#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

GDPR | Breaking Cybersecurity News | The Hacker News

Category — GDPR
France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent

France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent

Dec 23, 2022 Privacy / Data Security
France's privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés (CNIL)  noted  that users visiting the home page of its Bing search engine did not have a "mechanism to refuse cookies as easily as accepting them." The authority, which carried out an online audit between September 2020 and May 2021 following a complaint it received in February 2020,  stated  the tech giant deposited cookies with an aim to serve ads and fight advertising fraud without getting a user's permission beforehand, as is required by law. Along with the fines, Microsoft has also been ordered to alter its cookie practices within three months, or risk facing an additional penalty of €60,000 per day of non-compliance following the end
Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

Mar 16, 2022
The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union's  GDPR laws  in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog  said  in a press release. The decision follows the regulator's investigation into 12  data   breach   notifications  it received over the course of a six-month period between June 7 and December 4, 2018. "This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information," Meta  said  in a statement shared with the Associated Press. "
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
France Rules That Using Google Analytics Violates GDPR Data Protection Law

France Rules That Using Google Analytics Violates GDPR Data Protection Law

Feb 11, 2022
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a  similar decision  was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not "sufficiently regulated" citing a violation of  Articles 44 et seq.  of the data protection decree, which govern the transfers of personal data to third countries or international entities. Specifically the independent administrative regulatory body highlighted the lack of equivalent privacy protections and the risk that "American intelligence services would access personal data transferred to the United States if the transfers were not properly regulated." "[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google An
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
German Court Rules Websites Embedding Google Fonts Violates GDPR

German Court Rules Websites Embedding Google Fonts Violates GDPR

Jan 31, 2022
A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data — i.e., IP address — to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "persons behind the IP address." The violation amounts to the "plaintiff's loss of control over a personal data to Google," the ruling  issued by Landgericht München's third civil chamber in Munich read. Google Fonts is a  font embedding service  library from Google, allowing developers to add fonts to their Android apps and websites simply by referencing a stylesheet. As of January 2022, Google Fonts is a repos
Strengthen Your Password Policy With GDPR Compliance

Strengthen Your Password Policy With GDPR Compliance

Jun 17, 2021
A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies that are compliant with the General Data Protection Regulation (GDPR). Even if your company isn't based in the EU, these requirements apply if you have employees or customers residing in the EU or customers purchasing there. In this post, we will look at GDPR requirements for passwords and provide practical tips on how to design your password policy. Remember, even if GDPR isn't required for you now, the fundamentals of a data protection regulation plan can help strengthen your organization's security.  Password requirements for GDPR compliance You may be surprised to discover that the GDPR laws do not actually mentio
Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

Jul 09, 2019
After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach. This is the second major penalty notice in the last two days that hit companies for failing to protect its customers' personal and financial information compromised and implement adequate security measures. In November 2018, Marriott discovered that unknown hackers compromised their guest reservation database through its Starwood hotels subsidiary and walked away with personal details of approximately 339 million guests. The compromised database leaked guests' names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences. The breach, which likely happened in 2014, also exposed unencrypted passport
British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

Jul 08, 2019
Britain's Information Commissioner's Office (ICO) today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach . British Airways, who describes itself as "The World's Favorite Airline," disclosed a breach last year that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. At the time, the company confirmed that customers who booked flights on its official website (ba.com) and British Airways mobile app between August 21 and September 5 had had their details stolen by attackers. The cyberattack was later attributed to the infamous Magecart threat actor, one of the most notorious hacking groups specialized in stealing credit card details from poorly-secured websites, especially online eCommerce platforms. Magecart hackers have been known for using digital credit card ski
Google fined $57 million by France for lack of transparency and consent

Google fined $57 million by France for lack of transparency and consent

Jan 21, 2019
The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data Protection Commission) said in a press release issued today. The fine was imposed following the latest CNIL investigation into Google after receiving complaints against the company in May 2018 by two non-profit organizations—None Of Your Business (NOYB) and La Quadrature du Net (LQDN). Why Has Google Been Fined? According to the CNIL, Google has been found violating two core privacy rules of the GDPR—Transparency, and Consent. First, the search engine giant makes it too difficult for users to find essential information, like the "data-processing purposes, the data storag
Here's How to Download All the Data Apple Collects About You

Here's How to Download All the Data Apple Collects About You

May 24, 2018
Apple is making it easier for its users to download their data the company has collected about them so far. On Wednesday, Apple just launched a new Data and Privacy website that allows you to download everything that the company knows about you, from Apple ID info, device info, App Store activity, AppleCare history, your online shopping habits to all of your data stored in its iCloud. A similar feature was recently offered by Facebook, enabling its users to download all of their data , not only what they have posted, but also information like facial recognition and location data, following the Cambridge Analytica scandal . Apple has currently made this feature only available for people having accounts in European Union (along with Iceland, Liechtenstein, Norway and Switzerland), to comply with the General Data Protection Regulation (GDPR) act, which goes into effect on May 25. However, Apple is planning to roll out this feature worldwide in the coming months. "We inten
Expert Insights / Articles Videos
Cybersecurity Resources