Euroopan unionin tietosuoja-asetus GDPR on ollut voimassa hieman yli viisi vuotta. Tämän vuoden tammi-kesäkuussa asetuksen perusteella määrättiin sakkoja yli 1,5 miljardilla eurolla. Koko viiden vuoden aikana yritysten on täytynyt pulittaa tietosuojarikkomuksista lähes neljä miljardia euroa.

Alkuvuoden sakkosummat on koonnut yhteen tietoturvayritys Atlas VPN. Kaikkiaan toukokuun 2018 jälkeen asetuksen perusteella on määrätty 1679 sakkoa. Luvut perustuvat GDPR Enforcement Trackerin tilastoihin.

The EU signed off on a new agreement over the privacy of people’s personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies.

The European Union signed off Monday on a new agreement over the privacy of people’s personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies.

The EU-U.S. Data Privacy Framework has an adequate level of protection for personal data, the EU’s executive commission said. That means it’s comparable to the 27-nation’s own stringent data protection standards, so companies can use it to move information from Europe to the United States without adding extra security.

U.S. President Joe Biden signed an executive order in October to implement the deal after reaching a preliminary agreement with European Commission President Ursula von der Leyen. Washington and Brussels made an effort to resolve their yearslong battle over the safety of EU citizens’ data that tech companies store in the U.S. after two earlier data transfer agreements were thrown out.

“Personal data can now flow freely and safely from the European Economic Area to the United States without any further conditions or authorizations,” EU Justice Commissioner Didier Reynders said at a press briefing in Brussels.

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.

Last week, a former engineering manager at GitHub and NPM, Darcy Clarke, warned about “manifest confusion” problems that could introduce the risk of malware hiding in dependencies or executing scripts during installation.

The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten –
IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice.

In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union’s General Data Protection Regulation (GDPR).

Specifically, the companies were in violation of the GDPR Article 46(1), which forbids the transfer of personal data to countries or international organizations that lack safeguards that warrant safety and legal remediation mechanisms.

Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines
https://techcrunch.com/2023/07/03/google-analytics-sweden-gdpr-fines/