The malware was able to penetrate phones using the app's voice calling function, with reports blaming the Israeli-based NSO Group.
WhatsApp has pointed the finger at an Israeli firm after confirming that a sophisticated hacking group had developed a tool which could take control over victim's phones by sending them a call.
The company said the attacks carried the hallmarks of a private surveillance technology firm which reportedly works with governments to deliver spyware that takes over the mobile phone operating systems.
Although the company did not name the NSO Group, its statement matched the organisation which a number of human rights organisations have accused of working with repressive regimes to target dissidents.
Dozens of WhatsApp users, including human rights organisations and a UK-based lawyer, are thought to have been targeted after hackers exploited a major vulnerability in the app.
The attackers were able to install spyware through WhatsApp's voice call function, even if the user did not pick up the call, the company confirmed.
The course will both help you to avoid embarrassing episodes such as the above and show you how to become compliant with the law, and how to leverage that knowledge to help your business.
Delivered by a Certified Data Protection Practitioner and practising Barrister, this course is designed to equip you with all the foundational knowledge that is absolutely essential for your organisation or business, of whatever size, avoid costly errors, and stay safe in what can be a data minefield.
That it may also help avoid fines and costly Court appearances is an added bonus!
Just one such occurrence will more than justify the expense.
The course is aimed at those who have to solve the practical, real-life issues facing organisations and businesses on a daily basis, and to help you put in place realistic achievable solutions to the issues you face every day, and to help you have a clear understanding of what paperwork you require to ensure that you can be compliant, and show that this is so, both to any regulator, but also to your staff and customers alike.
The course is designed for all those who handle personal data, and who need an overall understanding of how GDPR affects their business, and need to know just exactly what they need to know and do, in particular:
Cormac Clancy – practises at all levels in the Irish Courts for individuals, partnerships, SMEs and multinationals. He has a background in customer relations and management.
He is a Certified Data Protection Practitioner (Law Society of Ireland Diploma School) and has been advising on and been involved in data protection matters for several years, both as lawyer and consultant. He presents workshops and training courses for the Data Protection Group and speaks at data privacy events, such as INM’s Dublin Data Sec 2018 in the RDS and the Government Administration and Procurement Summit 2018 in Citywest.
Our GDPR Turnkey Solutions;
Our Intensive GDPR training workshops and courses are an excellent starting point for you to understand and manage your GDPR compliance. We offer a complete GDPR solution and can work with you to build a compliance file for your business, conduct audits, compliance checks, customise policy documents to suit your profession and industry sector.
Hall and Hanley Ltd of Devonshire Street North, Manchester were responsible for sending 3,560,211 direct marketing text messages between 1 January 2018 and 26 June 2018 about PPI compensation claims.
The ICO launched an investigation after it became aware of a large number of complaints about the company. It found that Hall and Hanley, which had used a third party for this work, but did not have valid consent as required by law.
Steve Eckersley, ICO Director of Investigations, said:
”Companies which are responsible for generating these types of marketing messages should make sure they are operating legally or face a potential fine. Hall and Hanley should have known better. The laws on these types of marketing messages are strict because they can be very intrusive.”
An ICO investigation into HMRC’s Voice ID service was prompted by a complaint from Big Brother Watch about the department’s conduct. The investigation focused on the use of voice authentication for customer verification on some of HMRC’s helplines since January 2017.
The ICO found that HMRC failed to give customers sufficient information about how their biometric data would be processed and failed to give them the chance to give or withhold consent. This is a breach of the General Data Protection Regulation.
The ICO issued a preliminary enforcement notice to HMRC on April 4, 2019, stating the Information Commissioner’s initial decision to compel the department to delete all biometric data held under the Voice ID system for which it does not have explicit consent.
The ICO will issue its final enforcement notice next week giving HMRC 28 days from that date to complete deletion of relevant records.
U.S. lawmakers took the opportunity Wednesday morning to ask consumer groups how they should craft a federal law in a way that gives users tools and resources to control their data in ways that align with their expectations. Also on hand at the "Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework" hearing was EU Data Protection Commissioner Helen Dixon to share her perspectives on enforcing the General Data Protection Regulation in its infancy and how the U.S. might follow or diverge from that strategy. Witnesses at the hearing advocated for algorithmic transparency, special provisions for children and nuanced regulations on data sets depending on their sensitivity.
Press Release Via The Data Protection Commissioner -
02nd May 2019
Since the application of the GDPR significant concerns have been raised by individuals and privacy advocates concerning the conduct of technology companies operating in the online advertising sector and their compliance with the GDPR. Arising from a submission to the Data Protection Commission by Privacy International, a statutory inquiry pursuant to section 110 of the Data Protection Action 2018 has been commenced in respect of Quantcast International Limited. The purpose of the inquiry is to establish whether the company’s processing and aggregating of personal data for the purposes of profiling and utilising the profiles generated for targeted advertising is in compliance with the relevant provisions of the GDPR. The GDPR principle of transparency and retention practices will also be examined.
The Data Protection Commissioner has told a US Senate Committee that her office has reason to believe that US technology firms may have breached the European Union's new data protection rules.
Speaking in Washington DC, Helen Dixon said in the 11 months since the General Data Protection Regulation came into force, the Data Protection Commission has opened 12 significant investigations into potential infringements by large US tech companies.
"So we have reason to believe then clearly that there are potential infringements of the GDPR arising," she told the US Senate Committee on Commerce, Science and Transportation.
Ms Dixon said the DPC is significantly advanced in a number of those investigations and intends to have a decision on the first of them soon.
So far, she said, no fines had been issued under GDPR because the probes which are complex are still continuing.
She said that overall her office has 51 significant investigations underway currently, with a subset of those related to US tech companies.
The commissioner said she did not think it was a case that GDPR poses a more difficult or easier compliance approach for US companies over European ones.
Via The Irish Data Protection Commissioner April 25th 2019
The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.
As the supervisory authority for all EU institutions, the European Data Protection Supervisor (EDPS) is responsible for enforcing and monitoring their compliance with data protection rules. In this capacity, the EDPS is undertaking an investigation into the compliance of contractual arrangements concluded between the EU institutions and Microsoft, the European Data Protection Supervisor said today.
Wojciech Wiewiórowski, Assistant EDPS, said: “New data protection rules for the EU institutions and bodies came into force on 11 December 2018. Regulation 2018/1725introduced significant changes to the rules governing outsourcing. Contractors now have direct responsibilities when it comes to ensuring compliance. However, when relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf. They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks. It is with this in mind that the contractual relationship between the EU institutions and Microsoft is now under EDPS scrutiny.”
EU institutions rely on Microsoft services and products to carry out their daily activities. This includes the processing of large amounts of personal data. Considering the nature, scope, context and purposes of this data processing, it is vitally important that appropriate contractual safeguards and risk-mitigating measures are in place to ensure compliance with the new Regulation. The EDPS investigation will, therefore, assess which Microsoft products and services are currently being used by the EU institutions and whether the contractual arrangements concluded between Microsoft and the EU institutions are fully compliant with data protection rules.