Connect with us

FACEBOOK

Further delay to GDPR enforcement of 2018 Twitter breach

Published

on

Twitter users have to wait to longer to find out what penalties, if any, the platform faces under the European Union’s General Data Protection Regulation (GDPR) for a data breach that dates back around two years.

In the meanwhile the platform has continued to suffer security failures — including, just last month, when hackers gained control of scores of verified accounts and tweeted out a crypto scam.

The tech firm’s lead regulator in the region, Ireland’s Data Protection Commission (DPC), began investigating an earlier Twitter breach in November 2018 — completing the probe earlier this year and submitting a draft decision to other EU DPAs for review in May, just ahead of the second anniversary of the GDPR’s application.

In a statement on the development, Graham Doyle, the DPC’s deputy commissioner, told TechCrunch: “The Irish Data Protection Commission (DPC) issued a draft decision to other Concerned Supervisory Authorities (CSAs) on 22 May 2020, in relation to this inquiry into Twitter. A number of objections were raised by CSAs and the DPC engaged in a consultation process with them. However, following consultation a number of objections were maintained and the DPC has now referred the matter to the European Data Protection Board (EDPB) under Article 65 of the GDPR.”

Under the regulation’s one-stop-shop mechanism, cross-border cases are handled by a lead regulator — typically where the business has established its regional base. For many tech companies that means Ireland, so the DPC has an oversized role in the regulation of Silicon Valley’s handling of people’s data.

This means it now has a huge backlog of highly anticipated complaints relating to tech giants including Apple, Facebook, Google, LinkedIn and indeed Twitter. The regulator also continues to face criticism for not yet ‘getting it over the line’ in any of these complaints and investigations pertaining to big tech. So the Twitter breach case is being especially closely watched as it looks set to be the Irish DPC’s first enforcement decision in a cross-border GDPR case.

See also  Alexis Ohanian steps down from Reddit board, asks for his seat to go to a black board member

Last year commissioner Helen Dixon said the first of these decisions would be coming “early” in 2020. In the event, we’re past the halfway mark of the year with still no enforcement to show for it. Though the DPC emphasizes the need to follow due process to ensure final decisions stand up to any challenge.

The latest delay in the Twitter case is a consequence of disagreements between the DPC and other regional watchdogs which, under the rules of GDPR, have a right to raise objections on a draft decision where users in their countries are also affected.

It’s not clear what specific objections have been raised to the DPC’s draft Twitter decision, or indeed what Ireland’s regulator has decided in what should be a relatively straightforward case, given it’s a breach — not a complaint about a core element of a data-mining business model.

Advertisement

Far more complex complaints are still sitting on the DPC’s desk. Doyle confirmed that a complaint pertaining to WhatsApp’s legal basis for sharing user data with Facebook remains the next most progressed in the stack, for example.

So, given the DPC’s Twitter breach draft decision hasn’t been universally accepted by Europe’s data watchdogs it’s all but inevitable Facebook -WhatsApp will go through the same objections process. Ergo, expect more delays.

Article 65 of the GDPR sets out a process for handling objections on draft decisions. It allows for one month for DPAs to reach a two-thirds majority, with the possibility for a further extension of another month — which would push a decision on the Twitter case into late October.

See also  WhatsApp Announces 'Communities' to Enhance Group Chats in the App

If there’s still not enough votes in favor at that point, a further two weeks are allowed for EDPB members to reach a simple majority. If DPAs are still split the Board chair, currently Andrea Jelinek, has the deciding vote. So the body’s role in major decisions over big tech looks set to be very key.

We’ve reached out to the EDPB with questions related to the Twitter objections and will update this report with any response. Update: In a statement, Jelinek, said: “I can confirm that the Irish DPC has triggered an Art 65 procedure and that the EDPB will work on this issue [as] foreseen in Art 65 GDPR (dispute resolution by the board) within the given timeframe.”

The Article 65 process exists to try to find consensus across a patchwork of national and regional data supervisors. But it won’t silence critics who argue the GDPR is not able to be applied fast enough to uphold EU citizens’ rights in the face of fast-iterating data-mining giants.

To wit: Given the latest developments, a final decision on the Twitter breach could be delayed until November — a full two years after the investigation began.

Earlier this summer a two-year review of GDPR by the European Commission, meanwhile, highlighted a lack of uniformly vigorous enforcement. Though commissioners signalled a willingness to wait and see how the one-stop-shop mechanism runs its course on cross-border cases, while admitting there’s a need to reinforce cooperation and co-ordination on cross border issues.

Advertisement

“We need to be sure that it’s possible for all the national authorities to work together. And in the network of national authorities it’s the case — and with the Board [EDPB] it’s possible to organize that. So we’ll continue to work on it,” justice commissioner, Didier Reynders, said in June.

See also  Meet the b2b videoconferencing startup that’s gone crazy for online dating

“The best answer will be a decision from the Irish data protection authority about important cases,” he added then.

TechCrunch

FACEBOOK

Facebook fighting against disinformation: Launch new options

Published

on

Meta, the parent company of Facebook, has dismantled new malicious networks that used vaccine debates to harass professionals or sow division in some countries, a sign that disinformation about the pandemic, spread for political ends, is on the wane not.

“They insulted doctors, journalists and elected officials, calling them supporters of the Nazis because they were promoting vaccines against the Covid, ensuring that compulsory vaccination would lead to a dictatorship of health,” explained Mike Dvilyanski, director investigations into emerging threats, at a press conference on Wednesday.

He was referring to a network linked to an anti-vaccination movement called “V_V”, which the Californian group accuses of having carried out a campaign of intimidation and mass harassment in Italy and France, against health figures, media and politics.

The authors of this operation coordinated in particular via the Telegram messaging system, where the volunteers had access to lists of people to target and to “training” to avoid automatic detection by Facebook.

Their tactics included leaving comments under victims’ messages rather than posting content, and using slightly changed spellings like “vaxcinati” instead of “vaccinati”, meaning “people vaccinated” in Italian.

The social media giant said it was difficult to assess the reach and impact of the campaign, which took place across different platforms.

This is a “psychological war” against people in favor of vaccines, according to Graphika, a company specializing in the analysis of social networks, which published Wednesday a report on the movement “V_V”, whose name comes from the Italian verb “vivere” (“to live”).

“We have observed what appears to be a sprawling populist movement that combines existing conspiratorial theories with anti-authoritarian narratives, and a torrent of health disinformation,” experts detail.

Advertisement

They estimate that “V_V” brings together some 20,000 supporters, some of whom have taken part in acts of vandalism against hospitals and operations to interfere with vaccinations, by making medical appointments without honoring them, for example.

See also  Meet the b2b videoconferencing startup that’s gone crazy for online dating

Change on Facebook

Facebook announces news that will facilitate your sales and purchases on the social network.

Mark Zuckerberg, the boss of Facebook, announced that the parent company would now be called Meta, to better represent all of its activities, from social networks to virtual reality, but the names of the different services will remain unchanged. A month later, Meta is already announcing news for the social network.

The first is the launch of online stores in Facebook groups. A “Shop” tab will appear and will allow members to buy products directly through the group in question.

Other features have been communicated with the aim of facilitating e-commerce within the social network, such as the display of recommendations and a better mention of products or even Live Shopping. At this time, no date has been announced regarding the launch of these new options.

In the light of recent features, the company wants to know the feedback from its users through the survey same like what Tesco doing to get its customers feedback via Tesco Views Survey. However, the company is still about this feedback will announce sooner than later in this regard.

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending