The MP for Coventry South Jim Cunningham asked a question on the potential effect of the UK leaving the EU on data regulations in the UK. Digital minister Margot James responded that the UK is a global leader in strong data protection standards and this will continue to be a priority after we leave the EU. Read more here.
Who’s getting it wrong?
The ICO has fined Uber £385,000 for failing to protect customers’ personal information during a cyber attack where the personal details of around 2.7 million UK customers were accessed and downloaded. The security flaws were deemed avoidable and the customers and drivers affected were not told about the incident for more than a year. Instead, Uber paid the attackers responsible £100,000 to destroy the data they had downloaded. Although there was no legal duty to report data breaches under the old legislation the ICO says the way Uber handled the breach was not the appropriate response. Read more here. For the same breach, the Dutch Data Protection Authority has fined Uber and its Dutch subsidiary Uber B.V. €600,000 for violating Dutch data protection regulations.
The ICO has fined two companies for making nearly 1.73 million direct marketing calls to people registered with the Telephone Preference Service. DM Design Bedrooms Ltd was fined £160,000 and Solartech North East was fined £90,000. Both companies were dealt with under the Data Protection Act 1998. Read more here.
According to a study commissioned by security firm Sophos 47% of UK IT directors would “definitely” be willing to pay a ransom fee to hackers to avoid reporting a data breach and risking a fine under the GDPR. A further 30% said they would “possibly” consider paying a ransom if it was lower that the possible fine. Read more here.
Amazon suffered a major data breach last week where customer names and email addresses were disclosed on its website. Amazon said it fixed the issue and informed customers who may have been affected. Read more here.
The ICO has appointed Dr Reuben Binns, an expert in Artificial Intelligence, to research and investigate the impact of AI on data privacy. Read more here.
Facebook documents have been seized by MPs investigating the Cambridge Analytica data scandal. Using rarely used parliamentary powers the documents were intercepted when an executive of US tech firm Six4Three was on a trip to London. The House of Commons serjeant-at-arms was sent to the businessman’s hotel and gave him two hours to comply with an order, when he failed to do so he was escorted to Parliament and warned of fines and imprisonment if the documents were not surrendered. Facebook has demanded their return but MPs believe the documents are “highly relevant” to the inquiry. Read more here.
Google has been accused of flouting European data protection laws when it tracks users’ locations. A coalition of seven consumer organisations says Google used “deceptive” practices” to make people turn on its tracking systems meaning consent is not being freely given. Read more here.
In Germany, a chat app has been fined €20,000 under the GDPR for storing user passwords in plain text. Read more here.