April 18, 2021

BREAKING DATA BREACHES

Data protection services
Photo by XPS on Unsplash

The last couple of months must have been quite intense for cybersecurity teams. Facebook, LinkedIn and the new social network Clubhouse have suffered substantial data leaks: the total amount of violated accounts correspond approximately to 533 million users, 500 million and 1.3 million respectively. These cases have attracted attention because techniques of scrapping were used to leak data, which means that they have downloaded data through the exploitation of legitimate functions, and those companies claimed it cannot be considered a data breach.

However, for the time being, Data Protection Authorities across the European Union have clearly stated that such data cannot be used and in the meantime they are conducting their own investigations. In addition, recently many Authorities have been on the move: the Hamburg Authority opened a file on the privacy notice of Facebook and WhatsApp, the Bavarian Authority ordered to stop using Mail Chimp as per Schrems II, the Spanish Authority fined Vodafone EUR 8.15 million for not being able to guarantee data subjects rights and the Italian Authority fined Fastweb EUR 4.5 million, among others, for not having reported data breaches in due time.

The Italian Authority also fined Facebook EUR 7 million as Facebook did not comply with a previously issued order, which is one of the highest fines of this kind: it is not based on new violations, but on avoidance of correcting previous ones. Last, it is still unknown the destiny of the dating app Grindr in Norway, which could be the first company to be fine at full 4% of annual turnover (i.e. NOK 100 million), as the Norse Authority has not commented yet on the Company’s response.