"Canada's privacy commissioner opens investigation into World Anti-Doping Agency"— The Albertan
- Canada’s privacy commissioner has opened an investigation into the World Anti-Doping Agency’s handling of biological samples collected from athletes.
- The investigation will examine if the agency’s practices comply with Canada’s personal information law for the private sector.
- A complaint alleges the agency disclosed personal data to international sporting federations without athletes’ knowledge or consent.
- The Montreal-based agency, established in 1999, became subject to Canadian privacy law in 2015.
- The privacy watchdog cannot provide further details due to the active investigation.
- This report was first published on Nov. 12, 2024 by The Canadian Press.
"CMA Reports Over 60 Unresolved Issues in Privacy Sandbox Update"— VideoWeek
- The UK’s Competition and Markets Authority (CMA) reported over 60 unresolved issues in Google’s Privacy Sandbox update, emphasizing that not removing third-party cookies entirely doesn’t eliminate competition risks.
- The CMA retains oversight of the Privacy Sandbox, ensuring Google doesn’t design or implement tools favoring its advertising business.
- Google’s new plan allows users to choose whether to opt in or out of third-party cookies, but competition concerns remain.
- Industry stakeholders, especially ad tech and publisher groups, support the CMA’s continued oversight of Google’s new approach.
- Google is in ongoing discussions with the CMA to update commitments and ensure healthy competition while improving user privacy.
- The CMA is addressing concerns with an updated governance framework and continues to discuss the impact of third-party cookie deprecation with Google.
"Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims"— The Hacker News
- Bitdefender released a free decryptor to help victims recover data encrypted by ShrinkLocker ransomware.
- The decryptor was developed after analyzing ShrinkLocker’s inner workings, finding a window for data recovery after removing protectors from BitLocker-encrypted disks.
- ShrinkLocker, documented by Kaspersky in May 2024, uses Microsoft’s BitLocker for encrypting files in extortion attacks targeting Mexico, Indonesia, and Jordan.
- The attack investigated by Bitdefender targeted a healthcare company in the Middle East, originating from a contractor’s machine and moving laterally to an Active Directory domain controller.
- The ransomware, written in VBScript, uses BitLocker instead of its own encryption algorithm and has a bug causing an infinite loop due to a failed reboot attempt.
- Proactive monitoring of specific Windows event logs and configuring BitLocker to store recovery information in Active Directory Domain Services (AD DS) can help mitigate BitLocker-based attacks.
"Colorado’s consumer privacy law gets expanded biometric protections in draft rules"— Biometric Update
- The Colorado Attorney General’s Office proposed draft amendments to the 2021 Colorado Privacy Act (CPA), broadening requirements for businesses collecting biometric information or children’s personal data.
- House Bill 1130, signed by Governor Jared Polis, requires entities to provide clear notice about the collection, purpose, retention, and sharing of biometric data.
- The legal definition of biometric data includes facial scans, fingerprints, voiceprints, and retina scans, but not photos or audio recordings.
- Businesses are appealing for a more precise definition of biometric information, fearing the new rules could stifle innovation and impact smaller businesses.
- David J. Oberly noted the amendment’s broad reach could increase legal risk for many organizations, advising companies to prepare for compliance by July 2025.
- SB 041 accompanies HB 1130, adding protections for minors’ personal information, potentially impacting the age assurance sector.
"Asda data breach warning after job cuts from tech team insider"— The Grocer
- Members of Asda’s technology function fear a massive data breach is inevitable after the supermarket cut its chief information security officer and chief data protection officer.
- Asda CISO Simon Langley, chief data protection officer Amy Travis, and head of security operations Lianne Potter were let go as part of head office job cuts.
- An Asda spokesman stated that the roles are currently held by experienced colleagues and emphasized the supermarket’s commitment to cyber-security.
- Matt Kelleher, Asda’s chief digital officer, assured that the security team remains capable and will be led by Mike Amos, promoted from the enterprise architecture team.
- The source mentioned that since Asda’s split from Walmart in 2021, the supermarket has not built a functioning security team.
- Stuart Rose, Asda interim boss, announced major job cuts and a restructure affecting thousands of head office staff, aiming to focus investment on stores.
"The Spanish data protection agency sanctions Seat for using the 'cookies' of its website users without their consent"— ABC
- The Spanish Data Protection Agency (AEPD) fined Seat for violating Law 34/2002 (LSSI) by using cookies before obtaining user consent, with a potential fine of up to 20,000 euros.
- The AEPD found that technical or necessary cookies were used when first visiting the website without user consent.
- The website also used functional cookies to remember user preferences, which are not essential but enhance user experience.
- Segmentation cookies were identified, designed to collect browsing habits for personalized ads.
- Users could not effectively withdraw consent for non-essential cookies, as the website continued using them even after opting out.
- The AEPD initiated proceedings and set a potential fine of 20,000 euros, which could be reduced to 16,000 euros if Seat acknowledges responsibility within the given timeframe.
"Suspected Chinese hack of US telecoms reveals broader plot"— VOA News
- A hack of U.S. telecommunications systems linked to China is part of a vast effort by Beijing to spy on the United States, according to investigators.
- The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a broad and significant cyber espionage campaign.
- Chinese-linked hackers compromised multiple U.S. telecommunication networks, accessing customer call records and private communications of government officials and politicians.
- The hackers also copied information requested by U.S. law enforcement through court orders.
- The breach, first detected in late October, targeted the campaigns of President-elect Donald Trump and Vice President-elect JD Vance, as well as people affiliated with Vice President Kamala Harris.
- U.S. intelligence agencies have warned of foreign adversaries using cyberattacks and influence operations to meddle with the November 5 U.S. presidential election, with increased activity from actors linked to Russia, China, and Iran.
* The information in this newsletter is for informational purposes only and does not constitute legal or professional advice.
While we strive for accuracy, we do not guarantee the completeness or accuracy of the content. The views and opinions expressed in linked articles and resources are those of the authors and do not necessarily reflect the views of The Privacy HawkEye and / or its authors.
#AIethics #AIBias #Cybercrime #dataprivacylaw #surveillance #databreach #spyware #privacyinpolitics #digitalprivacynews #techpolicy #privacyadvocacy #cyberlaw #privacynewsletter #cybersecurity #hack
