Cyberattacks and data breaches grabbed headlines throughout 2021 as the year witnessed many targeted attacks on major companies and government organizations across the world. 2021 also saw an accelerated number of federal and state-level data privacy laws being passed globally, while regulators have issued more and heftier fines across sectors.
With the year coming to an end, it will be interesting to watch how the next year plays out for data privacy. We will be back with the top stories of 2022 next month!
Log4j vulnerability has panicked the internet
A critical security vulnerability in open-source, Java-based software known as “Log4j” was publicly disclosed by the Apache Foundation this month. Log4j is a widely used software code used by tech giants like Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, popular games like Minecraft and a wide range of software development, security tools. Experts have called it one of the most grievous computer vulnerabilities to date, as the security flaw caused widespread concern across every industry. The Chinese tech giant Alibaba discovered and notified about the vulnerability on November 24, as per Apache Foundation. Read story.
Ransomware attacks dominated 2021
In 2021, ransomware attacks aggressively targeted critical infrastructure entities of the government including health care facilities and schools. The notable ransomware incidents include attacks on Colonial Pipeline, the biggest US fuel pipeline, JBS Foods, the world’s biggest meat processing company, German chemical distributor Brenntag and CNA Financial, one of the largest insurers in the US. Suspected ransomware payments reported by banks and other financial institutions totalled $590 million in the first six months of 2021, as per the US Department of the Treasury. Read story.
Grindr fined €6.5 million for GDPR violation
UAE has a new data protection law
The UAE has issued new legislation to regulate the collection and processing of personal data in the country. The new Data Protection Law (DPL) will be the first comprehensive federal data privacy law in the country. The law intends to protect “any data related to a specific natural person or related to a natural person that can be identified directly or indirectly by linking the data”. Similar to the GDPR, the DPL will have an extra-territorial effect, applying to businesses that do not have a presence in the UAE but which process the data of its residents. The Data Protection Law will come into force on 2 January 2022, while organizations have a 6-month period for compliance. Read story.
Russia fines Google & Meta over illegal content breach
A Russian court has fined Google nearly $98 million and Facebook’s parent company Meta $27 million over their failure to remove content that is illegal in the country. Google and Meta have been accused of distributing content that promotes extremist ideology, promotion of drugs, among other things. Russian state communications watchdog Roskomnadzor noted that Google has failed to delete 2600 such items, while Facebook and Instagram failed to remove 2,000 items despite the Russian courts’ requests. Russia has imposed similar but smaller fines on Big Tech companies throughout this year including on Google, Facebook and Twitter. Read story.
Apple releases iOS 15.2 with new privacy features
Apple recently integrated a new iPhone update, iOS15.2 with new privacy and security features. The update includes:
- The Digital Legacy program will let users designate legacy contacts who will get access to your data when you die.
- The App Privacy Report will allow users to check the apps that have accessed iPhone permissions such as your camera, location or microphone.
- Communication Safety settings will give parents the ability to enable warnings for children when they receive or send sensitive messages.
To download the latest update, go to Settings > General > Software Update and select Download and Install. Read story.
Healthcare data breaches soared in 2021
2021 saw many aggressive data breaches and attacks targeting health care facilities. The biggest breaches, each impacted over 1 million patients and more than 22.64 million patients overall, as per SC Magazine. The hacking of the Accellion File Transfer Application reported in early 2021 was the biggest healthcare data breach this year. The healthcare sector saw the largest number of victims with at least 11 healthcare entities being affected. The breach impacted over 100 clients of Accellion, across sectors including the Reserve Bank of New Zealand and the State of Washington. Read story.
WhatsApp adds new privacy features
WhatsApp is rolling out a new privacy measure that hides the “last seen” status to unknown contacts by default. People you don’t know or haven’t chatted with in the app will not be able to see your online activity. Before, this feature could be set manually, but now it is set by default which means that third-party apps will not be able to monitor your status. The Meta-owned messaging service has also released another privacy-focused feature in December. WhatsApp added an update to its disappearing messages feature, which will now allow users to set their messages to disappear by default after 24 hours or 90 days. Read story.
EU Parliament is set to pass Digital Markets Act
On December 15, 2021, the European Parliament adopted its position on the proposal for a Digital Markets Act (DMA). The text of the DMA was approved by Parliament with 642 votes in favour, 8 against and 46 abstentions. The DMA sets out to set regulatory obligations on large “gatekeeper” platforms to keep digital markets ‘open and contestable’ and preserve effective competition. This landmark legislation will give EU powers to put strict provisions in place against tech giants and impose a list of Do’s and Don’ts. The negotiations with the Members of the European Parliament is set to begin in the first half of 2022 and will be presided over by France. Read Story.
Facebook could be sued by consumer groups
Facebook could be sued by consumer groups for privacy violations, an adviser to Europe’s top court noted, in a German online gaming case that could make it easier for people to defend their rights against tech giants in future. “Member states may allow consumer protection associations to bring representative actions against infringements of the protection of personal data,” according to Richard de la Tour, advocate general at the Luxembourg-based Court of Justice of the European Union (CJEU). The current lawsuit was filed by the Federation of German Consumer Organizations alleging that Facebook had shared users’ data with online games publishers that were available on Facebook. Read story.