Privacy newsletter - July 14, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. Privacy rights are rapidly eroding in Hong Kong. Newly established rules give Chinese state security agencies unlimited powers to access user data from any technology platform operating in Hong Kong. The rule applies to both users in Hong Kong and users anywhere else. Link
   
   Google, Facebook, Twitter, Zoom, and LinkedIn have already made announcements that they won't cooperate with Chinese authorities. It's unclear how strictly this law will be enforced, but it could force popular technology apps to leave Hong Kong. Link
   
2. More than 15 billion credentials are currently circulating on hacker forums, from more than 100k data breaches. Financial account credentials are 3x more valuable than any other account type. They sell on the dark web for more than $70 each. Antivirus account credentials are the only other account type that sells for more than $10. Link
   
3. The New Mexico Supreme Court ruled that prosecutor can obtain a person's banking records without a warrant. New Mexico's Constitution includes productions for an individual's right to privacy, but they don't necessarily apply to personal financial records. Link
   
4. Equifax continues to fight legal battles stemming from its data breach three years ago. A judge ruled that Equifax has to face claims tied to New York's consumer protection law, which it violated for failing to protect consumer's information in the 2017 data breach. Link
   
5. Google is moving UK users' data to the US due to Brexit. The bulk of GDPR will continue to apply to the UK after Brexit, but there will be some changes to how consumer data is handled. The data used to be stored in the EU. Privacy advocates are concerned that UK users' data will now get caught up in the US government's mass surveillance initiatives. Link
   
6. Hackers are threatening to report websites for GDPR violations if they don't pay up. Interestingly, hackers have deemed GDPR complaints scary enough to use it to extort Bitcoin from compromised sites. The hackers have put this ransom note on more than 22,000 exposed MongoDB databases. Privacy complaints used to be perceived as little more than speeding tickets - that is no longer true. Link
   
7. The Court of Justice of the European Union will rule on Thursday about the legality of transferring Europeans' data around the world. The lawsuit argues that Facebook's movement of data across borders lacks sufficient data protection safeguards. Link