EU data laws set to bite after FB scandal
Rights for citizens, duties for firms
BRUSSELS, May 14, (AFP): New European Union data protection laws take effect on May 25 to protect users’ online information, in what Brussels touts as a global benchmark after the Facebook scandal.
The laws will cover large tech companies like Google, Twitter and Facebook that use personal data as an advertising goldmine, as well as firms like banks and also public bodies.
One major change is that consumers must explicitly grant permission for their data to be used, while they can also specifically ask for their personal information to be deleted.
Firms face huge fines of up to 20 million euros ($24 million) or four percent of annual global turnover for failing to comply with the EU’s General Data Protection Regulation (GDPR).
“It’s your data — take control,” the European Commission, the EU’s executive arm, urges the bloc’s 500 million citizens in guidelines for the new rules.
The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
Facebook chief Mark Zuckerberg told US lawmakers last month the firm plans to fall into line with the EU rules as it seeks to rebuild its reputation after the breach, which affected 87 million users.
The scandal has proved a godsend for the EU.
EU Justice Commissioner Vera Jourova told AFP in an interview that the incident fueled “a campaign” for the new European law in a way that she could never have done.
She said the EU was setting a global benchmark for data protection as many Americans who once criticised Europe as too set on regulation now see the need for the GDPR.
Here is an explainer on the rights and obligations entailed under the General Data Protection Regulation (GDPR), FRANKFURT, May 14, (RTRS): European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked, leading them to urge people using them to disable and uninstall them immediately.
University researchers from Muenster and Bochum in Germany, and Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular email applications such as Microsoft Outlook and Apple Mail.
“There are currently no reliable fixes for the vulnerability,” lead researcher Sebastian Schinzel, professor of applied cryptography at the Muenster University of Applied Sciences, said in a tweet on Monday.
“If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.” The team will unveil their findings in full on Tuesday.
The vulnerabilities in PGP and S/
which is set take effect later this month: Power to the people These are the main rights guaranteed to European internet users under the GRPD — please note that some are already covered by national legislation in several countries.
The right to be informed. Internet users who hand over personal data have the right to know how it will be used, how long it will be kept and whether it might be used outside the European Union.
The right to access, correct and erase data. Users will be able to transfer their data to another service provider, or receive it themselves in a usable format. MIME standards pose an “immediate risk” to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation a US digital rights group.
It recommended that users switch for the time being to secure messaging app Signal for sensitive communications.
Germany’s Federal Office for Information Security (BSI) put out a statement saying there were risks that attackers could secure access to emails in plain text once the recipient had decrypted them.
It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.
“Securely encrypted email remains an important and suitable means of increasing information security,” it said in a statement, adding that the flaws which have been discovered can be remedied through patches and proper use.
The right to be forgotten. Users can ask that they no longer appear in searches, although this right is also balanced against the public’s right to know.
The right to challenge algorithms. If algorithms play an important role in decisions, such as admission to universities, those affected should have the right to challenge the decision and request human intervention.
The right to contest violations of rights. Each country’s information rights agency will accept complaints. If the complaint concerns a company in another EU state, it will be transferred to the regulator in that country. Final decisions taken by all the national agencies together are binding across the EU.