Tech News : Birthdates Becoming Required For Social Logins

The introduction of the Age Appropriate Design Code (also known as the Children’s Code) by the ICO means that Facebook has decided to ask Instagram users to give their date of birth as part of the login.

Age Appropriate Design Code

The statutory Children’s Code (‘The Age Appropriate Design Code’), which came into force on 2 September 2020, is a set of 15 “flexible standards” that should act as a data protection code of practice for online services, such as apps, online games, and web and social media sites, likely to be accessed by children.  The idea is that it should help provide more protection for children online and companies/organisations must conform to the code and demonstrate that their services use children’s data fairly and in compliance with data protection law. The ICO says that developers and those in the digital sector must act, but gave a maximum transition period of 12 months, which is now up, and which is why Facebook’s services (including Instagram) are starting to flag up the new conditions.

Insta Login

In line with the allowed transition period, and to let Instagram users know that the changes are coming in, users will be asked for their date of birth upon login but will be able to dismiss the prompt for now. Instagram has already started blurring content that’s unsuitable for under-18s and a date of birth will be required at some point in the near future to enable people to continue using the Insta app.

Instagram’s owner, Facebook, is also now defaulting any new accounts for under 16 s to a private setting in order to help with its compliance.

Facebook Criticised Last Year

In addition to a statutory need for compliance, Facebook may also be extra keen to show that it is taking prompt action to protect young users of its platforms following reports from the Home Office and six other countries last October that Facebook was responsible for 94 percent of 69 million child sex abuse images reported by US tech firms.  This figure appears to refer to its end-to-end encrypted WhatsApp chat app being used for criminal purposes by some users.

What Does This Mean For Your Business?

This story highlights the fact that the transition period for the Children’s Code/’The Age Appropriate Design Code’ coming into force is now at an end. Facebook/Instagram introducing these measures should, therefore, be an extra reminder to all developers and those in the digital sector that they need to comply with these ‘flexible’ standards to protect young users of their services, avoid any problems with the ICO, and avoid bad publicity.  Many would argue that these standards are long overdue and that young people, for whom the Web and mobile technology have always been around need much better personal and data protection online. Putting the responsibility on providers of digital services, backed by the law, and overseen by the data regulator is one way to get the attention of the big social media platforms and could be an important tool in starting to clean-up some public areas of digital life. Policing private end-to-end encrypted apps however, which is where many criminals may be most likely to interact, is a greater challenge.  The Children’s Code may be a good start.

Tech News : Pro-Kremlin Trolls Targeting Media Website Comments

The results of new research suggest that the comments section for stories on prominent media websites across many western countries are the focus of major Kremlin-based activities to try and influence public opinion.

Multiple Outlets, Many Countries

The Open Source Communications Analytics Research (OSCAR) programme at Cardiff University’s Crime and Security Research Institute has reported finding evidence that 32 prominent media outlets across 16 countries are the subject of a major influence operation to spread propaganda and disinformation that supports Kremlin interests.

Which Media Outlets?

The media outlets that the researchers say have been subjected to the systematic manipulation include The Daily Mail, Daily Express, The Times, Fox News and the Washington Post (in the US), Le Figaro (France), Der Spiegel and Die Welt (Germany), and La Stampa in Italy.

242 Examples Detected

The researchers reportedly identified 242 stories/articles of relevance to Russia where strong pro-Russian or anti-Western statements were posted in reaction to them. The research indicates that the pro-Russian/anti-Western comments were then fed back to different Russian-language media outlets where they were used as the basis of stories used to suggest there that there is extensive support in the west for Russia or President Putin. The stories based on the comments, which used headlines such as/similar to “Daily Mail readers say..” or “Readers of Der Spiegel think…” are believed to have been spread to audiences in Central and Eastern Europe e.g., Bulgaria. 

Operation Dating Back To 2018

It is believed that the operation by Kremlin trolls, which was first uncovered following research into online activities relating to tensions between Ukraine and Russia this year, may date back to 2018.

Vulnerable

It appears that the comments sections of articles in the websites of many western media outlets are vulnerable to this type of operation due to them having no significant security measures in place.

Ducking and Diving

The researchers used ‘forensic behavioural analysis’ of account profiles to reveal that pro-Kremlin posters repeatedly changed their personas and locations to avoid detection. Evidence was also found to indicate co-ordination between Russian state-owned media and other outlets linked to the non-state Patriot Media Group, which were using parts of the comments.

What Does This Mean For Your Business?

Since social media platforms such as Facebook were found to be used by other states in an attempt to influence US elections and the UK (Brexit) referendum, it appears that these states have found other, out-of-the-spotlight ways to influence certain audiences.  In this case, it appears that the western news media websites are part of a process to support stories that are ultimately supposed to promote Russia and its president to audiences in Central and Eastern Europe. It is probably not a great surprise that one state would attempt to influence the politics of other states using covert online tactics, but the scale and scope of this particular operation (multiple outlets across multiple countries) have made it stand out.  It seems that mainstream media sites will now have to tighten their security to stop people (for example) creating multiple, false identities and seeking to use the websites for underhand purposes.

Featured Article : ‘Smart’ Glasses?

With Google and Amazon (plus soon-to-be Facebook and Apple) getting into making ‘Smart Glasses’, we take a brief look at what different types are currently being used for, plus we look at the vision for the future of these promising wearables.

What Are Smart Glasses?

Smart glasses are glasses that incorporate wireless connectivity/Bluetooth and other technology (e.g., a computer screen/display, speakers, and cameras) so that the wearer can be presented with visual data or other displays, and other media from the background information system. There are many different types and brands. Smart glasses can be paired with phone apps to provide other functionality. Typically, smart glasses have a display that is projected / reflected on the lens of glasses or in a separate visible component. Smart glasses also allow the wearer to observe the environment without distractions when the information provided by the smart glasses is not needed. 

Examples of what different types of smart glasses can bring to the wearer include:

– Augmented reality (AR) – a digitally-generated overlay superimposed over the world.

– Hands-free access to information via a small screen in the upper corner of glasses e.g., as with ‘Google Glass’ smart glasses used in a work setting by logistics workers. These (and other smart glasses) can act as a training tool and on-site, convenient, hands-free reference manual in many industries. Microsoft’s HoloLens smart glasses are also used for work in the Enterprise market.

– Videos projected for the wearer to watch.

– Pairing with a smartphone (using an app with the glasses) so the wearer can receive phone notifications on the glasses.

– A built-in camera and microphone(s) to allow the wearer to record videos, take pictures, take calls, and use voice control features. Accompanying earbuds can also allow the wearer to play and pause music.

– Audio sunglasses : i.e. smart sunglasses with speakers built into arms and positioned right behind the wearer’s ears.

– Smart glasses to use with certain social media platforms : e.g., glasses that include HD cameras and (noise cancelling) microphones to enable the recording and uploading of media to Snapchat (Snap Spectacles 3).

– Glasses designed to improve concentration, re-train the mind to slow down, improve concentration, and to help with ‘mindfulness’ by pairing smart glasses with headphones and an app (Smith Lowdown Focus).

– Enabling all-day access to a virtual assistant (Amazon Echo Frames) which connect the user’s frames (which incorporate tiny speakers) to their smartphone via Bluetooth, thereby giving access to Alexa.

Google’s Smart Glasses

Many people may remember the publicity surrounding the ‘Google Glass’ brand of smart glasses. After a prototype version came out in the US in April 2013, a version containing a camera/video was put on sale to the public in May 2014 although this provoked criticism relating to privacy concerns.  By 2015, Google announced that it was stopping the production of the Google Glass prototype, and by 2017 Google announced that it would be making a Google Glass Enterprise Edition for use (e.g., in industry). In May 2019, a second-edition of Google Glass Enterprise was produced.  The ‘Glass Enterprise Edition 2’ is described by Google as “a small, lightweight wearable computer with a transparent display for hands-free work”. This upgraded version of Google’s Enterprise Edition smart glasses includes:

– A powerful multicore CPU (central processing unit) and a new artificial intelligence engine to improve performance and support for vision.

– Glass-compatible safety frames to help in different types of demanding work environments.

– A camera that’s been improved since the first edition in terms of performance and quality.

– An SB-C port for fast-charging and increased battery life.

– The fact that it’s built on Android, so it’s easy to deploy, develop and improve.

Facebook’s First Smart Glasses

Recent reports and hints indicate that Facebook looks likely to release its first AR smart glasses in conjunction with up-market sunglasses/eyewear companies Ray-Ban and Luxottica.  The project is believed to date back to 2017 and it has also been reported that although a version of these glasses could appear this year, they may ultimately be a stepping-stone product to a bigger vision. Firstly, comments from Facebook executive Andrew “Boz” Bosworth indicate that the smart glasses may even be augmented with facial recognition technology (privacy issues permitting). Ultimately though, although the AR glasses concept is something that Facebook appears keen to get into, the vision ahead is for Facebook to create and give users access, from many different devices, to a ‘metaverse’. This is believed to be a kind of immersive virtual space where users can hang out, play games with friends, work, and create.

Apple Smart Glasses

Apple also appears to be heading further into wearables with its own AR smart glasses.  There have been reports, for example, that Apple’s chief executive, Tim Cook, is staying-on with the company, at least until the introduction of the company’s smart glasses. It is thought, however, that Apple may not release smart glasses for another year or two.

What Does This Mean For Your Business?

Wearable smart technology and augmented reality are growth areas that the big tech companies are keen to get into on their way to delivering bigger visions of how we could become immersed in (and using) different combined technologies to enhance the value and experiences that businesses and individuals can get. Wearables and AR are now finding real-world applications in multiple industries e.g., with Google Glass 2 being used as a hands-free reference and information tool by production/assembly workers.  Also, smart wearables linked to (phone) apps are a growth area that is providing many opportunities for businesses in the health and fitness market, leisure and entertainment market (music glasses), social media (Snap Spectacles 3), and more. Smart glasses are a particularly attractive area because they are hands-free and allow the user to keep observing the environment while using them, thereby retaining safety. One major drawback of smart glasses that incorporate cameras is the issue of privacy and the possible infringement of privacy laws. This is a key reason why Google Glass products were criticised, and this aspect is likely to remain a challenge for both Facebook and Apple in their forays into smart glasses.

Tech Insight : What Is ‘Doxing’?

In this article we look at what doxing is, the legality of it, some examples of doxing, and we consider what we can do to protect ourselves and our businesses from attack.

What Is Doxing?

Doxing is a term meaning for dropping (personal) dox where ‘dox’ is a slang term for documents. Doxing is a malicious act where a person/persons use a variety of methods to find previously private personal information about an individual or organisation, and then publicly reveal/expose that information to all, usually over the Internet. The type of information released could be anything from simple personal details (real name, home address, workplace), to much more personal embarrassing and damaging information.  Doxing is actually an old term that pre-dates the modern Web, and dates back to the online hackers in the 1990s.

Is It Illegal?

Although doxing is malicious and can be very harmful, it is generally not illegal because much of the information is gathered from what is considered as the public domain. However, the legality also depends upon whether details were obtained using legal methods, and doxing treads a fine line between and sometimes into the illegal worlds of stalking, harassment, and more. If the threat of doxing is used to extort money this is, of course, blackmail. In many cases, at the very least, doxing often violates many websites’ terms of service.

Proposed Anti-Doxing Law in Hong Kong

Hong Kong has proposed a new anti-doxing law, mainly to prevent details of members of the authorities from being posted online and, perhaps, to crack down on criticism. Unfortunately, the power that this law would hand to Hong Kong’s privacy watchdog has led to complaints from an industry group that represents big tech companies like Amazon, Apple, Google, and Facebook.

How Doxing Works – Information Gathering

Ways that information is gathered about a person by ‘doxers’ for use in doxing includes:

– Tracking usernames to build up a picture of a target’s interest.

– Using WHOIS searches of domain names.

– Using social engineering on a target’s ISP to discover the target’s IP address, which is linked to their physical location.

– Reverse mobile phone lookup.

– Piecing together bits of information that has been sold across the Web by data brokers.

– Packet sniffing (intercepting a target’s Internet data) – passwords, credit card numbers, bank account information, email messages and more.

High Profile Examples of Doxing

Just some of the many examples of doxing that have made the news include:

– December 2011 – the hacking group Anonymous exposed detailed information online about 7,000 law enforcement as revenge for investigations into hacking activities.

– In 2013, hackers posted Kim Kardashian’s Social Security number, credit report, address (+ six previous addresses) online.

– In 2016, while Donald Trump was campaigning for the US presidency, Anonymous posted his Social Security number and phone number, as well as the contact information for his agent and lawyer online.

– In 2017, the Russian (Moscow) hacker group Turla hacked the Instagram account of Britney Spears, and used it to post secret, cryptic comments.

How To Protect Yourself From Doxing

Some of the measures you can take to help protect yourself/your business from falling victim to doxing include:

– Using a VPN to protect your IP address.

– Using strong passwords, avoiding password sharing, and using 2FA or multi factor authentication where possible.

– Setting up different email addresses for different uses e.g., professional, personal, and spam.

– Maximising your social media privacy settings.

– Hiding domain registration information from WHOIS.

– Asking Google to remove any personal information that you are concerned about.

– Keeping up with good general online security practices and be careful what information you share via social media.

What Does This Mean For Your Business?

The main motives for doxing appear to be revenge, control, or even as a way to blackmail someone.  Following good online security practices and policies anyway is the best way to avoid giving e.g., disgruntled former employees/customers, hackers, and others the fuel and the openings they need to build their campaigns.  Sadly, much of our data ends up being shared around the Web, perhaps to places we wouldn’t expect to go and determined doxers may be able to find some things despite our best efforts to maintain our privacy.

Tech Tip – Open Pinned Programs Easily With Keyboard Shortcuts

If you use certain Windows 10 Microsoft Office programs often, you can pin them to the taskbar and then open them quickly and easily with keyboard shortcuts.  Here’s how:

– If you have a program open e.g., Word, hover your mouse over it (in the taskbar), right mouse click and select ‘Pin to taskbar’. Do this for any other programs you also want to pin to the taskbar for easy access.

– If, for example you have pinned 5 programs to the taskbar, to open the second program, press “windows+2“.

– To open any of the other pinned programs, follow the same pattern i.e., hit “windows+number-in-sequence”.

Featured Article: Guess What Most Web Traffic Is Made Up Of?

In this article, we look at how a surprisingly large proportion of Internet traffic is made up of bots, how many of these can be ‘bad bots’, and what businesses can do to keep enjoying the benefits of good bots while guarding against the threats of bad bots.

Two-Thirds of Internet Traffic is Bots

The recent Barracuda Networks ‘Top Threats and Trends’ report found that Bots make up nearly two-thirds (64 percent) of internet traffic although other surveys have put this number closer to 50 percent.  ‘Bots’ generally refers to the software apps that run automated tasks (scripts) over the Internet, performing tasks that are simple, repetitive, and that wouldn’t be viable for humans to perform.  For example, popular bots include search engine crawlers, social network bots, aggregator crawlers, shop bots, and monitoring bots.  These could be regarded as ‘good bots’ because they serve a practical (rather than a deliberately malicious) purpose and are helpful to businesses and other Internet users.  Good bots obey the website owner’s rules (e.g. as specified in the robots.txt file to dictate what is indexed). They also publish the methods of validating them so it’s clear they’re what they say they are, and they don’t overload the websites and apps they visit.

Bad/malicious bots include, for example, Distributed Denial-of-Service (DDoS)/ botnets which use other malware-infected devices (zombies) to bombard a server with bots to the point where it becomes overwhelmed and is rendered out-of-action. Other ways in which bots are used for nefarious purposes include web and price scraping, inventory hoarding, account takeover attacks, Intelligence harvesting (for fraud), auction sniping (for last-minute bids), spam relay, click fraud, fake vulnerability scanners, and more.  Most ‘bad bot’ traffic comes from the US (67 percent) and mostly from two large public clouds (AWS and Microsoft Azure).

Percentage of Good/Bad Bots

The Barracuda Networks report, for example, suggests that 25 percent of Internet traffic is made up of good bots, but 39 percent of Internet traffic is made up of bad bots.

Worst Hit Industries

Those industries worst hit by bad bots (Imperva figures, 2020) are Telecom & ISPs (45.7 percent, Computing & IT (41.1 percent), Sports (33.7 percent), News (33 percent), and Business Services (29.7 percent).

The Challenges

One of the key challenges that all website owners have is ensuring protection is in place that can distinguish between good and bad bots (bad bots are often disguised as good) and filter out the bad ones. Also, bad bots are now increasingly prevalent because they are easily built and can be purchased for very little money.

Cost, Threats, and Damage

Bad bots can be a real threat to businesses as they can exploit vulnerabilities in (often outdated) software in your system, be used to deliver malware in a number of ways (trojans, software, email attachments), or in concentrated attacks such as DDoS.  The damage caused can be very costly to businesses in terms of damage to networks/systems, disruption of the business/business continuity, reputational damage and worse. The growth of the IoT and its vulnerabilities such as default passwords have further fuelled the popularity of bad bots.

Beating The Bad Bots

With nearly 40 percent of your web traffic being made up of bad bots, it’s important to know how to protect your business from them.  Examples of ways to keep bad bots at bay include:

– Investing in WAF/WAF-as-a-Service offerings / Web Application and API Protection (WAAP) technology. WAF means web application firewall.

– Check and make sure that chosen company security solution offers anti-bot protection.

– Use ‘machine learning’ security solutions.

– Make sure credential stuffing protection is in place.

Upstream and Downstream Traffic

Computer and Internet traffic is often categorised in different ways and the terms upstream or downstream are often used. Broadly speaking (as a basic definition), upstream traffic is that data sent from a computer or network (e.g. sending e-mails, uploading files), while downstream traffic is data received by a computer or network (e.g. traffic that’s downloaded onto your PC). For example, this could be receiving e-mail messages, downloading files, visiting Web pages, Zoom calls (data, video, and audio) and more.

One Third Human Traffic, or More?

According to the Barracuda Networks report, bots/automated traffic makes up two-thirds of Internet traffic.  This suggests that human traffic makes up the remaining third.  Other surveys provide different figures.  For example, the 8th Annual Bad Bot Report from Imperva suggests that human traffic actually made up 60 percent of all website traffic in 2020.

Monitoring and Measuring

If we accept that one-third to around one-half of Internet traffic is automated/bots, this has implications for how accurate your web analytics program and paid ad stats are.  Stats/analytic programs, therefore, tend to have known bot filtering options. For example, Google Analytics has an automatic filter for known bots and spiders (a check box in the settings). You can also set up filters for certain host-names if you notice spikes from certain sources (spikes can be a sign of bots).

What Does This Mean For Your Business?

Good bots undoubtedly save overheads and time and help to make the Internet work as smoothly as it does. However, realising that anywhere between one-third and one half of web traffic is automated (bots) and that the majority of these bots are malicious, and furthermore that this appears to be an upward trend, should make businesses want to take a closer look at just how their cyber-security defences are set up to tackle the threat of bad bots. The risk and potential costs of ignoring the fact that automated threats are likely to be constant, more sophisticated, and are being fuelled by the seemingly unstoppable growth of a less than secure IoT, and the ease by which attackers can obtain and execute bot-based attack methods should motivate businesses to make security a top priority. AI and machine learning provide some hope in identifying potential bot threats but for most businesses, as outlined above in this article, there are basic precautions that can and should be taken to protect the business right now.

Tech Insight : Carbon-Free Travel – What Is Hyperloop?

In this tech-insight, we look at what hyperloop technology is, how it has been tested and used to date, and whether it could be a viable form of carbon-free travel for the future.

What Is Hyperloop Technology?

First invented by mechanical engineer George Medhurst in the 18th century, the idea which became the ‘atmospheric railway’, envisioned conveying people in a vehicle along the inside of pressurised, evacuated tubes using uses differential air pressure to provide power for propulsion. This ‘hyperloop’ idea of almost frictionless travel (not touching rails) inside a tube, where huge speeds could be reached and travel times dramatically cut was the dream that formed the basis of the 1960s and 1970s ‘Hovertrain’. Although the project ended in 1975, a test version of this ‘hyperloop’ train managed to reach 104 mph in 1973, but the ‘Hypertrain’ was never put into production.

How The ‘Hovertrain’ Hyperloop Worked

The 70s Hypertrain acted rather like a land-based hovercraft that hovered on a cushion of air above a monorail-type concrete track and was propelled along by a linear induction motor (LIM) which used magnetic fields to produce thrust and, therefore, contactless (and frictionless) propulsion.

Although the focus today may be on developing a hyperloop transport method that is carbon-free as well as fast, this early Hypertrain had to use large, bulky induction motors and fans that needed to be permanently running to keep the Hypertrain in the air, therefore, making it rather environmentally unfriendly.

The Airlink Shuttle – Maglev Technology

The next use of hyperloop of note was in the Birmingham Airport AirLink shuttle (1984 to 1995) which was a train floating on magnets (known as ‘maglev’ technology), propelled along by a LIM.

Other hyperloop maglev trains have been used to connect JFK International Airport to Queens in New York City, in Shanghai, China, and in Japan in 2015, where a manned test train reached 370mph.

Elon Musk’s Hyperloop

Fast forward, and PayPal / Tesla founder, and SpaceX boss Elon musk wrote a much-publicised paper in 2013 about his idea for a “Hyperloop Alpha” travel system which could use magnetic pods levitating (using maglev) inside a tube and travelling at more than 1,000 km per hour, making it faster than a Boeing 747 jet aircraft!

Virgin Hyperloop Test

Fast forward yet further and, in November 2020, a two-seat Virgin Hyperloop prototype is reported to have travelled 500 metres, reaching 172 km per hour in only 6.25 seconds.

Challenges

There are, of course, many challenges to testing, building, and creating a new hyperloop infrastructure (underground or overground tubes, stations and more) and it could take decades to introduce a system across a country at scale.

Would Hyperloop Bring Carbon-Free Travel?

With a world climate crisis, environmental targets to reach, and the need to find a way to drastically reduce carbon emissions from industry, transport systems and more, would hyperloop offer carbon-free travel?

A recent US Department of Transportation (DOT) study, for example, estimated that Hyperloop routes could be up to six times more energy efficient than air travel (on short routes).  Also, researchers at Hamburg’s Helmut Schmidt University looked at the effects of building a 300km, (mainly solar-powered) hyperloop route for freight in Northern Germany.  They concluded that replacing thousands of road-based trucks with a hyperloop could reduce air and noise pollution, and reduce greenhouse gas emissions, as well as the knock-on benefits of reducing congestion and road accidents.

Unfortunately, the linear induction motors are used (LIM) for powering hyperloop tend to have high power consumption and are less efficient than permanent magnet linear motors.

What Does This Mean For Your Business?

The idea of creating an incredibly fast transport system for freight and passengers that could use electric motors and solar power would, of course, be hugely attractive to businesses in terms of time and cost savings (e.g. for supplies and distribution), as well as in reducing environmental impact. Fast, clean transport/travel by hyperloop could also have huge benefits for many other industries (e.g. travel and leisure) and could benefit city businesses of all kinds as cities and transport hubs would most likely be the first ones linked together. That said, there is a long way to go and many challenges to overcome before mainstream hyperloop travel becomes a reality.

Tech News : Google Risks Lawsuit Over Market Monopoly

It has been reported that the Justice Department (DOJ) may soon issue a second monopoly lawsuit against Alphabet Inc (Google) over its giant’s digital advertising business.

Other Lawsuit

Back in July, Google was issued with an antitrust lawsuit by 38 US states over allegations relating to how it may have been abusing its position of power in relation to Android app distribution and competition, and for (allegedly) abusing its market power to make its search engine as dominant inside cars, TVs, and speakers as it has been in phones.

This Possible New Lawsuit

Reports that a new DOJ lawsuit may be on the way seems credible since Google was sued under former Attorney General William Barr over its search business, and then faced another antitrust complaint filed with many state attorneys alleging that Google had illegally monopolised the digital advertising market.  It is claimed that Google (allegedly) reached an illegal agreement with Facebook Inc., the purpose of which was to manipulate online auctions where advertisers and website publishers buy and sell ad space.

More Lawsuits

Google has faced other lawsuits in recent times, such as when Epic Games sued the $1 trillion tech giant over the removal of Fortnite from the Play Store last year (it was also removed from the iOS App Store).

Joe Biden Big Tech Crackdown

In more potentially bad news for Google (and other tech giants), in July this year, US President Joe Biden signed a new executive order to try and crack-down on anti-competitive practices in big tech. The executive order highlights how big players in the tech sector may be using their market power to box out smaller competitors and exploit consumers’ personal information.

Criticism Over Plans To Block Cookies

Back in March, U.S. Justice Department investigators were reported to have been concerned that Google’s plans to ban some cookies in its Chrome browser (which Google said would increase user privacy) could be a way for Google to hobble its smaller rival ad companies by stopping them from tracking users.

Although Google said that it planned not to simply remove third-party cookies but to phase them out over two years (to allow time to develop workarounds that address the needs of users), businesses, publishers, advertisers and critics noted that this may give Google a couple of years in which to be in control and to dominate other advertisers even more.

What Does This Mean For Your Business?

Clearly, following on from the Trump administration’s attacks on big tech, it seems that Joe Biden is also keen to tackle the tech giants, particularly on matters relating to competition and how they may be using their market power, and how this may be adversely affecting their smaller competitors. Google, Facebook and other big advertising platforms (particularly Google), are very much in the investigation (and lawsuit) firing lines. For Google, legislation, government regulation, and lawsuits are clearly something it would like to delay and avoid, but it looks as though Joe Biden’s administration intends to keep the pressure on. For business advertisers, being able to reach as many members of their target markets in the best and cheapest way possible (maximising ROI) is the key concern, and it remains to be seen how this would be affected if anti-competition action could be and was taken. For the time being, however, using lawsuits (and the bad publicity they generate) plus the threat of regulation are likley to be the only main leverage that governments have for bringing the very powerful, wealthy tech giants to account.

Tech News : WhatsApp Handed Massive GDPR Fine

Following an investigation into WhatsApp Ireland Ltd, the Irish data regulator (DPC) has issued Facebook’s popular WhatsApp chat app with the second-largest GDPR fine of €225m.

Long Investigation

The eye-watering fine of €225 million follows an investigation that started way back on 10 December 2018.

Big Fine

The DPC had submitted a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 GDPR in December 2020. After objections from eight CSAs, the DPC was able to start the dispute resolution process (Article 65 GDPR) on 3 June 2021 and on 28 July 2021, the European Data Protection Board (EDPB) decided to impose the fine on WhatsApp under Article 65(1)(a) GDPR.

..And a Reprimand

In addition to the fine, the DPC has imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.

Transparency

The DPC has said that the investigation, which led to the fine, related to WhatsApp’s GDPR transparency obligations regarding the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service. This included information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.

The problem with WhatsApp’s consumer services (not WhatsApp for Business), which is ‘explained’ in an 89-page document, appears to be that the descriptions of who ‘interests’ are, in relation to other business services and partners, are that they are not described in a transparent and intelligible form. In other words, it seems that the EDPB thought that WhatsApp may not have supplied enough information to users about how their data is processed, and that its privacy policies (which have been subject to several updates), may not be clear enough.

WhatsApp Says…

WhatsApp has said that it disagrees with the decision about the transparency it provided to users in 2018 and has described the penalties as “entirely disproportionate”.

Not The Only One

Even though this is a bad-break for WhatsApp, it is not the only big tech company to have found itself in trouble with data regulators.  For example, in July, Amazon received a staggering $885 million fine over data privacy, and in 2020, Twitter was fined €450,000 after a GDPR infringement.

Data Sharing For EU Users

Back in January, WhatsApp announced that in a change to its privacy policy (from February 8, 2021), users outside of Europe would have to agree to share their personal information with WhatsApp’s owner Facebook or leave the app.

An in-app notice is informing WhatsApp users of the terms of service and privacy policy changes, which were an extension of changes announced in July last year and were the result of discussions with the Irish Data Protection Commission and other Data Protection Authorities in Europe.

What Does This Mean For Your Business?

Even though one of the attractions of WhatsApp is its security and privacy, due to its end-to-end encryption, this fine indicates that there appears to have been, in 2018, a bit of grey area in terms of how user-data is processed and some of the meaning in the app’s privacy policies.  The problem appears to have been serious enough to warrant (according to the EDPB) the second biggest GDPR fine ever.  The news comes on the back of EU WhatsApp users having to accept their data being shared with Facebook (from February this year).  All this may be making WhatsApp users, particularly those who use WhatsApp for business, nervous about their privacy on the app in terms of details about their business and the passing on of their data (for targeted advertising).  Also, Facebook has faced significant trust issues with users since the Cambridge Analytica unauthorised data-sharing scandal plus having to share data with Facebook may be off-putting and may make them think about looking around for other possible secure comms apps. This fine represents some very poor publicity for WhatsApp at a time when it has been trying to compete with the likes of Snapchat and Apple, while nevertheless getting some good headlines too by announcing new features like its ‘View Once’ feature for photos and videos, and its ‘disappearing messages’ feature.

Tech Tip – Boost Your Security Protection In Google Chrome

With so many browser-based security threats, here’s a fast and easy way to activate 2 settings in Google Chrome browser to protect you from the popular threats of phishing and untrusted browser extensions:

– Open the Chrome browser, click on the 3 dots (top-right) and select ‘Settings’.

– Click on ‘privacy and security’ (left hand-side).

– Click on ‘Security and Privacy Centre’.

– Turn the toggles to the ‘on’ position for ‘Extension Guard’ and ‘Anti Phishing’.