TikTok Sues Montana
Hello all, and happy Thursday!Read Now
The simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Ensure your customers’ data is in good hands
Gain insights with privacy assessment templates and workflow management
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Don’t let data privacy compliance get in the way of growth
Preserve your competitive edge
Manage data privacy at scale
Expert insights on all things privacy
Subscribe and become a Privacy Insider
Research the most essential privacy topics
We'll scan your website for privacy risk at no cost
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
No fines, no penalties
Add Osano data privacy ratings and recommendations to your application
Fresh duds for data privacy fans
May 18, 2021
Welcome to Privacy Insider, a round-up of the week's most important stories.This week, France unveiled its national strategy to build a "sovereign cloud" for its citizens.
"France must equip itself with a trusted cloud because data is strategic," said France Minister of the Economy Bruno Le Maire. "Much of the economic value in the 21st century will come from data, which is why it is essential to protect it."
He means that American cloud services are making money off French data, and France needs to up its game to compete globally. As News in 24 reports, Amazon, Google and Microsoft own 70 percent of the European market.
And while Le Maire is an economics guy, he's pitching the development of a "trustworthy cloud" label to indicate companies that meet French standards set out by its cybersecurity agency, the ANSSI.
The necessity to verify a company is trustworthy stems from French mistrust of U.S. data privacy because U.S. law allows national law enforcement agencies access to innocent peoples' data to fight crime. These policies have long been a point of contention between the EU and the U.S., as I discussed in last week's love letter to you.
Reading the news that France is strategizing on keeping citizens' data on French soil isn't surprising, but it is disheartening. It's only the latest in countless stories in which government or private agencies note, rightly, that the U.S. isn't up to snuff on data privacy. It's the reason the Schrems II case continues, and it's the reason trans-border data-sharing frameworks keep burning to the ground.
And while some say the U.S. should pass a privacy law that would assure its global partners their data will be protected in its hands, that conversation stalls whenever lawmakers hint that national security policies may have to change for that to happen.
Of course, national security is essential, and there are many intelligent and reasonable people doing the intelligence work that helps keep us safe. But there also a lot of people and companies in the U.S. who want to do the right thing on data privacy, and it's a shame they -- in effect -- have to say to customers, "We will absolutely keep your data private, unless ... "
As an American, it feels like: If we're going to lead the work in tech, we should also lead the world in protecting its users.
Enjoy reading, and I'll see you next week!
2. Google imposes privacy-disclosure requirements for apps
Beginning next year, Google will require Android mobile apps to provide privacy disclosures. The new policy requires apps to include what personal information it collects, whether that information is shared and whether the app uses encryption, National Law Review reports. Apps must also disclose whether a third party has verified their claims are valid and whether users can delete their data. The news follows Apple's move last year to include privacy nutrition labels in its App Store.
3. GDPR fines since 2018 total €292 million
It's been three years since the EU General Data Protection Regulation came into effect. Since then, every EU member state and the U.K. has issued at least one GDPR fine, according to a tracking dashboard. Italy, France, and Germany have given the highest amount in fines, while Spain, Italy, and Romania have issued the most penalties.
4. Facebook loses legal challenge to Irish regulator's data-transfer decision
ComputerWeekly reports the Irish High Court has dismissed a legal challenge by Facebook. The company sought to fight the Irish Data Protection Commissioner's draft decision to suspend transfers of European data to the U.S. But the High Court said Facebook Ireland hadn't established any basis for "impugning" the judgment, the report states. The case stems from Max Schrems' claims that the transfers breach EU privacy law because they subject EU citizens to U.S. mass surveillance programs. The High Court decision allows the Irish DPC to continue its work on the case.
5. Eufy breach had users watching each others' camera streams
A privacy breach at appliance-company Eufy meant strangers could view both live and recorded video from each others' home cameras. Affected users first reported the issue on Reddit, reports 9to5Mac. Eufy stated that a software bug caused the breach, affecting a limited number of users in the U.S., New Zealand and Australia, among others. The company resolved the problem within two hours, the company said.
Writer at Osano
Writer at Osano
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
Osano makes it easy. Ready to get serious about data privacy? Choose your plan and get started. All plans come with a 30-day FREE trial!