As the 2022 Winter Olympics began, so too did increased concerns over security. While no threats have been detected so far, the FBI has warned that various cyber criminals could try to take advantage of the Olympics to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals,” Tech Radar reported.
Among the FBI’s major concerns is that these potential attacks could result in breaches to Olympic participants’ and workers’ personal information. The agency warned those involved to use a VPN, consistently monitor networks and endpoints, and to review security policies, user agreements, and patching procedures.
More Organizations Fined Under the European Union’s General Data Protection Regulation (GDPR)
As we reported in a previous post, European agencies are issuing hefty fines on organizations they claim are failing to comply with the GDPR. In January, France’s data protection agency, the Commission Nationale de l’Informatique et des Libertés, fined Google and Facebook $210 million USD for allegedly violating the GDPR. Later, Austria’s Data Protection Authority found that the use of Google Analytics violates the GDPR.
Given the widespread use of Google Analytics, this decision is expected to have a far-reaching and powerful impact. According to the International Association of Privacy Professionals (IAPP), the decision is the first of 101 complaints filed across EU nations by NOYB, an advocacy organization.
The group alleges that the companies’ use of Google Analytics was not in line with the requirements for the Court of Justice of the European Union’s “Schrems II” ruling on data transfers. (Declared in July 2020, that decision invalidated the EU-U.S. Privacy Shield agreement, which is a framework for regulating transatlantic transfers of personal data for commercial use between the United States and the EU.)
According to the ruling, Google is collecting and transferring users’ personal data to the U.S. without shielding data from U.S. government surveillance. It also found that steps taken by the company to protect users, such as data encryption, were not enough. Some experts fear the decision could make legal data transfer between continents difficult, if not impossible.
“In the absence of a breakthrough in Privacy Shield negotiations, data transfers – and consequently international trade – between the EU and U.S. face a bleak future,” says IAPP Senior Fellow Omer Tene.
The IAPP also reported that Belgium’s Data Protection Authority recently slapped IAB Europe, an association for the digital marketing and advertising ecosystem, with a €250,000 fine. The authority is claiming that IAB’s Transparency and Consent Framework (TCF), followed by many advertisers in the EU, does not comply with the GDPR. Among its accusations, the authority has claimed that IAB Europe acted as a data controller, which the organization denies. It also accused IAB Europe of failing to comply with a number of requirements under the GDPR, such as appointing a data protection officer, establishing a legal basis for processing, and performing a data protection impact assessment. IAB Europe has just two months to show that its framework is compliant with the rules. On 11 February, IAB Europe confirmed that it will appeal the ruling.
While data privacy laws can be confusing, one thing is clear: organizations that fail to comply with them can expect big penalties. Is your organization ready to deal with these new laws?
Data Privacy Engineering
Your organization needs to ensure that the products and systems it develops take data privacy into account. This means limiting the data they collect, determining how your organization retains and uses that data, and ensuring you are applying all relevant regulations— which can all help build consumer trust.
IEEE has partnered with the IAPP to provide the IEEE | IAPP Data Privacy Engineering Collection to organizations. This unique training is designed to further educate technical professionals tasked with developing products so they understand, maintain, and protect data privacy throughout the R&D process. The program provides access to tools that allow the technical workforce to implement policies and processes for designing products that take ethical personal data use into consideration right from the start.
Learners will understand how to:
- recognize the benefits and challenges of emerging technologies and how to use them while respecting customer privacy
- establish organizational privacy practices for data security and control
- learn practical knowledge and insights to address corporate privacy challenges
- leverage the knowledge gained to develop products that take data privacy into account
Contact an IEEE Account Specialist today to learn more.
Fadilpasic, Sead. (2 February 2022). FBI warns Beijing Winter Olympics could be a big target for cyberattacks. TechRadar.
Bryant, Jennifer. (2 February 2022). Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations. IAPP.
Bryant, Jennifer. (20 January 2022). Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’. IAPP.
(11 February 2022). IAB Europe to Appeal Belgian Data Protection Authority Ruling. IAB Europe.