Top News: Bite-Sized News in Data, Privacy and Security
Apple’s new privacy update to restrict user tracking
Apple rolls out a major privacy update on Monday, allowing users to choose how their personal data is handled. The iOS 14.5 software update with its App Tracking Transparency feature will require users’ explicit permission for apps to track their behavior and sell their personal data to advertisers. Read the full story here.
EU adopts law for a one-hour takedown of terrorist content
The European Parliament has passed a new law making one-hour removals of online terrorist content the legal standard across the EU. The law will be enforced 20 days after its publication in the EU’s Official Journal and will be applied a year after that. Non-compliant companies can attract fines of up to 4% of their global turnover. Read more about it here.
Experian API exposes credit scores of US citizens
The Experian Connect API exposed the credit scores of almost every American by allowing anyone to perform a credit check with only publicly available information (name and mailing address). The API, which allows lenders to automate queries for FICO credit scores from the credit bureau, could be accessed directly without any sort of authentication. As per reports, Experian has plugged the data leak, but the same flaw could still be present at other lending websites that work with the company.
Australian police investigate Microsoft tech support scam
The Australian Federal Police (AFP) is investigating an alleged fraudulent technical support business that claimed to offer genuine Microsoft technical support to Australian customers. The business instead led the victims to offshore scammers requesting remote access to their computers and convincing them to purchase outdated software sold at inflated prices. Read the AFP’s press release here.
Portuguese DPA orders suspension of data transfer to the US
The National Data Protection Commission (Comissão Nacional de Proteção de Dados, the “CNPD”) ordered Statistics Portugal to suspend the transfer of personal data to any third country (including the US) that has not been recognized as providing an adequate level of data protection. The data gathered as part of the 2021 Census surveys were being transferred to Cloudfare, a US-based service provider that supported the surveys’ operation. Read more about the incident and the EU’s movement toward data localization here.