Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label France. Show all posts
User Privacy
Data Breach Data Leak France Health Care Firm User Privacy

Millions are at Risk After a French HealthCare Services Firm's Data Leak

 

Viamedis, a French healthcare services provider, suffered a cyberattack that exposed the private data of policyholders and medical professionals in the country. Though the company's website is currently not accessible, an announcement concerning the data breach has been posted on LinkedIn. 

The data revealed in the hack includes a beneficiary's marital status, date of birth, social security number, health insurer's name, and guarantees that can be paid by third parties.

The firm has clarified that the compromised systems did not contain people's banking details, postal addresses, phone numbers, or emails. Viamedis states that different alerts on the data that was exposed will be sent to healthcare professionals. 

In light of this, Viamedis has contacted the relevant authorities (CNIL, ANSSI), impacted health organisations, and the public prosecutor via complaint. The business is still looking into the implications of the breach. 

Since Viamedis oversees payments for 84 healthcare organisations that serve 20 million insured people, it is evident that the hack has a considerable impact. However, the exact number of individuals impacted has not been disclosed. 

An investigation is being launched to determine the extent of the breach, according to Agence France-Presse (AFP) and the company's general director, Christophe Cande. 

"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation." - GD Viamedis' Cande.

Additionally, Cande stated that ransomware wasn't employed in the cyberattack. Instead, he claimed that the threat actor gained access to its systems through a phishing attempt that was successful against an employee. 

A warning confirming the indirect impact of the Viamedis data breach has been posted on the website of Malakoff Humanis, one of the organisations that works with Viamedis. 

Malakoff Humanis, one of the organisations associated with Viamedis, has put a notification on its website confirming the indirect effects of the data breach. 

In addition, the company is notifying affected consumers of the hack and service disruption through data breach notifications.

The statement reiterates the information mentioned in the Viamedis notification and informs customers that no banking, medical, or contact information saved on the platforms has been compromised.

According to Malakoff Humanis, users can still access their accounts and submit reimbursement claims. However, the temporary disconnection of the Viamedis platform is expected to disrupt the delivery of certain healthcare services. Similar circumstances are foreseen for other Viamedis service providers, such as Carte Blanche Partenaires, Itelis, Kalixia, Santéclair, and Audiens.
Read more »
User Safety
France iPhone 12 Mobile Radiation Mobile Security User Safety

Apple Seeks to Defuse a French iPhone 12 Issue as EU Inquiry Intensifies

 

In order to resolve a dispute concerning radiation levels, Apple pledged on Friday to upgrade the software on iPhone 12s in France. However, concerns in other European nations suggested Apple might need to take similar steps abroad. 

France suspended sales of iPhone 12 phones this week after tests revealed violations of radiation exposure regulations.

Apple refuted the findings, claiming that the iPhone 12 was approved by numerous international organisations as meeting all worldwide requirements, but announced on Friday that it would release a software update to take into account the French testing procedures. 

Over the past two decades, numerous studies have been undertaken to evaluate the health concerns related to mobile phones. The World Health Organisation claims that there is no evidence linking them to any negative health impacts. However, the radiation warning in France, which was based on test results that were different from those of other nations, has raised worries across Europe.

The Belgian state secretary for digitalization stated that he had urged Apple to update the software on the iPhone 12 across the EU, despite the fact that, according to the regulator's own preliminary analysis, the device poses no risk to customers. 

Italy was preparing to ask Apple to upgrade the software on iPhone 12s there, according to a government source in Rome, while Germany claimed it was in contact with French authorities to find an EU-wide solution. The conclusion of the French probe will come first, a second Italian government source claimed, and only then would Italian officials make any requests of Apple or take any independent actions.

The Dutch Authority for Digital Infrastructure stated that it is in contact with Apple as well as German and French authorities and is also conducting its own inquiry, which is due in two weeks. The organisation reported that it had received calls from customers who were worried. 

The French authorities welcomed Apple's software update, saying it will be quickly evaluated and would allow sales of the relatively old iPhone 12 model, which was released in 2020, to resume.

"We will issue a software update for users in France to accommodate the protocol used by French regulators. We look forward to iPhone 12 continuing to be available in France," Apple stated. "This is related to a specific testing protocol used by French regulators and not a safety concern."
Read more »
User Security
Cyber Security Data Safety France Safety User Data User Privacy User Security

French Government Allows Remote Access to Suspects' Devices: Privacy Concerns Arise

 

The French Government has recently introduced a new policy allowing the police to remotely access and control suspects' devices, including their cameras, microphones, and GPS data. Although this news has sparked controversy, similar practices have been in place in various countries for quite some time.

French Justice Minister Éric Dupond-Moretti announced the legislation, assuring that it would be utilized in only a limited number of cases annually. This spying capability will be granted for up to six months, subject to approval by a judge, and will primarily be applicable to cases carrying potential sentences of at least five years. "We're far away from the totalitarianism of 1984," he added. "People's lives will be saved."

The invasion of privacy involved in having law enforcement or government personnel gain unauthorized access to someone's phone and covertly observe their activities is undoubtedly concerning. It not only creates opportunities for the abuse of civil liberties by those in positions of power but also facilitates the misuse of this power by individuals acting in bad faith.

However, this type of surveillance is not a new phenomenon. As far back as 2006, the US FBI was legally activating cell phone microphones, even when the phones were switched off, to monitor suspects. During that time, it was still possible to remove the batteries from many phones, but modern devices lack this capability.

According to a 2022 report by Comparitech, all 50 countries examined granted some level of access to smartphones and their data for their respective police forces. The extent of access varied across countries, and many nations required warrants for such actions. 

China, Saudi Arabia, Singapore, and the United Arab Emirates offered the most unrestricted access, with China even allowing access without any suspicion of wrongdoing. Surprisingly, Germany permits intelligence agents to remotely access smartphones and install spyware without the individual being a crime suspect. In the United States, warrants are generally required, although exceptions exist. Australia takes it a step further by granting police the authority to modify data on a suspect's phone.

Nevertheless, several countries have established strong protections for smartphone privacy. Austria, Belgium, Finland, and Ireland are among the countries with the highest ratings in this regard, as they have clear laws stipulating that the police can access mobile phones only when the person is a suspect and a warrant has been issued.

If the idea of such access to your smartphone is unacceptable, there are options available in the market for smartphones equipped with physical switches that can prevent cameras and microphones from being activated, without the possibility of remote override. 

However, even if you deactivate your GPS, your location can still be tracked through triangulation using the cell towers that your phone communicates with numerous times each day.
Read more »
User Security
Data Breach Fine France GDPR User Privacy User Security

CNIL Fines Clearview AI 20 million Euros for Illegal Use of Facial Recognition Technology

 

France’s data protection authority (CNIL) has imposed a €20 million fine on Clearview AI, the controversial facial recognition firm time for illegally gathering and using data belonging to French residents without their knowledge. 

CNIL imposed the maximum financial penalty the company could receive as per GDPR Article 83 and also ordered Clearview AI to stop all data collection activities and delete the data gathered on French citizens or face an additional €100,000 fine per day. 

“Clearview AI had two months to comply with the injunctions formulated in the formal notice and to justify them to the CNIL. However, it did not provide any response to this formal notice,” the CNIL stated. 

“The chair of the CNIL, therefore, decided to refer the matter to the restricted committee, which is in charge of issuing sanctions. On the basis of the information brought to its attention, the restricted committee decided to impose a maximum financial penalty of 20 million euros, according to article 83 of the GDPR.” 

Clearview AI scraps publicly available images and videos of people from websites and social media platforms and associates them with identities. Using this technique, the company has collected over 20 billion images that are being employed to feed a biometric database of facial scans and identities. 

Subsequently, the American-based firm sells access to this database to individuals, law enforcement, and multiple organizations around the globe. 

In Europe, the General Data Protection Regulation (GDPR) dictates that any data collection needs to be clearly communicated to the people and requires consent. Even if Clearview AI is not employing leaked data and the company does not spy on people, individuals are unaware that their images are being used for identification by Clearview AI customers. 

CNIL's latest decision comes after a two-year investigation initiated in May 2020, when the French authority received complaints from individuals about Clearview facial recognition software. Another warning about biometric profiling came from the Privacy International organization in May 2021. 

According to the CNIL, it found Clearview AI was guilty of multiple violations of the General Data Protection Regulation (GDPR). The breaches include unlawful processing of private data (GDPR Article 6), individuals' rights not being respected (Articles 12, 15, and 17), and lack of cooperation with the data protection authority (Article 31). 

The CNIL judgment is the third decision against Clearview's activities after state authorities fined the firm in March and July for unlawfully gathering biometric data in Italy and Greece.
Read more »
Security research
CNIL Data Breach Fine France GDPR Payment Fraud Security research

The CNIL Penalized SLIMPAY €180,000 for Data Violation.

 

SLIMPAY is a licensed payment institution that provides customers with recurring payment options. Based in Paris, this subscription payment services firm was fined €180,000 by the French CNIL regulatory authority after it was discovered that sensitive client data had been stored on a publicly accessible server for five years by the firm. 

The company bills itself as a leader in subscription recurring payments, and it offers an API and processing service to handle such payments on behalf of clients such as Unicef, BP, and OVO Energy, to mention a few. It appears to have conducted an internal research project on an anti-fraud mechanism in 2015, during which it collected personal data from its client databases for testing purposes. Real data is a useful way to confirm that development code is operating as intended before going live, but when dealing with sensitive data like bank account numbers, extreme caution must be exercised to avoid violating data protection requirements.

In 2020, the CNIL conducted an inquiry on the company SLIMPAY and discovered a number of security flaws in their handling of customers' personal data. The restricted committee - the CNIL body in charge of applying fines - effectively concluded that the corporation had failed to comply with several GDPR standards based on these elements. Because the data subjects affected by the incident were spread across many European Union nations, the CNIL collaborated with four supervisory agencies (Germany, Spain, Italy, and the Netherlands). 

THE BREAKDOWNS 

1.  Failure to comply with the requirement to provide a formal legal foundation for a processor's processing operations (Article 28 of the GDPR)

SLIMPAY's agreements with its service providers do not include all of the terms necessary to ensure that these processors agree to process personal data in accordance with the GDPR. 

2. Failure to protect personal data from unauthorized access (Article 32 of the GDPR) 

Access to the server was not subject to any security controls, according to the restricted committee, and it could be accessed from the Internet between November 2015 and February 2020. More than 12 million people's civil status information, postal and e-mail addresses, phone numbers, and bank account numbers (BIC/IBAN) were all hacked. 

3. Failure to protect personal data from unauthorized access (Article 32 of the GDPR) 

The CNIL determined that the risk associated with the breach should be considered high due to the nature of the personal data, the number of people affected, the possibility of identifying the people affected by the breach from the accessible data, and the potential consequences for the people concerned.
Read more »
Sensitive data
Cyber Attacks France Hacking Nobelium Russia Sensitive data

Nobelium Hacking Group Targets French Organisations

 

According to the French national cyber-security agency ANSSI, the Russian-backed Nobelium hacker group responsible for last year's SolarWinds hack has now been targeting French firms since February 2021. 

Whereas the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) has not identified how Nobelium gained access to email accounts belonging to French organizations, it has stated that the hackers exploited them to send hostile emails to international entities.

In turn, French government organizations were targeted by fraudulent emails sent from servers belonging to foreign firms, which were thought to be infiltrated by the very same threat actor. Nobelium's infrastructure for cyberattacks on French entities was primarily built utilizing virtual private servers (VPS) from several hosting companies (favoring servers from OVH and located close to the targeted countries). 

"Overlaps have been identified in the tactics, techniques, and procedures (TTP) between the phishing campaigns monitored by ANSSI and the SOLARWINDS supply chain attack in 2020," ANSSI explained in a report. 

ANSSI advises limiting the processing of email attachments to prohibit harmful files provided in phishing efforts to fight against this hacker group's attacks. 

The French cyber-security agency additionally urges at-risk enterprises to use its Active Directory security hardening guidance to improve Active Directory security (and AD servers in particular). 

Nobelium, the hacker squad responsible for last year's SolarWinds supply-chain attack, which resulted in the compromise of various US federal agencies, is the cyber department of the Russian Foreign Intelligence Service (SVR), also known as APT29, The Dukes, or Cozy Bear. 

In April, the US government charged the SVR section of organizing the "broad-scope cyber-espionage campaign" that targeted SolarWinds. 

Based on strategies identified in events beginning in 2018, cybersecurity firm Volexity also attributed the assaults to the same threat actor. 

The Microsoft Threat Intelligence Center (MSTIC) revealed information in May on a Nobelium phishing effort that targeted government agencies from 24 countries. 

Nobelium is still targeting the worldwide IT supply chain, according to Microsoft, having hit 140 managed service providers (MSPs) and cloud service providers and compromised at least 14 since May 2021. 

Nobelium also attacked Active Directory Federation Services (AD FS) servers, seeking to infiltrate governments, think tanks, and private companies in the United States and Europe with the use of FoggyWeb, a new inactive and highly targeted backdoor. 

In October, Microsoft disclosed that Nobelium was perhaps the most prominent Russian hacking organization throughout July 2020 and June 2021, orchestrating the attacks that were behind 92 % of the notifications Microsoft sent to customers about Russia-based threat activity. 

Mandiant too linked the hacking organization to attempts to compromise government and enterprise networks throughout the world by targeting their MSPs with a new backdoor codenamed Ceeloader, which is designed to deliver more malware and capture sensitive information of political importance to Russia.
Read more »
United States
Cyber Crime France Hacker Hackers Arrested Kyiv Ukraine United States

25-Yr Old Hacker Detained by Ukraine Police

 

Following a collaborative international law enforcement investigation, two ransomware syndicates were apprehended in Ukraine. On Sept. 28, police investigators from Ukraine, the United States, and France arrested a 25-year-old hacker in Kyiv to put an end to a large cybercrime incident that cost more than $150 million worldwide. 

According to authorities, the suspect allegedly sought a ransom in turn of the victims' stolen information as of Oct. 4. The hacker is thought to have obtained this information by sending malware-infected phishing emails to workers of the organizations he targeted. 

As per the authorities, the cybercriminal, who hadn't been recognized, attacked over 100 enterprises in Europe and the United States, including world-famous energy and tourism companies. Europol noted that the hacker had a co-conspirator who assisted him in withdrawing funds from victims. 

Law enforcement investigators discovered and seized $375,000 in cash, two luxury automobiles, computers, and smartphones in the suspect's Scandinavian-styled Kyiv flat. 

Since virtual transactions are difficult to track, hackers frequently demand ransom in cryptocurrencies. Following inspections of the criminal's flat, authorities discovered that the Ukrainian cyber-criminal had over $1.3 million in cryptocurrencies in his possession. According to the authorities, he might face up to twelve years behind bars for breaching cybercrime and money laundering rules. 

"As a result, computer equipment, mobile phones, vehicles, and more than 360 thousand dollars in cash were seized. In addition, $1.3 million was blocked on the attacker's cryptocurrencies," the police said. 

Hackers from Ukraine and Russia rarely attack systems and networks in their nations, instead preferring to infect computers in Western Europe and the United States. Ukrainian cybercriminals are typically young, between the ages of 15 and 30, with no criminal history as well as a strong command of computer technology and mathematics. Their monthly income starts at $5,000, which is significantly higher than the $2,000 that tech experts in Ukraine might earn. 

Authorities all across the world are attempting to reverse the trend of ransomware assaults, which have become a lucrative business in recent years. Hackers, who are mostly from Eastern Europe, attack international companies, universities, government agencies, and even crucial infrastructures such as hospitals and gas stations.
Read more »
Smartphones
Cyber Security France French Government Israel Pegasus Smartphones

5 French Minister Phones Affected with Pegasus Spyware

 

At least five French ministers and President Emmanuel Macron's diplomatic advisor mobile phones have been infected by Israel-made Pegasus spyware, whistle-blowers confirmed on Friday 24th of September. 

As per a Mediapart report on Friday, French security agencies have discovered software during the phone inspection, with breaches reported in 2019 and 2020. 

In July Pegasus produced by NSO Group, the Israeli company, was already in the middle of a hurricane following a list of around 50,000 possible surveillance targets worldwide leaking to the media, and was capable of switching the camera or microphone and harbor their data. 

The insinuation was made about two months after the Pegasus Project, the media consortium which included the Guardian, found that a leaked database at the core of the investigatory project included contact information of top France officials, including French President Emmanuel Macron and most of its 20-strong cabinet. 

There is no strong proof of successful hacking of phones of the five cabinet members however media reports suggest that the devices were targeted by the potent spyware known as Pegasus, which is created by the NSO Group. 

Pegasus enables users to track the conversation, text messages, pictures, and location whenever installed effectively by government customers within the Israeli firm and can convert phones into remotely controlled listening devices. 

The consortium of Pegasus Project, organized by the French Forbidden Stories non-profit media, showed that international customers of NSO utilized hacker tools to attack journalists and human rights organizations. 

NSO reportedly stated that its strong malware is designed not to target civilian society members but to probe severe criminals. It has stated it has no link to the leaked database reviewed by the Pegasus Project and also the tens of thousands of numbers included do not target NSO customers. It has also firmly disputed that Pegasus Spyware has always targeted Macron. 

In a statement released on Thursday night, NSO said: “We stand by our previous statements regarding French government officials. They are not and have never been Pegasus targets. We won’t comment on anonymous source allegations.” 

Furthermore, the authenticity of the allegation was verified by two French individuals with knowledge of the inquiry, but they asked not to be named since they had not been allowed to talk to the media. 

"My phone is one of those checked out by the national IT systems security agency, but I haven't yet heard anything about the investigation so I cannot comment at this stage," Wargon told the L'Opinion website Friday. 

Mediapart stated that the handsets of the ministers for education (Jean-Michel Blanquer), Jacqueline Gourault, Julien Denormandie, Emmanuelle Wargon, Sébastien Lecornu and others – displayed indications of the virus Pegasus. The report noted that at the time of the allegations of targeting that happened in 2019 and less often in 2020, not all the Ministers had their current roles, but all were Ministers. The phone of the Macron Diplomatic Consultants at the Elysee Palace was also targeted. 

The Élysée Palace also stated that it would not comment on “long and complex investigations which are still ongoing”. 

The Prosecutor's Office refused to comment or to clarify whether or whether not the ministers' phone hacking had been found, stating that the investigation was subject to judicial confidentiality regulations. Although since the end of July, when the palace officials notified prudence, the Élysée has not reacted to the Pegasus affair and said that “no certainty at this stage”.
Read more »
Russia
Cyber Security Facebook Fake news France Russia

Facebook Shuts Down Fake Accounts Associated With Russia and French Military

Earlier this week, in a press conference, Facebook closed two misinformation networks related to Russia, one of which was associated with the French military. Facebook has accused these accounts of orchestrating interference campaigns in African regions. Two networks using multiple FB accounts were given to users associated with the Russian Internet Research Agency. In contrast, the third account had links to persons related to the French military, says Facebook. 

Facebook has closed all three accounts for violating the policy of foreign or government interference. These networks, according to Facebook, attacked targets in North Africa and Middle East countries. As of now, the French military has offered no comments on Facebook's allegations. The campaigns battled with each other, said Nathaniel Gleicher, Facebook's head of security policy, and David Agranovich, head of global threat disruption in a blog. 

It is the first time that Facebook found two campaigns (from France and Russia) fighting with each other, commenting on each other's accounts, claiming it is fake. These accounts used fake accounts as a central part of their operations to mislead people about who they are and what they are doing, and that was the basis for our action, says Facebook. One sample post read, "The Russian imperialists are a gangrene on Mali!" The French network accounts mainly targeted Mali and the Central African Republic. Other targets include Cote d'Ivoire, Chad, Algeria, Niger, and Burkina Faso. It involved 84 FB accounts, six pages, nine groups, and fourteen Instagram accounts that infringed a policy facing "coordinated inauthentic practice." 

In French and Arabic, some of the posts were about France's Francophone Africa systems, allegations of Russian meddling in CAR elections, supportive comments about the French military, and Russia's criticism. According to Gleicher and Agranovich, "we shared information about our findings with law enforcement and industry partners. We are making progress rooting out this abuse, but as we've said before, it's an ongoing effort, and we're committed to continually improving to stay ahead." As of now, the investigation is ongoing, and no further detail has been offered.
Read more »
Security
Apple Battery Performance Cyber Security France iOS iPhone Security

Apple Deliberately Restricts Old Versioned iPhones' Performance; Gets Fined!



Apple, the technology giant famously known for its partially eaten logo among other things, was recently fined by France’s authority that regulates competition in the country, mentioned sources.

This apparently isn’t the first time that Apple has been fined by governmental authorities but it hasn’t mattered to the multi-million organization much before because of its money replenishing power.

Per reports, the reason behind this charging happens to be Apple’s voluntarily keeping the fact from its users that the software updates it released in 2017 could limit the functioning of the older versions of iPhones.

According to sources, Apple never updated its users that the time-worn batteries of the older iPhones, namely, iPhone 7, iPhone 6, iPhone SE and such wouldn’t be able to manage the increased battery usages.

The Directorate-General for Competition, Consumption and the Suppression of Fraud (DGCCSF) is the aforementioned body that in one of its reports elaborated upon how Apple’s software updates hindered the proper performing of older models of iPhones and how the company never realized their duty to enlighten the users about it.

The updates in question basically curbed the performance levels of iPhones to thwart excessive energy consumption of older versions of the phones, eventually trying to ward off a total crashing down of the devices.

The users could go back to older software versions or replace the battery and their iPhones could have a chance at working like they formerly did. The issue is a good initiative and has a solution but how are the people to know about this and act accordingly, if they aren’t duly apprised by Apple?

And what’s more, Apple restricted the users from returning to their previous software types, meaning the users couldn’t do much about the situation anyway!

Sources mentioned that Apple agreed to pay the fine of around $27.4 million for purposely limiting the performance of older iPhones and not alerting the users about it.

There was quite a hullabaloo outside of France as well regarding the same issue including lawsuits that got Apple to publicly apologize and offer free battery exchanges for affected devices.

As per sources, an Italian agency too had fined Apple and Samsung for not conspicuously informing the users on how to replace batteries.

But, $27.4 is next to nothing for a gigantic tech name like Apple. It would, with no apparent trouble, stock back the amount of money in just 2roper to 3 hours!

Read more »
France
Altran Tech Cyber Attacks DNS Hijacking France

Altran Technologies, France; Smacked By A Cyber-Attack!




Reportedly, the France based Altran Technologies fell prey to a cyber-attack which attempted to smack down its operations in some of the European nations.



Last Thursday, a cyber-attack took the French engineering consultancy, Altran Technologies by storm.



This led to the organization’s closing down its It network and applications.



The firm instantly started working on a resurgence plan, making sure that it didn’t undergo much damage.



A large scale “Domain Name System” hijacking campaign is already being investigated and is subject to a lot of questioning.



This campaign is said to have wreaked havoc among a lot of government as well as commercial organizations, all across the world, cited the Britain’s National Cyber Security Center.

Read more »
WhatsApp
CNIL consent EU Facebook France internet privacy WhatsApp

France’s data protection authority CNIL gives a sharp warning to WhatsApp ;issues a formal notice

Facebook, when it acquired WhatsApp back in early 2014 said that it won't have the capacity to link the WhatsApp users to their Facebook accounts. In any case, things being what they are, turns out it wasn't so difficult after all. A year ago, the organization changed the WhatsApp terms of services to do just that: link the WhatsApp and Facebook profiles belonging to the same user.

Facebook had allowed many of its users to opt out, yet that wasn't sufficient for the regulators. Germany had even requested Facebook to quit gathering WhatsApp data last September, a similar thing happened in the UK several months later and now fast forward to December 2017; there be yet another European nation issuing similar order.

Facebook's messaging service WhatsApp was given a one-month final proposal by one of Europe's strictest privacy watchdogs, which requested it to quit offering user data to its parent without getting the necessary assent. France's information insurance specialist also known as the data protection authority, CNIL gave quite a cautioning to WhatsApp by issuing a formal notice, scrutinizing it for "inadequate and insufficient" participation and cooperation.

The decision comes a year later after the European Union privacy authorities (security specialists) said that they had "genuine concerns" about the sharing of WhatsApp user data for purposes that were excluded in the terms of conditions and the privacy policy when people had signed up to the service.
However, even after the EU slapped Facebook with a €110 million fine over unlawful WhatsApp information sharing, France says that it has still not collaborated with information security expert CNIL, and could confront another sanction if it doesn't start thinking responsibly inside 30 days. The social network is as yet exchanging Whatsapp information for "business intelligence," it claims, and the only possible way that clients can quit is by uninstalling the application.

It was a French regulator, who saw that WhatsApp was sharing user information like phone numbers to Facebook for "business insight" reasons. When it over and over made a request to take a look at the information being shared, Facebook said that it is put away in the US, and "it considers that it is only subject to the legislation of the country," as per the CNIL. The regulator countered that whenever information is assembled in France, it naturally turns into the authority in charge.

The information exchanges from WhatsApp to Facebook occur to some extent without the users' assent, nor the legitimate interest of WhatsApp, CNIL said.

France says that while the notice was issued to Facebook, it's additionally intended to exhort users that this "gigantic information exchange from WhatsApp to Facebook" was occurring. "The best way to deny the information exchange for 'business insight' purposes is to uninstall the application," it adds. In any case, Facebook guarantees that it will keep on working with the CNIL to ensure that the users comprehend what data it gathers as well as how the data is utilized.

The merging of WhatsApp's data with Facebook was the first step taken by Facebook a year ago towards monetising the stage since the social network's CEO Mark Zuckerberg bought the company for about $22bn in 2014.
Read more »
Subscribe to: Posts (Atom)