The Data Protection and Privacy Hub™

Privacy Roundup: Week 1 of Year 2025: This is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 - 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed. Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories. TABLE OF CONTENTS * Privacy Tools and Services * * Privacy Tools * Vulnerabilities and Malware * * Vulnerabilities * Malware * Service Providers' Privacy Practices * * Negative changes * Legislation/Lawsuits/Regulations * * Lawsuits * Legislation * Data Breaches and Leaks * * Data breaches * Data leaks Privacy Tools and Services Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com Privacy Tools DivestOS, Mull, Mulch, and Hypatia discontinued DivestOS Mobile The developer behind DivestOS (a privacy-oriented Android operating system forked from LineageOS), Mull (a privacy browser for Android), Mulch (security-oriented webview for Android), and Hypatia (an open source virus scanner for Android) has announced these projects will no longer be supported/updated as of December 2024. For years DivestOS was a recommended alternative privacy-oriented Android operating system on avoidthehack. In a future site update, I will regretfully remove it as an official recommendation due to its EOL status. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users. Vulnerabilities Hackers exploit Four-Faith router flaw to open reverse shells Bleeping Computer Attackers are exploiting an OS command injection vulnerability, tracked as CVE-2024-12856, to open reverse shells, which can be used for further exploitation of… #dataprotection #dataprivacy #privacy

India publishes draft DPDPA rules, public consultation launched: India's Ministry of Electronics and Information Technology released Digital Personal Data Protection Act draft regulations for public comment, The 420 reports. The long-awaited draft rules, recently agreed to at the ministerial level, cover specific requirements around the role of data fiduciaries, consent manager registration, the protection of children's personal data and more. The public consultation is open through 18 Feb. Editor's note: Review the IAPP's series examining operational impacts of India's DPDPA. Full story #dataprotection #dataprivacy #privacy

Siri Privacy Breach: Apple To Pay $95M Settlement Amid Spying Claims: Apple agrees to pay $95M to settle claims Siri secretly recorded users without consent. Learn how this privacy breach impacts you and implications for the tech industry. #dataprotection #dataprivacy #privacy

Apple Agrees to Pay $95 Million Settlement in Siri Voice Assistant Privacy Class Action: Apple has agreed to pay a $95 million class action settlement to resolve 5-year-old claims that its voice-activated digital assistant Siri recorded Apple device users' conversations without their consent. #privacy #dataprotection #dataprivacy

2024 Round-Up on State Consumer Data Privacy Laws: 2024 was a busy year for state consumer data privacy laws in the United States. Seven states enacted comprehensive data privacy statutes throughout the year, and laws enacted in 2023 went into effect in Montana, Florida, Texas, and Oregon...... By: Mintz - Privacy & Cybersecurity Viewpoints #dataprotection #dataprivacy #privacy

Apple agrees to settle Siri privacy lawsuit: Apple agreed to a USD95 million preliminary settlement over privacy claims related to its Siri voice assistant product, The Washington Post reports. The class-action case centered around Siri listening and recording voice clips it was not intended to, which would occasionally be shared with third parties. A judge still needs to approve the settlement. Full story #dataprotection #dataprivacy #privacy

Kentucky’s Consumer Privacy Law Is Coming, But on a Slow Track: To round out this year’s series on new state consumer privacy laws, we are covering the statute passed by Kentucky earlier this year. Please also keep your eye out for our 2024 round-up article that will be published soon, as it will provide a helpful overview of many of the new consumer privacy laws across the United States.... By: Mintz #dataprotection #dataprivacy #privacy

Bavaria's DPA orders Worldcoin data processing compliance: Bavaria's State Office for Data Protection Supervision ordered biometric and blockchain company Worldcoin to establish additional EU General Data Protection Regulation compliance measures before resuming EU operations. After a formal investigation, the BayLDA will require Worldcoin to generate a data deletion process and a consent mechanism for certain data processing within 30 days of the order taking effect. The regulator indicated Worldcoin will appeal the order. Full story #dataprotection #dataprivacy #privacy

New Year, new you! 2025 is the year to tighten up your data privacy!: This is the year to get your data privacy right. Here are some simple steps to tighten up your security and avoid becoming one of our statistics for 2025.  #dataprotection #dataprivacy #privacy

Celebrating twenty years of Freedom of Information: John Edwards - The Information Commissioner Transparency and accountability are fundamental to our democracy – the impact of decisions made by public bodies can affect us all in some way. So it is right that we celebrate twenty years of the Freedom of Information Act… #dataprotection #dataprivacy #privacy