Hunton Privacy

AUGUST 12, 2021

Laura Liguori of Portolano Cavallo reports that on June 10, 2021, the Italian Data Protection Authority ( Garante or “DPA”) adopted a new version of its guidelines for cookies and other tracking mechanisms (the “Guidelines”). Obtaining Consent: Scrolling and Cookie Walls. Multilayer Policy: Banners and Unabridged Policy.

GDPR 98

GDPR Analytics Privacy Access 98

Security Affairs

JUNE 11, 2023

The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. ” This campaign outstands for the use of an indirect proxy that provided attackers control and flexibility in tailoring the phishing pages to their targets and steal session cookies. .”

Phishing 98

Phishing Financial Services Authentication Passwords 98

Security Affairs

JULY 12, 2022

The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. Once obtained the credentials and session cookies to access users’ mailboxes, threat actors launched business email compromise (BEC) campaigns against other targets. and certificate-based authentication.

Phishing 136

Phishing Authentication Passwords Access 136

Krebs on Security

MARCH 20, 2023

Until recently, AT&T also shared CPNI data with Xandr , whose privacy policy in turn explains that it shares data with hundreds of other advertising firms. ” VERIZON Verizon’s privacy policy says it does not sell information that personally identities customers (e.g., .” Happily, all of the U.S.

Customer Experience 275

Customer Experience Privacy Data collection Marketing 275

Hunton Privacy

APRIL 15, 2020

On April 9, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) released guidance and a set of frequently asked questions (“FAQs”) regarding the use of cookies and other tracking technologies. Key takeaways from the Belgian DPA’s guidance and the FAQs include: Transparency: Users must be informed about the use of cookies.

Communications 97

Communications Data collection Access IT 97

Data Matters

SEPTEMBER 6, 2022

The impact of these changes highlight once again how the United States lacks a consistent national policy on privacy that could be set by a comprehensive federal privacy law. Business will need to make CCPA-required disclosures in privacy policies regarding employee and B2B data. In addition to $1.2

Privacy 197

Privacy B2B Sales Compliance 197

Security Affairs

MARCH 7, 2023

The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.” The last stage malware is the PHP-based SYS01stealer malware which is able to steal browser cookies and abuse authenticated Facebook sessions to steal information from the victim’s Facebook account.

Government 98

Government Manufacturing Authentication Cybersecurity 98

DLA Piper Privacy Matters

JANUARY 8, 2022

and youtube.com to reject cookies as easily as they may accept them and (ii) issued an injunction to remedy to such infringement within 3 months under penalty of 100,000 euros per day of delay. Several clicks were necessary to reject all cookies (3 for Facebook and 5 for Google), when only one click was necessary to accept them all.

GDPR 97

GDPR Compliance Data collection Government 97

DLA Piper Privacy Matters

DECEMBER 10, 2020

On December 7 2020, the French Supervisory Authority (CNIL) sanctioned Google LLC (60 million EUR) and Google Ireland (40 million EUR) for installing advertising cookies on users devices without their prior consent and with proper information. Absence of consent prior to cookies installation. What kind of infringements were sanctioned?

Computer and Electronics 98

Computer and Electronics Compliance GDPR Privacy 98

Data Matters

APRIL 26, 2021

On April 2, 2021 the French Data Protection Authority (the “ Commission Nationale de l’Informatique et des Libertés ” or “ CNIL ”) published its intent to start auditing websites for compliance with cookie regulations. The CNIL had determined that a 6-month grace period would apply following publication of the Cookie Guidelines.

Compliance 68

Compliance Analytics Privacy GDPR 68

DLA Piper Privacy Matters

APRIL 9, 2020

The Irish Data Protection Commission (DPC) has become the latest regulator to issue long-awaited guidance on the use of cookies, offering organisations a clear view of the DPC’s expectations on a range of issues from cookie banners, policies and consent collection processes. Cookie Sweep Survey.

GDPR 59

GDPR Analytics Personal data Compliance 59

DLA Piper Privacy Matters

JANUARY 9, 2020

The Belgian Data Protection Authority issued a fine of 1% of the annual turnover of the company for not acting in compliance with the cookie rules, despite the corrective actions undertaken by the company. A consent per individual cookie is not required. Use adequate and accurate policies, notices and banners. Main take-aways.

Compliance 92

Compliance IT Access Marketing 92

Security Affairs

MAY 17, 2022

The malicious apps are able to steal credentials, Facebook cookies, and other personally identifiable information. Because of how Facebook runs its cookie management policy, we feel that these types of apps will continue to plague Google Play.” The Facestealer spyware was first spotted on July 2021 by Dr. .

Mining 98

Mining Cloud Cybersecurity Security 98

eSecurity Planet

FEBRUARY 26, 2024

The new malicious code is designed to steal data — like cookies or credentials — from that web application. Reflected XSS can be severe if an attacker uses it to steal session cookies or user credentials. While attackers can use XSS to steal data and cookies, they may have less damaging purposes, too.

Risk 91

Risk Financial Services Security Libraries 91

Security Affairs

FEBRUARY 13, 2020

Developers of the popular WordPress GDPR Cookie Consent plugin have addressed a critical bug that could potentially impact 700K users. The GDPR Cookie Consent plugin assists users in making your website GDPR compliant. SecurityAffairs – WordPress GDPR Cookie Consent, hacking). Pierluigi Paganini. Fix it now!

GDPR 88

GDPR IT Authentication Access 88

Data Matters

JULY 11, 2019

On 3 July 2019, the UK’s Information Commissioner’s Office (“ICO”) published new guidance on cookies and similar technologies (“Guidance”) in conjunction with a new blog post: “Cookies – what does ‘good’ look like?” which aims to provide “myth-busting” advice on common cookies uncertainties. This must be GDPR-standard consent.

GDPR 68

GDPR Analytics Privacy Personal data 68

Data Matters

AUGUST 9, 2022

Privacy policies will need to be revised to include new rights and disclosures re sensitive data. As anticipated, the draft regulations include several new privacy policy requirements to reflect the new CPRA consumer rights. Secondary use prohibitions: Beyond the privacy policy. 11 CCR § 7004(a)(2).

Privacy 88

Privacy Sales Analytics Compliance 88

The Last Watchdog

AUGUST 4, 2021

WAFs help companies keep track of these malicious probes by scanning incoming HTTPS traffic and taking note of parameters such as IP address, port routing, cookie data and incoming data. Indusface’s managed cloud service relieves companies from the day-to-day responsibility of refining and implementing blocking policies.

Risk 214

Risk Digital transformation Marketing Cloud 214

Data Matters

NOVEMBER 4, 2019

Two important decisions have recently occurred relating to website operators’ use of cookies. Second, the Spanish data protection authority, AEPD, fined Vueling, a Spanish airline, €30,000 for forcing visitors to its website to accept the use of non-essential cookies on their device in order to continue viewing the website.

GDPR 76

GDPR Privacy Personal data Marketing 76

Hunton Privacy

FEBRUARY 25, 2020

According to the Belgian DPA, simply including an “Unsubscribe” button in small characters at the end of a marketing email, along with a link to the data controller’s privacy policy, is not sufficient. In the Recommendation, the Belgian DPA also addresses the notice and consent requirements for the use of cookies. Individuals’ Rights.

Marketing 109

Marketing Personal data GDPR Communications 109

Troy Hunt

JANUARY 3, 2020

Cookies like to get around. I mean have a think about it: If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent?

Passwords 114

Passwords Security IT Risk 114

Hunton Privacy

AUGUST 25, 2022

In its complaint , the OAG alleged that Sephora allowed third parties to install tracking software ( e.g., cookies, pixels, SDKs) on its website and app to enable the third parties to monitor consumers’ online behavior as they shop. Under the settlement, Sephora must: Pay $1.2

Sales 114

Sales Analytics Privacy Retail 114

Schneier on Security

AUGUST 17, 2018

Interesting research on web tracking: " Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies : Abstract : Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet.

Paper 51

Paper Authentication 51

Hunton Privacy

JANUARY 24, 2022

The Austrian DPA ruled that the use of Google Analytics cookies by the website operator violates both Chapter V of the EU General Data Protection Regulation (“GDPR”), which establishes rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union. Austrian DPA’s Decision.

Analytics 83

Analytics GDPR Personal data Data collection 83

ARMA International

SEPTEMBER 6, 2019

He suggests that when other browsers allow the blocking of cookies, it actually undermines privacy “by encouraging opaque techniques such as fingerprinting.” Schuh claims that Google Chrome wishes to prevent such a practice: “Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected.

Privacy 52

Privacy Marketing IT Access 52

The Guardian Data Protection

JULY 4, 2018

Consumer group says policies of Facebook, Amazon and Google are vague and unclear Privacy policies from companies including Facebook, Google and Amazon don’t fully meet the requirements of GDPR, according to the pan-European consumer group BEUC.

GDPR 89

GDPR Privacy IT 89

DLA Piper Privacy Matters

JULY 4, 2019

The Information Commissioner’s Office (“ ICO “) has published its eagerly awaited guidance on the use of cookies and similar technologies. In it, the UK’s data protection authority has formally recognised the stricter standards of consent and transparency required for cookie usage in the world of the GDPR.

GDPR 61

GDPR Personal data Privacy Communications 61

Data Protection Report

FEBRUARY 4, 2020

The CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here ). Scope of consent.

Access 70

Access Compliance Risk GDPR 70

Security Affairs

MARCH 30, 2019

One of the flaws affects the latest version of the Edge Browser, both flaws could be exploited by a remote attacker to bypass same-origin policy on the victim’s web browser. A SOP bypass occurs when a sitea.com is somehow able to access the properties of siteb.com such as cookies, location, response etc.

Access 106

Access Security 106

HL Chronicle of Data Protection

NOVEMBER 19, 2019

On November 8, the Spanish data protection authority (AEPD) published new Guidelines on the Use of Cookies (Guidelines) (Spanish only). and aim to provide some direction on the use of cookies and similar technologies ( e.g. , local shared objects or flash cookies, web beacons or bugs, fingerprinting techniques, etc.)

Compliance 40

Compliance Personal data GDPR Privacy 40

Data Protection Report

JANUARY 6, 2020

Don’t let the Cookies crumble! For companies whose websites still operate a blatantly non-compliant opt-out cookie consent model in the EU, 2020 is the year to rectify this! 2019 saw a number of developments in the area of cookies which can’t be ignored. Take time to reflect (on your policies). In the U.S.,

Privacy 84

Privacy GDPR Data breaches Risk 84

Troy Hunt

MARCH 13, 2019

Cookie walls don't comply with GDPR, says Dutch DPA”: [link] — Troy Hunt (@troyhunt) March 8, 2019. To continue chucking up cookie warnings to everyone and somehow expecting them to make an informed decision about the risks they present? But at least you can go and read their privacy policy, right? You can be tracked!":

Privacy 99

Privacy Mining Risk GDPR 99

Hunton Privacy

JANUARY 16, 2020

On January 14, 2020, the French Data Protection Authority (the “CNIL”) published its draft recommendations on the practical modalities for obtaining users’ consent to store or read non-essential cookies and similar technologies on their devices (the “Recommendations”). They require users’ prior consent for the use of non-essential cookies.

Privacy 58

Privacy Analytics Access GDPR 58

Data Protection Report

DECEMBER 5, 2022

HHS states: Regulated entities may identify the use of tracking technologies in their website or mobile app’s privacy policy, notice or terms and conditions of use. Website banners that ask users to accept or reject a website’s use of tracking technologies, such as cookies, do not constitute a valid HIPAA authorization.

Privacy 62

Privacy Compliance Risk IoT 62

Hunton Privacy

FEBRUARY 7, 2024

Plaintiffs suing under the pen register theory are claiming the use of certain software (such as website cookies, web beacons, pixels, script, or software code) that track a user’s location, search terms, browsing history or purchase history is akin to the use of a “pen register.”

Privacy 67

Privacy Computer and Electronics Communications IT 67

Security Affairs

AUGUST 17, 2022

Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22 [$2000][ 1345193 ] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04 [$3000][ 1338412 ] Medium CVE-2022-2859: Use after free in Chrome OS Shell.

Communications 112

Communications Security IT Information Security 112

DLA Piper Privacy Matters

JULY 11, 2018

The French Council of State affirmed the EUR 25,000 fine imposed by the CNIL on Editions Croque Futur (challenges.fr) for non-compliance with French data protection law, and in particular cookie requirements. Violation of the information and consent obligations with respect to cookies. The website challenges.fr

Communications 65

Communications GDPR Compliance Data collection 65