Tsaaro Weekly Privacy Newsletter
29th April, 2022
Tsaaro Weekly Privacy Newsletter
29th April, 2022

DATA SAFETY OPTION BY GOOGLE PLAYSTORE, IS IT A GAME CHANGER?

The ‘Data Safety Section’ for Android Apps in the Play Store is Live! Let’s understand what it brings to the table; 

Last May, Google announced that the Play Store would get a ‘Data Safety’ section.         This section will be fully available over the coming weeks, and full developer adoption is set to launch in July this year. The deadline for the same is set as 20th July 2022.

What does this mean to the users?

This section will provide users with more transparency regarding their data and how their data is secured by the app developers, and details on whether their data is shared with third parties, which is a game-changer.

What does this mean to the developers?

While we believe that developers need to take care of their Privacy systems, this update proves the importance of developers being aware of the data being collected and retained by their companies.

This can be ensured by maintaining a record of processing activities (RoPA) and conducting a thorough Data Privacy Impact Assessment (DPIA), helping organizations stay compliant with regulations and be more cognizant.  This feature is Google’s attempt to improve the data security for their  Android users with several key measures. 

We at Tsaaro have always encouraged our clients to implement Privacy by Design which means incorporating these practices from Day 1.  We can’t wait to see what new changes this could bring to Privacy Community, and if it proves to be a game changer indeed.

Major Privacy Updates of the Week

CJEU: Consumer groups can sue over GDPR violations

Meta Platforms Inc. can still face lawsuits from consumer groups for possible violations of data protection rules, the European Union’s top court said. The EU’s tough data protection rules that took effect in May 2018 do not prevent “national legislation which allow a consumer protection association to bring legal proceedings,” the EU Court of Justice ruled on Thursday. The EU’s General Data Pro

The EU’s General Data Protection Regulation, or GDPR, empowered data watchdogs to issue fines of as much as 4% of a company’s annual sales. The new rules put the regulators in charge of monitoring violations and investigating complaints, and also turned the Irish watchdog overnight into the lead watchdog probing a handful of all powerful U.S. tech firms that have an EU base in the country. In a dispute between the Federation of German Consumer Organizations and Meta’s Facebook, Germany’s top civil court in 2020 sought the EU tribunal’s guidance on whether lawsuits to protect consumers from Big Tech behaving badly are still possible under GDPR.

Read More

CJEU: Consumer groups can sue over GDPR violations

Meta Platforms Inc. can still face lawsuits from consumer groups for possible violations of data protection rules, the European Union’s top court said. The EU’s tough data protection rules that took effect in May 2018 do not prevent “national legislation which allow a consumer protection association to bring legal proceedings,” the EU Court of Justice ruled on Thursday. The EU’s General Data Pro

The EU’s General Data Protection Regulation, or GDPR, empowered data watchdogs to issue fines of as much as 4% of a company’s annual sales. The new rules put the regulators in charge of monitoring violations and investigating complaints, and also turned the Irish watchdog overnight into the lead watchdog probing a handful of all powerful U.S. tech firms that have an EU base in the country. In a dispute between the Federation of German Consumer Organizations and Meta’s Facebook, Germany’s top civil court in 2020 sought the EU tribunal’s guidance on whether lawsuits to protect consumers from Big Tech behaving badly are still possible under GDPR.

Read More

EU agrees on landmark law aimed at forcing Big Tech firms to tackle illegal content

Big tech companies like Google and Facebook parent Meta will have to police their platforms more strictly to better protect European users from hate speech, disinformation and other harmful online content under landmark EU legislation approved early Saturday. European Union officials clinched the agreement in principle on the Digital Services Act after lengthy final negotiations that began Friday. The law will also force tech companies to make it easier for users to flag problems, ban online ads aimed at kids and empower regulators to punish noncompliance with billions in fines.

The Digital Services Act, one half of an overhaul for the 27-nation bloc’s digital rulebook, helps cement Europe’s reputation as the global leader in efforts to rein in the power of social media companies and other digital platforms.

Read more

EU agrees on landmark law aimed at forcing Big Tech firms to tackle illegal content

Big tech companies like Google and Facebook parent Meta will have to police their platforms more strictly to better protect European users from hate speech, disinformation and other harmful online content under landmark EU legislation approved early Saturday. European Union officials clinched the agreement in principle on the Digital Services Act after lengthy final negotiations that began Friday. The law will also force tech companies to make it easier for users to flag problems, ban online ads aimed at kids and empower regulators to punish noncompliance with billions in fines.

The Digital Services Act, one half of an overhaul for the 27-nation bloc’s digital rulebook, helps cement Europe’s reputation as the global leader in efforts to rein in the power of social media companies and other digital platforms.

Read more

India, EU agree to launch Trade and Technology Council to push nexus of trade, trusted technology and security

India and the European Union (EU) on 25th April 2022 launched the India-EU Trade and Technology Council, a strategic mechanism that will give New Delhi access to advanced technologies and allow the two sides to set standards in crucial areas such as 5G and artificial intelligence. This is the first time India has agreed to set up such a trade and technology council with any of its partners. For the EU, it is only the second such body, following the first one set up with the US.

The agreement on launching the council was reached at a meeting between Prime Minister Narendra Modi and European Commission President Ursula von der Leyen.

Read more

US and Canada Collaborate to Tackle Cybercrime

India and the European Union (EU) on 25th April 2022 launched the India-EU Trade and Technology Council, a strategic mechanism that will give New Delhi access to advanced technologies and allow the two sides to set standards in crucial areas such as 5G and artificial intelligence. This is the first time India has agreed to set up such a trade and technology council with any of its partners. For the EU, it is only the second such body, following the first one set up with the US.

The agreement on launching the council was reached at a meeting between Prime Minister Narendra Modi and European Commission President Ursula von der Leyen.

Read more

NHA releases revised draft of Heath Data Management policy

The National Health Authority (NHA) had finalised and published the Heath Data Management (HDM) Policy for the Ayushman Bharat Digital Mission (ABDM) in December 2020.  Since then, NHA has received feedback from various stakeholders and had learnings from pilot and national rollout of ABDM. Based on these, few revisions in the HDM Policy are contemplated.

The draft with revisions has been released on 23rd April 2022 on the website  https://abdm.gov.in/home/Publications  under the heading “Consultation Papers”. NHA has requested all the stakeholders to give their comments by 21st May 2022 on the website.

Read more

NHA releases revised draft of Heath Data Management policy

The National Health Authority (NHA) had finalised and published the Heath Data Management (HDM) Policy for the Ayushman Bharat Digital Mission (ABDM) in December 2020.  Since then, NHA has received feedback from various stakeholders and had learnings from pilot and national rollout of ABDM. Based on these, few revisions in the HDM Policy are contemplated.

The draft with revisions has been released on 23rd April 2022 on the website  https://abdm.gov.in/home/Publications  under the heading “Consultation Papers”. NHA has requested all the stakeholders to give their comments by 21st May 2022 on the website.

Read more

Hackers Gained Access To T-Mobile VPNs, Customer Service, And Source Code

T-Mobile has had the source code for various projects stolen in various breaches by the Lapsus$ hacking group last month. Leaked private messages from Lapsus$ members in the week before its most prolific members were apprehended in March revealed that the group was able to secure initial access, as well as credentials, from Russian Market and other sites. While Lapsus$ has not faced difficulties in purchasing credentials, exfiltrating data, and conducting social-engineering campaigns against targeted companies, the group noted device enrollment as a bigger challenge. T-Mobile employees were found to be bombarded with attacks by Lapsus$ members, who sought to conduct SIM swapping to allow interception of text messages and phone calls. Lapsus$ was then discovered to have obtained access to T-Mobile’s customer account management tool dubbed “Atlas” on March 19, which was then leveraged to search for FBI and Department of Defense-associated accounts. Over 30,000 T-Mobile source code repositories were found to be stolen by an automated script by Lapsus$ leader White. Meanwhile, T-Mobile insisted that the breach did not involve any customer or government data, as well as other sensitive information.

Read more

Hackers Gained Access To T-Mobile VPNs, Customer Service, And Source Code

T-Mobile has had the source code for various projects stolen in various breaches by the Lapsus$ hacking group last month. Leaked private messages from Lapsus$ members in the week before its most prolific members were apprehended in March revealed that the group was able to secure initial access, as well as credentials, from Russian Market and other sites. While Lapsus$ has not faced difficulties in purchasing credentials, exfiltrating data, and conducting social-engineering campaigns against targeted companies, the group noted device enrollment as a bigger challenge. T-Mobile employees were found to be bombarded with attacks by Lapsus$ members, who sought to conduct SIM swapping to allow interception of text messages and phone calls. Lapsus$ was then discovered to have obtained access to T-Mobile’s customer account management tool dubbed “Atlas” on March 19, which was then leveraged to search for FBI and Department of Defense-associated accounts. Over 30,000 T-Mobile source code repositories were found to be stolen by an automated script by Lapsus$ leader White. Meanwhile, T-Mobile insisted that the breach did not involve any customer or government data, as well as other sensitive information.

Read more

WEEKLY PRIVACY NEWSLETTER

Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro