Cybersecurity legislation
Serious GDPR violations: Cegedim Santè fined a million dollars, reveals flaws in health data privacyScandal in healthcare data management: how Cegedim Santè violated GDPR and put patients' privacy at riskThe CNIL fined Cegedim Santé 800,000 euros for improperly managing patients' health data, which were deemed identifiable despite pseudonymization. The company did not comply with the GDPR by using the "HRi" teleservice in an illicit manner.
AI Act: new rules that will change the future of technologyNew rules for artificial intelligence: how the AI Act will change the technological and industrial landscape in Europe. Discover the challenges, opportunities and importance of international cooper...The EU's AI Act sets out clear rules for the safe and transparent use of artificial intelligence, protecting citizens and businesses. Sets high standards to avoid bias and ensure privacy. Businesses must adapt, but they will benefit from trust and ethical innovation.
Digital revolution in Switzerland: PA opens source code and promotes open sourceFind out how Switzerland is transforming digital transparency in public administration and reducing dependence on proprietary softwareSwitzerland has approved a law that obliges the Public Administration to release the source code of publicly funded software under an open source license. This increases transparency and reduces dependence on American companies. In Italy, however, the legislation in this sense is only recommended.
The 2009 Microsoft-EU agreement puts Windows security at risk: here's whyFind out how European regulations affect Windows cybersecurity and what the possible future scenarios are for Microsoft's operating systemIn 2009, Microsoft had to allow third-party security software the same access to the operating system as its own products, due to an agreement with the EU. This, according to Microsoft, has increased Windows security vulnerabilities compared to macOS and ChromeOS.
Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documentsINTERPOL has arrested 300 members of globally active West African criminal groups involved in online scams, financial fraud and human trafficking. The operation shows the importance of international cooperation to counter global criminal networks.
GDPR scandal: Vinted under investigation for serious user data breachesTransparency issues and misuse of data: Vinted in the crosshairs of European data protection authoritiesVinted was fined by the Lithuanian regulator for GDPR violations, including obstacles to data deletion, use of non-transparent "shadow bans", and poor data protection measures. The fine is 2.3 million euros. The company intends to appeal the sanction.
Italy: the new DDL Cyber lawNew rules for cybersecurity: strengthening defense and awareness in the digital sectorThe Cyber DDL, approved in Italy, strengthens IT security with operational measures, continuous training and awareness. It promotes collaboration between entities and allocates funds to improve IT infrastructures, supporting research, development and innovation in the field of cybersecurity.
The evolution of privacy: the key role of the GDPR and the Data Protection OfficerAn in-depth analysis of the implications of the GDPR for the management of personal dataThe GDPR, which came into force on May 25, 2018, standardizes personal data protection in the EU. It introduces severe sanctions, strengthens user rights and requires security and compliance procedures, such as the Processing Register, clear information, and written designations for those managin...
Implementation and management of personal data security in organizationsChallenges and strategies for the data controllerThe data controller ensures the security of the information through technical and organizational measures, contracts with suppliers, and the use of tools such as ISMS. It must also educate staff and respond quickly to incidents.
Legislative changes on cybersecurity: new sanctions and notification obligationsNew regulations to strengthen cybersecurity in public administrations and the private sectorNew laws toughen penalties for unauthorized access to computer systems and oblige public administrations to notify attacks to the National Cybersecurity Agency within 24 hours, under penalty of heavy fines. Plus, they promote encryption and enhance cybersecurity roles.
An EU step forward against cyber stalkingNew EU measures to tackle gender-based violence and strengthen protection for victimsThe European Commission has introduced a directive that criminalizes crimes such as cyber stalking and revenge porn, as well as serious abuses such as female genital mutilation. Penalties vary from 1 to 5 years.
Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its kneesThe Privacy Authority has fined LAZIOcrea, the Lazio Region and the ASL Roma 3 a total of 401,000 euros following a ransomware cyberattack on the Lazio healthcare system in 2021, highlighting serious deficiencies in data security.
Appeal for maintaining sovereignty in the European cloudEuropean ICT industry fighting for cloud certification that guarantees autonomy and data protectionThe text concerns the concern of 18 companies, including Tim and Aruba, for the revision of the Eucs certification scheme in Brussels, fearing the omission of vital criteria for European digital sovereignty.
International sanctions for digital espionage linked to ChinaPunitive measures against cyber-espionage: Chinese entities and individuals targeted by the US and UKThe US and UK have sanctioned a Chinese entity and 2 citizens for cyber espionage against critics and infrastructure. Accused of links to the Chinese government, they targeted politicians and electoral processes. China denies it and demands concrete evidence.
National Cybersecurity Strategies: a boost to Cloud modernizationToward a resilient digital future: cloud modernization and security for federal agenciesThe Biden administration's National Cybersecurity Strategy requires federal agencies to modernize their IT infrastructures, moving to cloud solutions to improve security and efficiency.
Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal dataThe FTC fined Avast $16.5 million for selling users' browsing data without consent. Avast will now have to obtain explicit permissions and delete collected data.
Pact between technology companies against electoral manipulationJoint technology initiative to preserve the integrity of democratic votingA group of tech companies have banded together to fight misinformation and protect the integrity of elections by developing technologies to identify and block fake news.
Cyber Resilience Act: updates in the worksInnovations in the IT security landscape: The CRA and its impacts on the digital device marketThe EU Cyber Resilience Act introduces new rules for the security of digital products, distinguishing important and critical products and establishing specific compliance processes for each category.
Meta takes on spy software companiesMeta initiatives for the protection of online privacyMeta has taken legal action against companies that use spy software to violate the privacy of users on its platforms, such as Facebook. Meta's goal is to protect online security.
Tensions and strategies: the TikTok case and US cybersecurityData management and cooperation: TikTok between security and privacyTikTok is facing concerns in the US over data security. It has taken steps to protect privacy, such as limiting access to data and improving transparency. The debate about its use continues.
FTX collapse: the $400 million SIM swapper hitTechnological intrigue and social engineering: the shocking revelation behind the FTX theftA gang of SIM swappers stole $400 million in cryptocurrency from the FTX exchange, using a cloned SIM. Three main suspects used money laundering techniques to hide the theft.
Australian sanctions against Russian cyber criminalPunitive measures against those responsible for the attack on MedibankMedibank hack exposed data of 10M Australians. The government has sanctioned Russian Ermakov, a suspect in the attack, and is strengthening national cybersecurity.
Transatlantic dynamics in cybersecurityResponse strategies and cooperation between the EU and the US in the context of digital securityThe article compares cybersecurity strategies in the US and EU, highlighting their focus on resilience and cooperation against cyber threats, with ENISA supporting Europe in analyzing and managing cyber challenges.
Cybercrime in Ukraine: cryptojacking operation dismantledInternational operation against illegal cryptocurrency miningA 29-year-old man who illegally created a million virtual servers to generate cryptocurrencies, earning $2 million, has been arrested in Ukraine. Europol and local police worked together to stop him after reports of suspicious activity.
New EU regulation to strengthen cybersecurityImpacts and developments of the new EU directive on cyber resilienceThe EU has introduced new rules on cybersecurity, creating the IICB to improve resilience against cyber attacks. The Cert-EU has new intelligence and support functions.
Google faces and settles $5 billion privacy disputePotential bypass identified in Chrome's incognito mode. Possible solutionsGoogle has settled a $5 billion legal dispute over the tracking of incognito mode user data on its Chrome browser. One programmer, Jesse Li, discovered how websites can detect whether a user is using incognito mode thanks to the way Chrome handles FileSystem API data. This could be prevented if Google...
International operation dismantles Kingdom MarketThe international collaboration leads to the seizure of the servers and the discovery of new investigative leadsGerman authorities, in collaboration with the USA, Switzerland and Moldova, have busted the virtual darknet black market, Kingdom Market. This portal sold drugs, cybercrime kits and fake documents, accepting payments in cryptocurrencies. The seizure of the servers made it possible to launch investigations...
The EU Commission launches incentives for cybersecurityCybersecurity development: from AI enhancement to post-quantum cryptography, EU incentivesThe European Commission will invest 84 million euros in six calls to strengthen cybersecurity. These funds are intended to promote artificial intelligence in security operations, strengthen the cyber resistance of SMEs, and facilitate the migration towards encryption systems resistant to quantum...
ALPHV operational disruption: FBI BlackCat ransomware strikeSuccessful sabotage: FBI and international police forces block the ALPHV criminal networkThe FBI, thanks to extensive international collaboration, hacked the infrastructure of the ALPHV criminal network also known as BlackCat, obtaining keys to decrypt data of ransomware victims. The operation blocked approximately $68 million in extortion. Despite this, ALPHV may reorganize under another...
Positive results of the GDPR and request for support from the EDPBChallenges and prospects: the importance of the GDPR in the European digital landscapeThe European Data Protection Board (EDPB) supports the findings of the General Data Protection Regulation (GDPR), but calls for more resources to address future digital challenges. The EDPB plays a key role in ensuring uniform implementation of the GDPR across member states and requires harmonized procedures...
The Porsche Macan and EU cybersecurity legislationImplications of the new EU rules on cybersecurity: the temporary farewell of the Porsche Macan from the European marketDue to new EU regulations on cybersecurity, Porsche will suspend sales of its Macan model in Europe from 2024. Adapting the SUV to the new standards would be excessively expensive. However, Porsche will present the new, rules-abiding electric Macan in 2025.
Operation EMMA: global effort against bank fraudGlobal synergy in the fight against financial cybercrimeThe international operation EMMA, supported by Europol, Eurojust and Interpol, intercepted over 10,000 suspicious transactions, arrested more than a thousand people and prevented fraud worth around 32 million euros. The Italian Postal Police has identified 879 "money mules", avoiding fraud worth over...
EU Parliament calls for tighter rules for cloud and AIDMA regulatory developments: focus on cloud services and artificial intelligenceThe European Parliament's Economic Affairs Committee (ECON) sees the importance of regulating cloud services and artificial intelligence in the Digital Markets Act (DMA) to ensure fair competition. There is an urgent need for an acceleration of antitrust procedures, a critical examination of the concessions...
Global blow to cybercrime: a major ransomware network has fallenCybercriminal organization busted: a success for global cybersecurityAn international operation has led to the arrest of cyber criminals in Ukraine responsible for ransomware attacks in 71 countries, using advanced malware to extort cryptocurrency payments.
WeChat and Kaspersky apps banned on government devices in CanadaA necessary action to ensure the integrity of sensitive Canadian government dataCanada announced a ban on Tencent and Kaspersky apps on government mobile devices, citing privacy and security risks. WeChat, a popular Chinese app, has been banned due to concerns over its origins. Kaspersky criticized the ban as political.
Joint operation dismantles Ragnar Locker ransomware groupThe dangerous ransomware group has fallen: news of an unprecedented international operationAn international operation has led to the arrest of the criminal group responsible for the Ragnar Locker ransomware, known for attacks on critical infrastructure. The action was coordinated by Europol and Eurojust, involving 11 countries including Italy, and sends a clear message to hackers who act with...
Spanish operation against cybercriminals: 34 members arrestedTwist in the investigation: 34 arrests in an operation against cybercrime in SpainSpanish Police have arrested 34 members of a criminal organization specializing in cyber scams, which stole the data of 4 million people and monetized the data. The scammers posed as delivery companies and energy suppliers, and used insiders to divert goods.
Japan and eight ASEAN nations strengthen cybersecurity collaborationThe creation of a joint defense network between Japan and ASEAN to address cyber threatsJapan and eight ASEAN countries have agreed to collaborate in the area of cybersecurity to counter alleged cyberattacks and strengthen national cyber defense. The commitment was made during the conference in Tokyo.
Tourism Digital Hub: agreements to support 20,000 businesses in the tourism supply chainA strategic partnership for the innovation and growth of the Italian tourism sectorThe Ministry of Tourism and Unioncamere have signed an agreement to involve 20,000 tourism businesses in the Tourism Digital Hub platform. This platform aims to enhance the Italian tourist offer on international markets and encourage the digitalisation of the sector. The tourism strategic plan also includes...
Rohan Massey's role in the tech industryMassey's key role in cyber breach management and regulatory compliance in the technology sectorThe article describes the role of Rohan Massey, partner at Ropes & Gray, in the technology sector. He focuses on regulatory compliance, data management, privacy and cybersecurity. Resolves data protection issues and manages cybersecurity breaches. It also addresses future challenges related to the convergence...
The Pentagon's 2023 strategy: enhance cybersecurity for allied countries and defend critical infr...The DoD's new strategy for enhancing cybersecurity and protecting critical infrastructureThe US Department of Defense has published a cybersecurity strategy 2023. The main goal is to enhance the capabilities of allied countries and critical infrastructure, defending the nation from cyber attacks. Additionally, the Pentagon has launched programs, such as “Hack the Pentagon,” to improve cyb...
What's new in the National Institute of Standards and Technology's brand new CMF frameworkNew updates and performance metrics in NIST's Cybersecurity Framework 2.0The National Institute of Standards and Technology (NIST) has released a draft of the Cybersecurity Framework 2.0. This new version included new features and focuses on organizational security. Comments will be accepted until 2024.
The new Machinery Regulation and its importance in industrial cybersecurityThe impacts of the Machinery Regulation on the protection of company data and the management of IT risksThe new Machinery Regulation approved by the European Parliament introduces cybersecurity requirements to guarantee the safety of machines. It focuses on new technologies such as artificial intelligence, IoT and robotics. Manufacturers must take measures to protect machines from cyber attacks. Compliance...
New England sees surge in cybersecurity and data privacy class action filingsRising legal complexities reflect a shift in cybersecurity litigation trendsIn 2023, New England has seen a rise in cybersecurity and data privacy class action lawsuits, particularly in Massachusetts. Healthcare, tech, retail, manufacturing, financial services, and professional services are the most targeted industries. Two key trends are multiple copycat complaints from a single...
Wild telemarketing: fine for Tiscali and ComparafacileViolations of privacy regulations in telemarketing: fines for Tiscali and ComparafacileTiscali and Comparafacile were fined by the Privacy Guarantor for abusive telemarketing practices. Tiscali provided incomplete information on customer data retention and sent promotional SMS without consent. Comparafacile contacted people without consent and without providing adequate information. Both...
American sanctions against Trickbot and Conti in fighting cybercrimeThe joint US-UK effort against russian-sponsored cybercrimeThe US Treasury Department has adopted new sanctions against the Trickbot and Conti hacker groups, linked to Russian cybercrime. The sanctions target 11 individuals involved in Trickbot, including administrators and programmers. The United States is stepping up efforts to counter the threat of Russian...
Security labels for smart devices: are you willing to pay more for peace of mind?Vulnerable smart devices are putting consumer security at risk: is a change in approach necessary?Buyers are willing to pay more for smart devices that provide data security and privacy, according to a new study. However, experts warn that voluntary labels may not be enough and suggest mandatory labeling to prevent manipulation by manufacturers. The White House has announced plans to introduce optional...
The president of the Privacy Guarantor invites Parliament to be cautious in the use of massive surveillance...Protection of personal data: suggestions from the Privacy Guarantor for responsible surveillanceThe president of the Privacy Guarantor, Pasquale Stanzione, has proposed banning the use of IT devices for wiretaps that can modify the content of the host device. The aim is to ensure greater privacy protection and prevent access to information by third parties. The Guarantor also suggested introducing...
Data security remains an ongoing concern for TikTokTikTok's efforts to improve data protection safeguards and regain user trustTikTok has taken steps to improve the security of user data, relying on a security company in the United Kingdom. The Clover project will guarantee the protection of European data, respecting the GDPR. By April 2024, data will be stored in three secure data centers. These actions will dispel concerns...
Privacy Guarantor fines company for improper use of the video surveillance systemBiometric video surveillance system and continuous monitoring of the position of accused employeesThe Privacy Guarantor has fined a company for the improper use of the video surveillance system, which included fingerprinting and geographical tracking of employees. The company processed worker data without authorization and used biometric data without legal basis, violating the GDPR.