforcement_v3_en_0.pdf   China’s new privacy law https://www.reuters.com/world/china/china-passes-new-personal-data-privacy-law-take-effect-nov-1-2021-08-20/   ICO approved new certification schemes https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/   Facebook not being transparent https://www.theverge.com/2021/8/22/22636508/facebook-releases-shelved-content-transparency-report-content-coronavirus   Clubhouse joining other social media platforms in protecting privacy in Afghanistan https://www.theverge.com/2021/8/21/22635378/clubhouse-removes-personal-info-user-accounts-afghanistan-taliban-safety   Weird and wonderful collection of decisions https://gdprhub.eu/index.php?title=OGH_-_6Ob56/21k&mtc=today https://www.enforcementtracker.com/     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod Email: tietosuojapod@protonmail.com PrivacyPod is powered by PrivacyAnt, find out more about the privacy solutions here: https://www.privacyant.com/en/

25 Elo 20211h 11min

The trio is back together after a summer break! Can’t say fresher than ever, but at least we are back. As per usual, big tech is providing lots to discuss in the field of privacy: we cover Apple’s controversial plans to prevent CSAM, Luxembourg DPA’s record GDPR fine against Amazon and Google’s new child friendly measures in image search. We have a new jingle for NOYB-related news, because it seems there is something new coming from their direction on a weekly basis now. Panu tries to launch the concept of correction corner, the others are not huge fans of this idea.   Finnish draft cookie guidelines https://www.lausuntopalvelu.fi/FI/Proposal/Participation?proposalId=5450870c-1703-49e6-b48c-f89bb6ca3319   746 million euro fine against Amazon https://techcrunch.com/2021/07/30/eu-hits-amazon-with-record-breaking-887m-gdpr-fine-over-data-misuse/   Apple’s new measures to prevent CSAM https://www.theverge.com/2021/8/10/22613225/apple-csam-scanning-messages-child-safety-features-privacy-controversy-explained https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf   Google providing minors the possibility to have images removed from Google Image results https://blog.google/technology/families/giving-kids-and-teens-safer-experience-online/   NOYB’s cookie complaints from June proceeding https://noyb.eu/en/news-sites-readers-need-buy-back-their-own-data-exorbitant-price   NOYB’s quest to prevent cookie paywalls https://noyb.eu/en/news-sites-readers-need-buy-back-their-own-data-exorbitant-price   Hamburg DPA says NO to Zoom https://datenschutz-hamburg.de/pressemitteilungen/2021/08/2021-08-16-senatskanzlei-zoom   Weird and wonderful collection of decisions from GDPR Enforcement Tracker https://www.enforcementtracker.com/     We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod Email: tietosuojapod@protonmail.com

18 Elo 20211h 6min

PrivacyPod awakens from its summer slumber for an episode of the latest news in the privacy-verse. It should be no surprise to anyone that summer usually means big privacy news. This year around we haven’t (luckily) received any new ground-breaking, privacy-world-shattering rulings from the highest court in the EU, but that doesn’t mean there isn’t other important stuff to cover. Listen in for our review of a couple of guidelines from supervisory authorities and reactions to Facebook’s proceedings on various fronts regarding their use of Whatsapp data. And is there going to be and episode next week? Nobody knows. Recommended IAPP webinar on one-year post Schrems reflections https://iapp.org/news/video/linkedin-live-schrems-ii-a-year-on/ EDPB urgent binding decision on Facebook https://edpb.europa.eu/news/news/2021/edpb-adopts-urgent-binding-decision-irish-sa-not-take-final-measures-carry-out_en BEUC – European consumer organization’s complaint over Whatsapp privacy changes https://www.reuters.com/technology/whatsapp-targeted-eu-consumer-complaints-over-privacy-changes-2021-07-12/ Cookie guidelines Finland https://www.lausuntopalvelu.fi/FI/Proposal/Participation?proposalId=5450870c-1703-49e6-b48c-f89bb6ca3319 Decision from Finnish DPA – first cross-border case in Finland https://tietosuoja.fi/-/tietosuojavaltuutettu-on-antanut-ensimmaisen-paatoksen-johtavana-valvontaviranomaisena-rajatylittavassa-asiassa-oikeutta-saada-paasy-tietoihin-ei-ollut-toteutettu-tietosuojasaannosten-mukaisesti Finalized controller-processor guidelines from EDPB https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-072020-concepts-controller-and-processor-gdpr_en We’d love to get feedback – so please tag us, follow us, DM us… or send us traditional email: Twitter: https://twitter.com/PodPrivacy, #privacypod Instagram: @privacypod Email: tietosuojapod@protonmail.com

21 Heinä 20211h