Domain: ico.org.uk
Stories and comments across the archive that link to ico.org.uk.
Stories · 5
-
Facebook Finally Discloses Pro-Brexit Ads (techcrunch.com)
"The UK parliament has provided another telling glimpse behind the curtain of Facebook's unregulated ad platform by publishing data on scores of pro-Brexit adverts..." reports TechCrunch, adding that the 2016 ads "were run prior to Facebook having any disclosure rules for political ads. So there was no way for anyone other than each target recipient to know a particular ad existed or who it was being targeted at." An anonymous reader quotes their report: The targeting of the ads was carried out on Facebook's platform by AggregateIQ, a Canadian data firm that has been linked to Cambridge Analytica/SCL... [I]t's not clear how many ad impressions they racked up in all. But total impressions look very sizable. While some of what runs to many thousands of distinctly targeted ads which AIQ distributed via Facebook's platform are listed as only garnering between 0-999 impressions apiece, according to Facebook's data, others racked up far more views. Commonly listed ranges include 50,000 to 99,999 and 100,000 to 199,999 -- with even higher ranges like 2M-4.9M and 5M-9.9M also listed....
The publication of the Brexit ads is, above all, a reminder that online political advertising has been allowed to be a blackhole -- and at times a cesspit -- because cash-rich entities have been able to unaccountably exploit the obscurity of Facebook's systemically dark ad targeting tools for their own ends, and operate in a darkness where only Facebook had oversight (and wasn't exercising any), leaving the public no right of objection let alone reply, despite it being people's lives that are indelibly affected by political outcomes.... The company has been making some voluntary changes to offer a degree of political ad disclosure, as it seeks to stave off regulatory rule. Whether its changes -- which at best offer partial visibility -- will go far enough remains to be seen.
Earlier this month the UK's data watchdog released a report titled "Democracy disrupted?" in which the UK's Information Commissioner recommends an "ethical pause" of political advertising on social media to allow key players "to reflect on their responsibilities in respect to the use of personal data..." And this weekend an interim report from the House of Commons' media committee "said democracy is facing a crisis because the combination of data analysis and social media allows campaigns to target voters with messages of hate without their consent," according to the Associated Press.
"Tech giants like Facebook, which operate in a largely unregulated environment, are complicit because they haven't done enough to protect personal information and remove harmful content, the committee said." -
UK Watchdog Issues $334K Fine For Yahoo's 2014 Data Breach (theregister.co.uk)
An anonymous reader quotes a report from The Register: Yahoo's U.K. limb has finally been handed a $334,300 (250,000 GBP) fine for the 2014 cyber attack that exposed data of half a million Brit users. Today, the Information Commissioner's Office issued Yahoo U.K. Services Ltd a $334,300 (250,000 GBP) fine following an investigation that focused on the 515,121 U.K. accounts that the London-based branch of the firm had responsibility for. The ICO said "systemic failures" had put user data at risk as the U.K. arm of Yahoo did not take appropriate technical and organizational measures to prevent a data breach of this size.
In particular, the watchdog said there should have been proper monitoring systems in place to protect the credentials of Yahoo employees who could access customer's data, and to ensure that instructions to transfer very large quantities of personal data from Yahoo's servers would be flagged for investigation. It also noted that, as a data controller, Yahoo U.K. services Ltd had a responsibility to ensure its processors -- in this case Yahoo, whose U.S. servers held the data on U.K. users -- complied with data protection standards. -
BPAS Appeals £200,000 Fine Over Hacked Website
DW100 writes "A UK charity that provides help and guidance for women seeking abortions has been fined £200,000 after a hacker breached its website in 2012 and was able to gather data on 9,900 people that had requested help from the organization. The hacker was given almost three years in jail for the attack. The charity's CEO has condemned the decision, arguing it rewards the hacker for his efforts." The data was unintentionally stored in their CMS after miscommunication with a contractor, and they never performed security audits. Martin S. writes "The BPAS is appealing a £200,000 fine imposed by the ICO after their website was hacked by an Anonymous anti-abortion extremist. The amount is particularly egregious when perpetrators of willful data theft often attract fines of only a few thousand pounds." -
BPAS Appeals £200,000 Fine Over Hacked Website
DW100 writes "A UK charity that provides help and guidance for women seeking abortions has been fined £200,000 after a hacker breached its website in 2012 and was able to gather data on 9,900 people that had requested help from the organization. The hacker was given almost three years in jail for the attack. The charity's CEO has condemned the decision, arguing it rewards the hacker for his efforts." The data was unintentionally stored in their CMS after miscommunication with a contractor, and they never performed security audits. Martin S. writes "The BPAS is appealing a £200,000 fine imposed by the ICO after their website was hacked by an Anonymous anti-abortion extremist. The amount is particularly egregious when perpetrators of willful data theft often attract fines of only a few thousand pounds." -
European Watchdogs Challenge Google Over Its Privacy Policy
Trajan Przybylski writes "Information rights authorities in the UK, Germany, and Italy threatened to take legal action against Google if the company does not change its unified privacy policy. In its latest statement the ICO, Britain's information watchdog said Google's privacy policy implemented in March 2012 may not comply with the UK Data Protection Act. Many privacy activists and commentators have been critical of the data unification practice with some claiming the data sharing across web services carries serious risk of compromising people's identities as many users are not even aware their data is freely passed between Google-owned services."