Tag

Data Protection

All articles tagged with #data protection

France Moves DGSI Away From Palantir, Picks ChapsVision
technology24 days ago

France Moves DGSI Away From Palantir, Picks ChapsVision

France’s domestic intelligence agency DGSI is ending its contract with Palantir and selecting French firm ChapsVision to replace it, reflecting Europe’s push to reduce reliance on U.S. tech for sensitive security work. The Palantir contract, renewed in 2025 for 2028, remains in force for now as the handover is prepared, and Germany has similarly chosen ChapsVision for its data analysis.

Coupang faces historic data-breach penalty as Korea tightens tech oversight
technology1 month ago

Coupang faces historic data-breach penalty as Korea tightens tech oversight

South Korea fined Coupang 624.6 billion won ($409 million) for a data breach that exposed the personal information of roughly two-thirds of the population, the largest such penalty in the country; authorities said security controls were lax and response was delayed, triggering leadership changes and fueling broader debates over US-Korea tech regulation.

Chrome Under Fire for Secret 4GB On-Device AI Install Without Consent
technology2 months ago

Chrome Under Fire for Secret 4GB On-Device AI Install Without Consent

Security researcher Alexander Hanff revealed that Chrome quietly installs a 4GB weights.bin file for Gemini Nano's on-device AI whenever default AI features are enabled, re-downloading it if the user tries to delete it and offering no consent or transparency. The move has sparked privacy and data-regulation concerns (GDPR), potential environmental impact from emissions tied to widespread device usage, and broad backlash, with Mozilla promising a kill switch and Vivaldi calling for user autonomy while Google remains silent.

Microsoft rolls emergency patch to fix macOS/Linux ASP.NET Core privilege escalation
technology2 months ago

Microsoft rolls emergency patch to fix macOS/Linux ASP.NET Core privilege escalation

Microsoft issued an emergency update for ASP.NET Core's DataProtection package (versions 10.0.0–10.0.6) to fix a high-severity flaw (CVE-2026-40372) that allowed unauthenticated attackers on macOS and Linux to forge authentication tokens and gain SYSTEM privileges; upgrade to 10.0.7 immediately, and rotate the DataProtection key ring and audit long-lived artifacts since forged tokens could remain valid after patching.

Microsoft patches critical ASP.NET Core data-protection flaw to curb cookie forgery
security2 months ago

Microsoft patches critical ASP.NET Core data-protection flaw to curb cookie forgery

Microsoft released out-of-band security updates for a critical ASP.NET Core Data Protection vulnerability (CVE-2026-40372) that could let unauthenticated attackers forge authentication cookies and gain SYSTEM privileges. The flaw comes from a regression in the 10.0.0–10.0.6 NuGet packages, which could cause forged payloads to bypass authenticity checks; upgrading to 10.0.7 and redeploying with a rotated DataProtection key ring fixes the issue. This follows April’s Patch Tuesday and includes additional out-of-band Windows Server fixes. No service disruption is reported, but applications using DataProtection should update promptly to prevent token forgery and data exposure.

Gaza aid groups push back on Israeli data demands, eyeing GDPR safeguards
world4 months ago

Gaza aid groups push back on Israeli data demands, eyeing GDPR safeguards

International aid groups operating in Gaza warn they face a choice between complying with Israel’s new data‑sharing rules or losing access to Gaza and the West Bank; the rules would force registration and broad disclosure of staff and donor information, potentially endangering personnel. NGOs argue the demands conflict with EU GDPR protections, prompting a High Court challenge and urgent EU engagement to suspend the measures. The EU Commission says it’s monitoring the situation and aims to facilitate privacy‑respecting solutions, warning that blocking aid could jeopardize life-saving relief.

Jersey warns of AI deepfake surge and calls for safeguards
technology4 months ago

Jersey warns of AI deepfake surge and calls for safeguards

Officials in Jersey (Information Commissioner Paul Vane) and Guernsey have joined a broad coalition of jurisdictions warning that AI-generated images and videos can harm real people, urging tighter oversight. They issued guidance on steps individuals can take to protect themselves, such as limiting what you share online, being cautious with AI platforms, and talking to children about AI use. The warning follows a recent incident where a deepfake targeting school staff prompted a police investigation.

Oxfam refuses to share Palestinian staff data with Israel amid Gaza aid crackdown
world5 months ago

Oxfam refuses to share Palestinian staff data with Israel amid Gaza aid crackdown

Oxfam refuses to disclose Palestinian staff details to Israel amid a Gaza aid crackdown, arguing that sharing sensitive data would threaten staff safety and breach humanitarian principles; Israel has deregistered dozens of NGOs and demanded extensive staff information, while MSF offered a limited, safeguarded list and PNGO warned the move jeopardizes aid work.

MSF agrees to share staff data under Israeli security rules, drawing concern
world5 months ago

MSF agrees to share staff data under Israeli security rules, drawing concern

Doctors Without Borders (MSF) says it will provide a defined list of Palestinian and international staff to Israeli authorities under new security requirements, calling it an exceptional measure to safeguard operations. Critics warn the move could endanger aid workers in Gaza and the West Bank. Israel says dozens of NGOs have complied or are weighing the rules, and MSF notes that international staff arrivals into Gaza have been blocked since Jan 1, 2026, highlighting a deteriorating humanitarian situation.

Disney to Pay $10 Million to Settle Children's Privacy Law Violations
business6 months ago

Disney to Pay $10 Million to Settle Children's Privacy Law Violations

Disney will pay $10 million to settle allegations of violating children's privacy laws by failing to properly label YouTube videos as made for children, leading to targeted advertising and data collection without parental consent. The settlement follows an FTC inquiry and requires Disney to improve compliance with children's data protection laws, specifically under COPPA.