Category Archives: Data protection

Qantas passengers’ personal details exposed as airline app logs users into wrong account

Posted on by

Airline investigating whether privacy breach allowing customers to view others’ account details was caused by ‘recent system changes’

Potentially thousands of Qantas customers have had their personal details made public via the airline’s app, with some frequent flyers able to view strangers’ account details and possibly make changes to other users’ bookings.

Clare Gemmell from Sydney said that she and four colleagues encountered the problem shortly after 8.30 on Wednesday morning.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Lawsuit in London to allege Grindr shared users’ HIV status with ad firms

Posted on by

High court action will claim US owner allowed access to app users’ private information in breach of UK law

Grindr faces the prospect of legal action by hundreds of users who will allege that the dating app shared highly sensitive personal information, including in some cases their HIV status, with advertising companies.

The law firm Austen Hays is to file a claim on Monday in London’s high court alleging that the US owner of the app breached British data protection laws.

Continue reading...

Worried about a bump on your date’s penis? There’s an app for that – but not everyone is convinced

Posted on by

Company behind app says no personal information is collected but experts warn of ‘how easily’ data can be hacked

Yudara Kularathne came up with the idea for an AI-driven app when a friend was worried about a bump on their penis.

Kularathne was then a consultant physician in Singapore in 2019, but he saw the potential for an app that could instantly identify a suspected sexually transmitted infection from a photo of male genitalia.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Second accidental data leak in four months ‘regrettable’, Australian finance department says

Posted on by

Incident comes as data shows government sector breaches mostly caused by human error, not criminal acts

The finance department has accidentally shared confidential commercial information for the second time as new data reveals the number of human errors behind government data breaches.

The department has confirmed that last week it emailed 236 suppliers, and that the email included “embedded information with some third-party confidential information”.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Google stops notifying publishers of ‘right to be forgotten’ removals from search results

Posted on by

Move comes after Swedish court rules that informing webmasters about delisted content is breach of privacy

Google has quietly stopped telling publishers when it has removed websites from its search results under European “right to be forgotten” rules after a ruling in a Swedish court which the search engine is applying globally.

Previously, when an individual applied to have records about them expunged under EU data protection laws, Google would notify the publisher of the original articles.

Continue reading...

Ulez fines scandal: Italian police ‘illegally accessed’ thousands of EU drivers’ data

Posted on by

Italy’s data protection body investigates claims police shared names and addresses with firm collecting penalties for TfL

The names and addresses of thousands of EU drivers were unlawfully accessed by Italian police and shared with the company that collects Ulez penalties on behalf of Transport for London (TfL), investigators believe.

The Italian data protection authority is investigating claims by Belgium’s government that an unnamed police department misused official powers to pass the personal details of Belgian drivers to Euro Parking Collections, which is employed by TfL to issue fines to enforce London’s low emission zone (Lez) and ultra-low emission zone.

Continue reading...

NHS England faces lawsuit over patient privacy fears linked to new data platform

Posted on by

Four groups claim no legal basis exists for setting up the Federated Data Platform which facilitates information sharing

The NHS has been accused of “breaking the law” by creating a massive data platform that will share information about patients.

Four organisations are bringing a lawsuit against NHS England claiming that there is no legal basis for its setting up of the Federated Data Platform (FDP). They plan to seek a judicial review of its decision.

Continue reading...

Patients may shun new NHS data store over privacy fears, doctors warn

Posted on by

BMA raises concerns with minister about planned data platform, which could be run by US firm Palantir

Patients fear that their personal information may be misused by the NHS’s new data store, especially if the US spy technology company Palantir runs it, doctors’ leaders have warned ministers.

The planned creation of the “federated data platform” (FDP) has prompted concerns about privacy and trust in the NHS and suggestions that suspicion around it will lead patients to refuse to share their data.

Continue reading...

Californians will be able to delete all personal online data with first-in-US law

Posted on by

Delete Act signed by governor Gavin Newsom strengthens existing regulations so users will be able to scrub info from a single page

In a victory for privacy advocates and consumers, the California governor Gavin Newsom signed a bill that would enable residents to request that their personal information be deleted from the coffers of all the data brokers in the state.

The bill, SB 362, otherwise known as the Delete Act, was introduced in April 2023 by the state senator Josh Becker in an attempt to give Californians more control over their privacy. Californians already have a right to request their data be deleted under current state privacy laws, but it requires filing a request with each individual company.

Continue reading...

China’s manipulation of media threatens global freedoms, says US report

Posted on by

Censorship, data harvesting and purchases of foreign news outlets could lead to ‘sharp contraction’ of freedom of expression

China is manipulating global media through censorship, data harvesting and covert purchases of foreign news outlets, according to a new report from the US state department, which warned the trend could lead to a “sharp contraction” of global freedom of expression.

The report released on Thursday found that Beijing had spent billions of dollars annually on information manipulation efforts, including by acquiring stakes in foreign media through “public and non-public means”, sponsoring online influencers and securing distribution agreements that promote unlabelled Chinese government content.

Continue reading...

Federal government could pay millions in compensation over asylum seeker data breach

Posted on by

Breach, discovered by Guardian Australia, resulted in information being used to allegedly threaten some in detention

The Australian government may be liable for tens of millions of dollars in compensation to asylum seekers after it posted their personal details online while they were in immigration detention.

The mass data breach, discovered by Guardian Australia in 2014, resulted in information being used, in some cases, to allegedly threaten asylum seekers, or persecute and even jail their family members.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

TikTok fined €345m for breaking EU data law on children’s accounts

Posted on by

Irish data regulator says platform put 13- to 17-year-old users’ accounts on default public setting, among other breaches

TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.

The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

Continue reading...

The owner of Bunnings and Kmart is now in the prescriptions business, raising fears over patient data

Posted on by

Doctors and pharmacists concerned that Wesfarmers’ acquisition of InstantScripts could end the notion that ‘health data is sacrosanct’

The integration of a controversial online doctor service alongside Bunnings, Kmart and hundreds of pharmacies in the Wesfarmers portfolio has raised concerns among medical practitioners about potential risks to patient data security.

InstantScripts sprang to prominence during the pandemic, offering an alternative to the GP by generating prescriptions via an online form that was then remotely checked by a doctor. The business covers 300 low-risk drugs that patients can either pick up from a pharmacist or get delivered directly to their home.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Twitter ‘unfit’ for banking over alleged complicity in Saudi rights abuses

Posted on by

Lawyers for family say Saudi government took brother’s data in breach and ‘arrested, tortured, and imprisoned’ him and others

The company formerly known as Twitter is “unfit” to hold banking licenses because of its alleged “intentional complicity” with human rights violations in Saudi Arabia and treatment of users’ personal data, according to an open letter sent to federal and state banking regulators that was signed by a law firm representing a Saudi victim’s family.

The allegations by lawyers representing Areej al-Sadhan, whose brother Abdulrahman was one of thousands of Saudis whose confidential personal information was obtained by Saudi agents posing as Twitter employees in 2014-15, comes as Twitter Payments LLC, a subsidiary of X (the company formerly known as Twitter), is in the process of applying for money-transmitter licenses across the US.

Continue reading...

Dymocks warns customer records may be on dark web after possible data breach

Posted on by

Bookseller’s managing director says potential hack was detected on Wednesday and investigation has been launched

Bookstore chain Dymocks has warned customers of a possible data breach that could lead to their personal information being leaked on the dark web.

In an email sent to members on Friday, the bookseller’s managing director, Mark Newman, said a potential hack was detected two days earlier.

Continue reading...

Customer data used for unwanted romantic contact, UK poll shows

Posted on by

Almost one in three people aged 18-34 have been messaged by staff after giving personal details to a business

Almost one in three people aged 18-34 have received unwanted romantic contact after giving their personal information to a business, a UK poll has shown.

The Information Commissioner’s Office (ICO) has called for recipients of such texts to come forward to help the regulator gather evidence of the impact of this phenomenon.

The ICO has an online form for people who want to report an experience of unwanted contact.

Continue reading...

Hacked UK voter data could be used to target disinformation, warn experts

Posted on by

Data from Electoral Commission breach could allow rogue actors to create AI-generated messages in effort to manipulate elections

Data accessed in the Electoral Commission hack could help state-backed actors target voters with AI-generated disinformation, experts have warned.

The UK elections watchdog revealed on Tuesday that a hostile cyber-attack had been able to access the names and addresses of all voters registered between 2014 and 2022.

Continue reading...

Australians increasingly concerned about online privacy after high-profile cybersecurity breaches

Posted on by

After massive hacks at Optus and Medibank, survey from information commissioner finds three-quarters of people feel data breaches are among biggest risk to privacy

Australians are more concerned than ever over the handling of their personal information and want tough laws to protect them after the Optus and Medibank cybersecurity breaches, a new study has found.

The latest Australian Community Attitudes to Privacy Survey, released on Tuesday by the Office of the Australian Information Commissioner (OAIC), found three-quarters of Australians feel data breaches are one of the biggest risks to privacy they face. That is an increase of 13% since the survey was last conducted in early 2020.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Meta to ask EU users’ permission to show targeted advertising

Posted on by

Facebook and Instagram’s parent company will stop harvesting audience data to create profiles for advertisers after regulatory rulings

Facebook and Instagram are to ask EU users for permission to show them personalised adverts, in a concession that challenges the platforms’ core money-making strategy.

The social media networks’ parent company, Meta, announced the change after a series of regulatory rulings struck down the company’s legal justification for harvesting audience data to create user profiles that can be targeted by advertisers.

Continue reading...

UK spy agencies want to relax ‘burdensome’ laws on AI data use

Posted on by

GCHQ, MI6 and MI5 propose weakening safeguards that limit training of AI models with bulk personal datasets

The UK intelligence agencies are lobbying the government to weaken surveillance laws they argue place a “burdensome” limit on their ability to train artificial intelligence models with large amounts of personal data.

The proposals would make it easier for GCHQ, MI6 and MI5 to use certain types of data, by relaxing safeguards designed to protect people’s privacy and prevent the misuse of sensitive information.

Continue reading...