Category Archives: Germany

Germany’s defense minister: Cyber security is going to be the main focus of this decade.

On Saturday, Germany defense minister Ursula von der Leyen told CNBC that cyber attacks are the greatest challenge threatening global stability.

The cybersecurity is a pillar of modern states, the string of recent massive attacks including NotPetya and WannaCry is the demonstration that we are all potential targets.

Cyber attacks could hit governments, private companies and citizens in every time and from every where causing severe problems to the victims and huge financial losses. The cyber risk is directly linked to geopolitical, environmental, technological, and economic risks. A cyber attack could destabilize governments worldwide, it can get a business out of the business.

When journalists asked about the “single greatest threat to global stability,” to the German defense minister, she confirmed the disconcerting scenario.

“I think it’s the cyber threats because whatever adversaries you can think of and even if you talk about Daesh (the terrorist group) they use the cyber domain to fight against us.” Germany’s defense minister Ursula von der Leyen told CNBC.

Germany defense minister urges European states to invest in collective defense

“This decade will be the decade of improvement in cyber security and information ruling,” she added.

 

Governments and companies are already investing to improve the resilience to cyber attacks of their networks. The Germany defense minister also noticed that Governments are also working to improve their offensive cyber capabilities.

The US and UK are reportedly using cyber soldiers to fight the Islamic State.

The video interview is available at the following link:

https://www.cnbc.com/video/2018/02/17/cyber-threats-biggest-threat-to-stabililty-german-defense-minister-says.html

Pierluigi Paganini

(Security Affairs – Germany defense minister:, Information Warfare)

The post Germany’s defense minister: Cyber security is going to be the main focus of this decade. appeared first on Security Affairs.

German court says Facebook use of personal data is illegal

Facebook’s default privacy settings and some of its terms of service fall afoul of the German Federal Data Protection Act, the Berlin Regional Court has found. By not adequately securing the informed consent of its users, Facebook’s use of personal data is illegal – and so is the social network’s “real-name” clause, as the German Telemedia Act says that providers of online services must allow users to use their services anonymously or by using a … More

Head of Austrian DPA Appointed Chair of Article 29 Working Party

On February 7, 2018, representatives of European Data Protection Authorities (“DPAs”) met in Brussels to appoint the new leader of the current Article 29 Data Protection Working Party (the “Working Party”). Andrea Jelinek, head of the Austrian DPA, was elected to the post and will replace Isabelle Falque-Pierrotin, leader of the French DPA, who has represented the Working Party over the past four years.

Jelinek, running for the position against head of the Bulgarian DPA, Ventsislav Karadjov, won by a majority of votes and will assume the role in the coming months.

After the EU GDPR becomes directly applicable on May 25, 2018, the Working Party will be replaced by the new European Data Protection Board, and it is highly likely that Jelinek will be reconfirmed as its inaugural leader.

Austria is one of only two EU member states, the other being Germany, that has fully adapted its national privacy laws to be in line with the GDPR ahead of the May 2018 deadline.

Privacy and Information Security Law Blog’s Top 10 Posts of 2017

What were the hottest privacy and cybersecurity topics for 2017? Our posts on the EU General Data Protection Regulation (“GDPR”), EU-U.S. Privacy Shield, and the U.S. executive order on cybersecurity led the way in 2017. Read our top 10 posts of the year.

Article 29 Working Party Releases GDPR Action Plan for 2017

On January 16, 2017, the Article 29 Working Party (“Working Party”) published further information about its Action Plan for 2017, which sets forth the Working Party’s priorities and objectives in the context of implementation of the GDPR for the year ahead. The Action Plan closely follows earlier GDPR guidance relating to Data Portability, the appointment of Data Protection Officers and the concept of the Lead Supervisory Authority, which were published together by the Working Party on December 13, 2016. Continue reading

Privacy Shield: Impact of Trump’s Executive Order

On January 25, 2017, President Trump issued an Executive Order entitled “Enhancing Public Safety in the Interior of the United States.” While the Order is primarily focused on the enforcement of immigration laws in the U.S., Section 14 declares that “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” This provision has sparked a firestorm of controversy in the international privacy community, raising questions regarding the Order’s impact on the Privacy Shield framework, which facilitates lawful transfers of personal data from the EU to the U.S. While political ramifications are certainly plausible from an EU-U.S. perspective, absent further action from the Trump Administration, Section 14 of the Order should not impact the legal viability of the Privacy Shield framework. Continue reading

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the GDPR that will become applicable on May 25, 2018. Continue reading

German DPA Publishes English Translation of Standard Data Protection Model

On April 13, 2017, the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information published an English translation of the draft Standard Data Protection Model. The SDM was adopted in November 2016 at the Conference of the Federal and State Data Protection Commissioners. Continue reading

President Trump Signs Executive Order on Cybersecurity

On May 11, 2017, President Trump signed an executive order (the “Order”) that seeks to improve the federal government’s cybersecurity posture and better protect the nation’s critical infrastructure from cyber attacks. The Order also seeks to establish policies for preventing foreign nations from using cyber attacks to target American citizens. Read the full text of the Order.

Bavarian DPA Tests GDPR Implementation of 150 Companies

On May 24, 2017, the Bavarian Data Protection Authority (“DPA”) published a questionnaire to help companies assess their level of implementation of the GDPR. Continue reading

Article 29 Working Party Releases Opinion on Data Processing at Work

The Working Party recently issued its Opinion on data processing at work (the “Opinion”). The Opinion, which complements the Working Party’s previous Opinion 08/2001 on the processing of personal data in the employment context and Working document on the surveillance of electronic communications in the workplace, seeks to provide guidance on balancing employee privacy expectations in the workplace with employers’ legitimate interests in processing employee data. The Opinion is applicable to all types of employees and not just those under an employment contract (e.g., freelancers). Continue reading

New Data Protection Enforcement Provisions Take Effect in Russia

As reported in BNA Privacy Law Watch, on July 1, 2017, a new law took effect in Russia allowing for administrative enforcement actions and higher fines for violations of Russia’s data protection law. The law, which was enacted in February 2017, imposes higher fines on businesses and corporate executives accused of data protection violations, such as unlawful processing of personal data, processing personal data without consent, and failure of data controllers to meet data protection requirements. Whereas previously fines were limited to 300 to 10,000 rubles ($5 to $169 USD), under the new law, available fines for data protection violations range from 15,000 to 75,000 rubles ($254 to $1,269 USD) for businesses and 3,000 to 20,000 rubles ($51 to $338 USD) for corporate executives. Continue reading

CNIL Publishes GDPR Guidance for Data Processors

On September 29, 2017, the French Data Protection Authority published a guide for data processors to implement the new obligations set by the GDPR. Continue reading

Article 29 Working Party Releases Guidelines on Automated Individual Decision-Making and Profiling

On October 17, 2017, the Working Party issued Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (the “Guidelines”). The Guidelines aim to clarify the GDPR’s provisions that address the risks arising from profiling and automated decision-making. Continue reading…

Cerber spam: "please print", "images etc"

I only have a couple of samples of this spam, but I suspect it comes in many different flavours.. Subject:       imagesFrom:       "Sophia Passmore" [Sophia5555@victimdomain.tld]Date:       Fri, May 12, 2017 7:18 pm--*Sophia Passmore*Subject:       please printFrom:       "Roberta Pethick" [Roberta5555@victimdomain.tld]Date:       Fri, May 12, 2017 7:18 pm--*Roberta Pethick* In these two

Malware spam: UK Fuels Collection / "invoices@ebillinvoice.com"

This fake invoice comes with a malicious attachment: From:    invoices@ebillinvoice.com Date:    18 July 2017 at 09:37 Subject:    UK Fuels Collection Velocity         ACCOUNT NO ******969         Dear CUSTOMER, Your latest invoice for your fuel card account is now available for you to view online, download or print through our Velocity online management system. How to view your

Malware spam: "John Miller Limited" / "Invoice"

This spam pretends to come from John Miller Ltd (but doesn't) and comes with a malicious payload. The domain mentioned in the email does not match the company being spoofed, and varies from message to message. From:    Felix Holmes Date:    5 June 2017 at 10:20Subject:    InvoiceRegardsFelix Holmescid:image001.jpg@01D00F00.660A92D0Kirkburn Ind. EstateLockerbieDumfries and GallowayDG11 2FFTel