DPOInsider #41
TikTok's charm offensive; Women's app privacy
The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️
TikTok - the battle over privacy intensifies
As I write this, the UK government has announced that it will ban TitTok from workers’ devices. This comes following a similar move in the US a few weeks back.
As political pressure mounts in the US to ban the popular social video app, TikTok is stepping up its game to protect user information across Europe.
Introducing Project Clover, a data security regime that aims to safeguard user data by storing it on servers in Ireland and Norway, with an annual price tag of €1.2 billion.
Why all the fuss? Well, TikTok has faced scrutiny in the US and Europe due to its ties to China via its Beijing-based parent company, ByteDance. Just last week, the White House backed a Senate bill that could give the administration power to ban TikTok, and FBI director Christopher Wray expressed national security concerns about the app.
TikTok, however, denies that its data or algorithms can be accessed or manipulated by the Chinese government. In fact, TikTok's VP of government relations and public policy in Europe, Theo Bertram, said they'd refuse to share data with the Chinese government even if asked.
So, what's the deal with Project Clover? In addition to storing user data on Irish and Norwegian servers, TikTok plans to have any data transfers outside Europe vetted by a third-party IT company. They'll also introduce "pseudonymisation" of personal data to prevent individuals from being identified without additional information. But that's not all—TikTok has a similar plan in place for the US called Project Texas, which involves storing American user data on servers run by tech giant Oracle.
Despite these efforts to address data security concerns, TikTok still faces challenges in winning over the White House and European officials, as we’ve seen today.
The European Commission has already banned TikTok from work phones and devices, and the European Parliament followed suit by banning the app from staff phones. So, as the saga continues, it's worth keeping an eye on how TikTok's efforts to safeguard user data will impact its global presence.
Women’s health apps - should we trust them?
We all know that apps make our lives ahem easier, but at what cost to our privacy?
Secure Data Recovery recently conducted a survey, and the results might surprise you. It turns out that Americans trust women's health apps the least when it comes to data privacy.
Respondents were particularly concerned about period and pregnancy tracking apps like Ovia, The Bump, What to Expect, Flo, and Clue. Each of these apps made the top-10 least-trusted list.
But here's the kicker: this report suggests that the concern for all these apps, except Clue, is "much higher than warranted" because they don't capture much data in reality.
But, this statement seems to overlook the sensitive nature of the data these apps collect and the recent challenges to women's reproductive and health rights in the US.
So it's kind of refreshing to see that people are sceptical and cautious about these apps.
Even basic, supposedly anonymized data can potentially be used to identify and track individuals. When it comes to women's health apps that collect sensitive reproductive information, there's a risk that such data could be used to target women seeking abortion-related healthcare.
Other data privacy news
Activision did not notify employees of data breach for months
Activision, the games giant behind Call of Duty and World of Warcraft, suffered a data breach on December 4, 2022, which was not disclosed until recently. Cybersecurity and malware research group vx-underground posted screenshots of the stolen data and hackers' messages on Activision's internal Slack channel on Twitter, but the company has yet to notify its employees of the breach, according to two current Activision employees who spoke on condition of anonymity.
Data breach hits 'hundreds' of lawmakers and staff on Capitol Hill
A top House official said that a “significant data breach” at the health insurance marketplace for Washington, D.C., on Tuesday potentially exposed personal identifiable information of hundreds of lawmakers and staff.
New Data Protection and Digital Information Bill announced
In a long-awaited and significant development, the government has announced that the new Data Protection and Digital Information Bill will finally be introduced in Parliament today.
