A Europe-based company that has previously been blacklisted for its commercial spyware is now under US sanctions. The US state department blacklisted the software for trade in mid-2023.
Data Privacy
Technological development has always outpaced privacy concerns, but never more so than in the past decade. Collection and centralization of personally identifiable information (PII), tracking of movements and digital surveillance are all at unprecedented levels. Regulations and laws are only just beginning to catch up to the ability of both governments and private entities to deploy these capabilities.
What exactly is there to worry about? The mass collection and centralization of data by giant multinationals such as Facebook and Google is as good of a place to start as any. Two decades of vacuuming up the personal data of users of various online services has created the most impressive marketing capabilities in history, but these profiles have astounding potential for damage when they are used the wrong way or fall into the wrong hands.
Unauthorized information that is captured in data breaches tends to find its way to massive “combo lists” that are sold and traded on the dark web. Social security numbers are added from this breach, home addresses and phone numbers from that one, personal health information from yet another. Soon, a frighteningly complete profile of millions of individuals is available to anyone willing to pay the asking price.
These are just the established data privacy issues. The emerging ones are even worse. High-quality facial recognition technology is just beginning to roll out across the public places of some countries. Artificial intelligence is not only making mass facial recognition possible, but magnifies the power and reach of any application that involves capturing and sorting information: scanning pictures, analyzing speech, sifting through text and location data. This threatens to not only shatter anonymity and privacy, but allow for highly advanced impersonation and take the concept of “identity theft” to new levels.
Some businesses chafe at the trouble and added expense of new and emerging data privacy regulations, but they are vital to both protecting rights and privacy and instilling confidence in end users. Customers want to be able to submit their payment information without worry about data breaches and identity theft, use services without wondering what is being done with their personal information and use devices without fear of surveillance or having location data tracked. The need for meaningful safeguards only grows greater as technological capabilities increase.
Sam Altman's Worldcoin project will not be available in Spain for up to three months, and may face future actions under the GDPR. The country's data protection authority, the AEPD, has ordered the company to stop collecting personal information due to privacy concerns.
Should the bill make it all the way through the legislative process in its present form, the TikTok ban would give ByteDance 165 days to find a buyer for the app. If it cannot or will not sell TikTok within that period, the app would then be banned from US app stores.
The executive order specifies that a broad range of sensitive personal data can no longer be sold off to or shared with adversary nations. The administration noted that data brokers, knowingly or otherwise, often feed foreign intelligence services and scammers.
Users are likely to feel uneasy about the extent of information a single superapp brand could possess regarding their individual preferences, raising real concerns about privacy and data control, which in turn could affect app uptake.
As more states pass not just comprehensive privacy laws, but narrow legislation that focuses on children’s privacy, data brokers, and hopefully, the emerging trend of privacy-for-profit, the pressure to find solutions that support compliance, while saving resources in an unsettled market, is only going to grow.
New papers reveal the National Security Agency (NSA) regularly purchases internet data about Americans from private data brokers, including categories that could normally only be obtained via a court order.
In addition to five new state privacy laws, 2024 is expected to bring not only an amplified number of cyberattacks but also increasingly sophisticated attacks, including using emerging technologies such as artificial intelligence (AI), in what is a quickly and continuously evolving threat landscape.
The only way to achieve data privacy is through implementing effective data security. A well-designed, privacy-first security program offers significant benefits to any organization while minimizing potential privacy impacts.
Today, data flows have become infinitely more complex in what has come to be known as surveillance capitalism. The challenge is how to future proof privacy legislation, learning the lesson of what worked with credit reporting laws as well as other more recent measures.