Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label European Union. Show all posts
SIS II
Data Breach EU Lisa European Union Sensitive data SIS II

EU Border Security Database Found to Have Serious Cyber Flaws

 



A recent investigative report has revealed critical cybersecurity concerns in one of the European Union’s key border control systems. The system in question, known as the Second Generation Schengen Information System (SIS II), is a large-scale database used across Europe to track criminal suspects, unauthorized migrants, and missing property. While this system plays a major role in maintaining regional safety, new findings suggest its digital backbone may be weaker than expected.

According to a joint investigation by Bloomberg and Lighthouse Reports, SIS II contains a significant number of unresolved security issues. Though there is no confirmed case of data being stolen, experts warn that poor account management and delayed software fixes could leave the system open to misuse. One of the main issues flagged was the unusually high number of user accounts with access to the database; many of which reportedly had no clear purpose.

SIS II has been in use since 2013 and stores over 90 million records, most of which involve things like stolen vehicles and documents. However, about 1.7 million entries involve individuals. These personal records often remain unknown to those listed until they are stopped by police or immigration officers, raising concerns about privacy and oversight in the event of a breach.

One legal researcher familiar with European digital systems warned that a successful cyberattack could lead to wide-ranging consequences, potentially affecting millions of people across the EU.

Another growing concern is that SIS II is currently hosted on a closed, internal network—but that is about to change. The system is expected to be integrated with a new border management tool called the Entry/Exit System (EES), which will require travelers to provide fingerprints and facial images when entering or leaving countries in the Schengen zone. Since the EES will be accessible online, experts worry it could create a new path for hackers to reach SIS II, making the whole network more vulnerable.

The technical work behind SIS II is managed by a French company, but investigations show that fixing critical security problems has taken far longer than expected. Some fixes reportedly took several months or even years to implement, despite contractual rules that require urgent patches to be handled within two months.

The EU agency responsible for overseeing SIS II, known as EU-Lisa, contracts much of the technical work to private firms. Internal audits raised concerns that management wasn’t always informed about known security risks. In response, the agency claimed that it regularly tests and monitors all systems under its supervision.

As Europe prepares to roll out more connected security tools, experts stress the need for stronger safeguards to protect sensitive data and prevent future breaches.

Read more »
Privacy
Ads Data Privacy data security DPC EU European Cyber Security European Union Legal Action Against Meta Meta Chatbots Meta Data personalized ads Privacy

WhatsApp Ads Delayed in EU as Meta Faces Privacy Concerns

 

Meta recently introduced in-app advertisements within WhatsApp for users across the globe, marking the first time ads have appeared on the messaging platform. However, this change won’t affect users in the European Union just yet. According to the Irish Data Protection Commission (DPC), WhatsApp has informed them that ads will not be launched in the EU until sometime in 2026. 

Previously, Meta had stated that the feature would gradually roll out over several months but did not provide a specific timeline for European users. The newly introduced ads appear within the “Updates” tab on WhatsApp, specifically inside Status posts and the Channels section. Meta has stated that the ad system is designed with privacy in mind, using minimal personal data such as location, language settings, and engagement with content. If a user has linked their WhatsApp with the Meta Accounts Center, their ad preferences across Instagram and Facebook will also inform what ads they see. 

Despite these assurances, the integration of data across platforms has raised red flags among privacy advocates and European regulators. As a result, the DPC plans to review the advertising model thoroughly, working in coordination with other EU privacy authorities before approving a regional release. Des Hogan, Ireland’s Data Protection Commissioner, confirmed that Meta has officially postponed the EU launch and that discussions with the company will continue to assess the new ad approach. 

Dale Sunderland, another commissioner at the DPC, emphasized that the process remains in its early stages and it’s too soon to identify any potential regulatory violations. The commission intends to follow its usual review protocol, which applies to all new features introduced by Meta. This strategic move by Meta comes while the company is involved in a high-profile antitrust case in the United States. The lawsuit seeks to challenge Meta’s ownership of WhatsApp and Instagram and could potentially lead to a forced breakup of the company’s assets. 

Meta’s decision to push forward with deeper cross-platform ad integration may indicate confidence in its legal position. The tech giant continues to argue that its advertising tools are essential for small business growth and that any restrictions on its ad operations could negatively impact entrepreneurs who rely on Meta’s platforms for customer outreach. However, critics claim this level of integration is precisely why Meta should face stricter regulatory oversight—or even be broken up. 

As the U.S. court prepares to issue a ruling, the EU delay illustrates how Meta is navigating regulatory pressures differently across markets. After initial reporting, WhatsApp clarified that the 2025 rollout in the EU was never confirmed, and the current plan reflects ongoing conversations with European regulators.
Read more »
secure VPN
customer privacy Cyber Security and Privacy Data Privacy encrypted European Union Messaging Apps Privacy secure VPN

ProtectEU and VPN Privacy: What the EU Encryption Plan Means for Online Security

 

Texting through SMS is pretty much a thing of the past. Most people today rely on apps like WhatsApp and Signal to share messages, make encrypted calls, or send photos—all under the assumption that our conversations are private. But that privacy could soon be at risk in the EU.

On April 1, 2025, the European Commission introduced a new plan called ProtectEU. Its goal is to create a roadmap for “lawful and effective access to data for law enforcement,” particularly targeting encrypted platforms. While messaging apps are the immediate focus, VPN services might be next. VPNs rely on end-to-end encryption and strict no-log policies to keep users anonymous. However, if ProtectEU leads to mandatory encryption backdoors or expanded data retention rules, that could force VPN providers to change how they operate—or leave the EU altogether. 

Proton VPN’s Head of Public Policy, Jurgita Miseviciute, warns that weakening encryption won’t solve security issues. Instead, she believes it would put users at greater risk, allowing bad actors to exploit the same access points created for law enforcement. Proton is monitoring the plan closely, hoping the EU will consider solutions that protect encryption. Surfshark takes a more optimistic view. Legal Head Gytis Malinauskas says the strategy still lacks concrete policy direction and sees the emphasis on cybersecurity as a potential boost for privacy tools like VPNs. Mullvad VPN isn’t convinced. 

Having fought against earlier EU proposals to scan private chats, Mullvad criticized ProtectEU as a rebranded version of old policies, expressing doubt it will gain wide support. One key concern is data retention. If the EU decides to require VPNs to log user activity, it could fundamentally conflict with their privacy-first design. Denis Vyazovoy of AdGuard VPN notes that such laws could make no-log VPNs unfeasible, prompting providers to exit the EU market—much like what happened in India in 2022. NordVPN adds that the more data retained, the more risk users face from breaches or misuse. 

Even though VPNs aren’t explicitly targeted yet, an EU report has listed them as a challenge to investigations—raising concerns about future regulations. Still, Surfshark sees the current debate as a chance to highlight the legitimate role VPNs play in protecting everyday users. While the future remains uncertain, one thing is clear: the tension between privacy and security is only heating up.
Read more »
Technology
Artificial Intelligence Criminal Breach European Union Europol Technology

AI Technology is Helping Criminal Groups Grow Stronger in Europe, Europol Warns

 



The European Union’s main police agency, Europol, has raised an alarm about how artificial intelligence (AI) is now being misused by criminal groups. According to their latest report, criminals are using AI to carry out serious crimes like drug dealing, human trafficking, online scams, money laundering, and cyberattacks.

This report is based on information gathered from police forces across all 27 European Union countries. Released every four years, it helps guide how the EU tackles organized crime. Europol’s chief, Catherine De Bolle, said cybercrime is growing more dangerous as criminals use advanced digital tools. She explained that AI is giving criminals more power, allowing them to launch precise and damaging attacks on people, companies, and even governments.

Some crimes, she noted, are not just about making money. In certain cases, these actions are also designed to cause unrest and weaken countries. The report explains that criminal groups are now working closely with some governments to secretly carry out harmful activities.

One growing concern is the rise in harmful online content, especially material involving children. AI is making it harder to track and identify those responsible because fake images and videos look very real. This is making the job of investigators much more challenging.

The report also highlights how criminals are now able to trick people using technology like voice imitation and deepfake videos. These tools allow scammers to pretend to be someone else, steal identities, and threaten people. Such methods make fraud, blackmail, and online theft harder to spot.

Another serious issue is that countries are now using criminal networks to launch cyberattacks against their rivals. Europol noted that many of these attacks are aimed at important services like hospitals or government departments. For example, a hospital in Poland was recently hit by a cyberattack that forced it to shut down for several hours. Officials said the use of AI made this attack more severe.

The report warns that new technology is speeding up illegal activities. Criminals can now carry out their plans faster, reach more people, and operate in more complex ways. Europol urged countries to act quickly to tackle this growing threat.

The European Commission is planning to introduce a new security policy soon. Magnus Brunner, the EU official in charge of internal affairs, said Europe needs to stay alert and improve safety measures. He also promised that Europol will get more staff and better resources in the coming years to fight these threats.

In the end, the report makes it clear that AI is making crime more dangerous and harder to stop. Stronger cooperation between countries and better cyber defenses will be necessary to protect people and maintain safety across Europe.

Read more »
Privacy
Artificial Intelligence Data Regulation DeepSeek European Union Privacy

Why European Regulators Are Investigating Chinese AI firm DeepSeek

 


European authorities are raising concerns about DeepSeek, a thriving Chinese artificial intelligence (AI) company, due to its data practices. Italy, Ireland, Belgium, Netherlands, France regulators are examining the data collection methods of this firm, seeing whether they comply with the European General Data Protection Regulation or, if they also might consider that personal data is anyway transferred unlawfully to China.

Hence, due to these issues, the Italian authority has released a temporary restrainment to access the DeepSeek chatbot R1 for the time-being under which investigation will be conducted on what and how data get used, and how much has affected training in the AI model.  


What Type of Data Does DeepSeek Actually Collect? 

DeepSeek collects three main forms of information from the user: 

1. Personal data such as names and emails.  

2. Device-related data, including IP addresses.  

3. Data from third parties, such as Apple or Google logins.  

Moreover, there is an action that an app would be able to opt to take if at all that user was active elsewhere on those devices for "Community Security." Unlike many companies I have said where there are actual timelines or limits on data retention, it is stated that retention of data can happen indefinitely by DeepSeek. This can also include possible sharing with others-advertisers, analytics firms, governments, and copyright holders.  

Noting that most AI companies like the case of OpenAI's ChatGPT and Anthropic's Claude have met such privacy issues, experts would observe that DeepSeek doesn't expressly provide users the rights to deletion or restrictions on its use of their data as mandated requirement in the GDPR.  


The Collected Data Where it Goes  

One of major problems of DeepSeek is that it saves user data in China. Supposedly, the company has secure security measures in place for the data set and observes local laws for data transfer, but from a legal perspective, there is no valid basis being presented by DeepSeek concerning the storing of data from its European users outside the EU.  

According to the EDPB, privacy laws in China lay more importance on "stability of community than that of individual privacy," thus permitting broadly-reaching access to personal data for purposes such as national security or criminal investigations. Yet it is not clear whether that of foreign users will be treated differently than that of Chinese citizens. 


Cybersecurity and Privacy Threats 

As accentuated by cyber crime indices in 2024, China is one of the countries most vulnerable to cyberattacks. Cisco's latest report shows that DeepSeek's AI model does not have such strong security against hacking attempts. Other AI models can block at least some "jailbreak" cyberattacks, while DeepSeek turned out to be completely vulnerable to such assaults, which have made it softer for manipulation. 


Should Users Worry? 

According to experts, users ought to exercise caution when using DeepSeek and avoid sharing highly sensitive personal details. The uncertain policies of the company with respect to data protection, storage in China, and relatively weak security defenses could avail pretty heavy risks to users' privacy and as such warrant such caution. 

European regulators will then determine whether DeepSeek will be allowed to conduct business in the EU as investigations continue. Until then, users should weigh risks against their possible exposure when interacting with the platform. 



Read more »
USB-C
E-waste European Union Technology Universal Charger USB-C

EU Officially Announce USB-C as Global Charging Standard

 

For tech enthusiasts and environmentalists in the European Union (EU), December 28, 2024, marked a major turning point as USB-C officially became the required standard for electronic gadgets.

The new policy mandates that phones, tablets, cameras, and other electronic devices marketed in the EU must have USB-C connectors. This move aims to minimise e-waste and make charging more convenient for customers. Even industry giants like Apple are required to adapt, signaling the end of proprietary charging standards in the region.

Apple’s Transition to USB-C

Apple has been slower than most Android manufacturers in adopting USB-C. The company introduced USB-C connectors with the iPhone 15 series in 2023, while older models, such as the iPhone 14 and the iPhone SE (3rd generation), continued to use the now-outdated Lightning connector.

To comply with the new EU regulations, Apple has discontinued the iPhone 14 and iPhone SE in the region, as these models include Lightning ports. While they remain available through third-party retailers until supplies run out, the regulation prohibits brands from directly selling non-USB-C devices in the EU. However, outside the EU, including in major markets like the United States, India, and China, these models are still available for purchase.

Looking Ahead: USB-C as the Future

Apple’s decision aligns with its broader strategy to phase out the Lightning connection entirely. The transition is expected to culminate in early 2025 with the release of a USB-C-equipped iPhone SE. This shift not only ensures compliance with EU regulations but also addresses consumer demands for a more streamlined charging experience.

The European Commission (EC) celebrated the implementation of this law with a playful yet impactful tweet, highlighting the benefits of a universal charging standard. “Today’s the day! USB-C is officially the common standard for electronic devices in the EU! It means: The same charger for all new phones, tablets & cameras; Harmonised fast-charging; Reduced e-waste; No more ‘Sorry, I don’t have that cable,’” the EC shared on X (formerly Twitter).

Environmental and Consumer Benefits

This law aims to alleviate the frustration of managing multiple chargers while addressing the growing environmental issues posed by e-waste. By standardising charging technology, the EU hopes to:

  • Simplify consumer choices
  • Extend the lifespan of accessories like cables and adapters
  • Reduce the volume of electronic waste

With the EU leading this shift, other regions may follow suit, further promoting sustainability and convenience in the tech industry.

Read more »
Privacy
Data Laws European Union NIS2 Directive Organization security Privacy

Enhancing EU Cybersecurity: Key Takeaways from the NIS2 Directive

Enhancing EU Cybersecurity: Key Takeaways from the NIS2 Directive

The European Union has taken a significant step forward with the introduction of the NIS2 Directive. This directive, which builds upon the original Network and Information Systems (NIS) Directive, aims to bolster cybersecurity across the EU by imposing stricter requirements and expanding its scope. But how far does the NIS2 Directive reach, and what implications does it have for organizations within the EU?

A Broader Scope

One of the most notable changes in the NIS2 Directive is its expanded scope. While the original NIS Directive primarily targeted operators of essential services and digital service providers, NIS2 extends its reach to include a wider range of sectors. This includes public administration entities, the healthcare sector, and providers of digital infrastructure. By broadening the scope, the EU aims to ensure that more entities are covered under the directive, thereby enhancing the overall cybersecurity posture of the region.

Enhanced Security Requirements

The move brings more stringent security requirements for entities within its scope. Organizations are now required to implement robust cybersecurity measures, including risk management practices, incident response plans, and regular security assessments. These measures are designed to ensure that organizations are better prepared to prevent, detect, and respond to cyber threats.

Additionally, the directive emphasizes the importance of supply chain security. Organizations must now assess and manage the cybersecurity risks associated with their supply chains, ensuring that third-party vendors and partners adhere to the same high standards of security.

Incident Reporting Obligations

Another significant aspect of the NIS2 Directive is the enhanced incident reporting obligations. Under the new directive, organizations are required to report significant cybersecurity incidents to the relevant authorities within 24 hours of detection. This rapid reporting is crucial for enabling a swift response to cyber threats and minimizing the potential impact on critical infrastructure and services.

The directive also mandates that organizations provide detailed information about the incident, including the nature of the threat, the affected systems, and the measures taken to mitigate the impact. This level of transparency is intended to facilitate better coordination and information sharing among EU member states, ultimately strengthening the collective cybersecurity resilience of the region.

Governance and Accountability

Organizations are required to designate a responsible person or team for overseeing cybersecurity measures and ensuring compliance with the directive. This includes conducting regular audits and assessments to verify the effectiveness of the implemented security measures.

Organizations that fail to meet the requirements of the NIS2 Directive may face significant fines and other sanctions. This serves as a strong incentive for organizations to prioritize cybersecurity and ensure that they are fully compliant with the directive.

Challenges and Opportunities

It also offers numerous opportunities. By implementing the required cybersecurity measures, organizations can significantly enhance their security posture and reduce the risk of cyber incidents. This not only protects their own operations but also contributes to the overall security of the EU.

The directive also encourages greater collaboration and information sharing among EU member states. This collective approach to cybersecurity can lead to more effective threat detection and response, ultimately making the region more resilient to cyber threats.

Read more »
Thierry Breton
Data Privacy digital competition rules Digital Markets Act European Union Facebook Instagram Meta Platforms online gatekeepers personalized ads regulatory scrutiny Technology Thierry Breton

EU Claims Meta’s Paid Ad-Free Option Violates Digital Competition Rules

 

European Union regulators have accused Meta Platforms of violating the bloc’s new digital competition rules by compelling Facebook and Instagram users to either view ads or pay to avoid them. This move comes as part of Meta’s strategy to comply with Europe's stringent data privacy regulations.

Starting in November, Meta began offering European users the option to pay at least 10 euros ($10.75) per month for ad-free versions of Facebook and Instagram. This was in response to a ruling by the EU’s top court, which mandated that Meta must obtain user consent before displaying targeted ads, a decision that jeopardized Meta’s business model of personalized advertising.

The European Commission, the EU’s executive body, stated that preliminary findings from its investigation indicate that Meta’s “pay or consent” model breaches the Digital Markets Act (DMA) of the 27-nation bloc. According to the commission, Meta’s approach fails to provide users the right to “freely consent” to the use of their personal data across its various services for personalized ads.

The commission also criticized Meta for not offering a less personalized service that is equivalent to its social networks. Meta responded by stating that their subscription model for no ads aligns with the direction of the highest court in Europe and complies with the DMA. The company expressed its intent to engage in constructive dialogue with the European Commission to resolve the investigation.

The investigation was launched soon after the DMA took effect in March, aiming to prevent tech “gatekeepers” from dominating digital markets through heavy financial penalties. One of the DMA's objectives is to reduce the power of Big Tech firms that have amassed vast amounts of personal data, giving them an advantage over competitors in online advertising and social media services. The commission suggested that Meta should offer an option that doesn’t rely on extensive personal data sharing for advertising purposes.

European Commissioner Thierry Breton, who oversees the bloc’s digital policy, emphasized that the DMA aims to empower users to decide how their data is used and to ensure that innovative companies can compete fairly with tech giants regarding data access.

Meta now has the opportunity to respond to the commission’s findings, with the investigation due to conclude by March 2025. The company could face fines of up to 10% of its annual global revenue, potentially amounting to billions of euros. Under the DMA, Meta is classified as one of seven online gatekeepers, with Facebook, Instagram, WhatsApp, Messenger, and its online ad business listed among two dozen “core platform services” that require the highest level of regulatory scrutiny.

This accusation against Meta is part of a series of regulatory actions by Brussels against major tech companies. Recently, the EU charged Apple with preventing app makers from directing users to cheaper options outside its App Store and accused Microsoft of violating antitrust laws by bundling its Teams app with its Office software.


Read more »
Subscribe to: Posts (Atom)