Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.
Here are the top stories you might have missed:
FTC settles with Zoom over ‘deceptive and unfair practices’
The Verge reports that the U.S. Federal Trade Commission announced this week it had settled with Zoom Video Communications, Inc., over allegations that “the videoconferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users,” according to an FTC press release. The agency alleged Zoom promised users its calls were encrypted end-to-end, but in fact, had the cryptographic keys to user conversations.
2. Companies lag behind in LGPD compliance
Though it was a long time coming, Brazil finally passed its sweeping data protection law two months ago. But ZDNet reports that only 56% of technology companies. While that might seem low, the “general readiness in other industries is about 39%,” the report states. In a survey by the Brazilian Association of Software Companies of more than 2,050 tech companies 70.3% of them collect and store confidential data, “and 30.9% have already suffered an incident relating to data violation in the last two years.
3. Rwanda’s draft privacy law moves to Parliament
Rwanda has approved a draft law to regulate personal data and privacy, The New Times reports. Rwanda’s Cabinet approved the draft Oct. 27, which would grant individuals rights over their data and create obligations for data controllers and processors. The law would include definitions for sensitive and non-sensitive data and would apply to both public and private entities and impose fines or even imprisonment for violations. Parliament must now approve it.
4. Judge rules UK citizens can’t sue Facebook in U.S.
A U.S. District Judge in California has ruled that U.K. citizens cannot sue Facebook in U.S. court, Courthouse News Service reports. The lawsuit, filed over the company’s data leak to Cambridge Analytica, sought to add five Facebook users from the U.K. as plaintiffs. The background: As the lawsuit was pending, Facebook changed its terms of service to comply with the EU General Data Protection Regulation. The plaintiffs said the terms shouldn’t apply to already-pending suits, but the judge disagreed.
5. Wickr CEO: End-to-end encryption vital for enterprise companies
In a piece for Help Net Security, Wickr CEO Joel Wallenstrom opines on the importance of end-to-end encrypted communication at the enterprise level. He says it’s a “must-have” for organizations. “Unfortunately for enterprise security and compliance teams in most companies, unsanctioned communications platforms like WhatsApp are being used outside to conduct sensitive business in contravention of corporate policies. Just recently Morgan Stanley executives were removed from the firm for using WhatsApp,” Wallenstrom writes.
6. Take data privacy seriously: Here's why
"No one cares about the data I store." That's the kind of statement that gets thrown around frequently. Many organizations view compliance with data privacy laws as a problem for another day. But there’s a great risk in doing so. It’s a misconception that can cost thousands, even millions of dollars. In this piece by Osano, learn why it's important to know your obligations on data privacy under global laws.
7. Opinion: EU must focus on China’s growing tech presence
In a piece for EURACTIV, Nicolas Tenzer writes that as the EU works to finalize its Digital Services Act, it’s not only the U.S. tech behemoths with whom the EU must compete but also Chinese companies “who are rapidly cornering wide swathes of the tech sector.” Tenzer, chairman of the Centre for Study and Research for Political Decision, writes that while China’s influence grows, none of the EU’s data protection authorities are publicly discussing the threat.
8. Hotel booking platform suffers massive data breach
Website Planet reports that a Spanish software company has suffered a breach affecting the credit card details affecting more than 10 million consumers’ credit card details. Prestige Software powers “Cloud Hospitality,” which allows hotels to automate availability on travel sites, including Expedia and Booking.com, the report states. The personal data exposed dates back to 2013.