A number of encrypted messaging services have signed an open letter calling on the UK Government to reconsider various aspects of the Online Safety Bill (OSB) pending its final reading in the House of Lords, over concerns that the bill could threaten end-to-end encryption.

End-to-end encryption currently delivers a strong level of security for electronic messages, meaning that messages can only be read on the apps of the sender and intended recipient.  Continue Reading Messaging Apps Call for Re-evaluation of the Online Safety Bill

Security may not be the first word that comes to mind when thinking about GDPR and UK GDPR compliance, but recent matters indicate it should certainly be near the top of any compliance checklist.

Security of personal data is fundamental to every organization, and its significance scales depending on the type of data processing that takes place. Of the penalties issued for data protection infractions across the EU and UK in 2022 so far, over 70 include security, which is almost 20% of the total fines issued. Specifically, these fines were issued due to a breach of Article 32 of the GDPR/UK GDPR: failing to have appropriate technical and organizational measures in place to protect personal data. A breach of Article 32 of the GDPR or UK GDPR technically only attracts the “standard maximum” fine of €10/£8.7 million or 2% of global annual turnover, however the offence is often coupled with other transgressions, which has led to fines over €20 million.Continue Reading Data Protection: The Increasing GDPR/ UK GDPR Focus on Security

On December 15, 2021, Australia and the United States signed an agreement that will make it more efficient for law enforcement agencies in both countries to obtain data about criminal suspects, but it leaves technology companies with concerning questions. The new agreement was forged under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, a 2018 statute that enables law enforcement to more easily secure important electronic information about suspected crimes—including terrorism, violent crimes, sexual exploitation of children, and cybercrimes like ransomware or attacks on critical infrastructure—from global technology companies based in the United States. Although the agreement was designed to facilitate law enforcement investigations, it leaves unanswered the encryption privacy questions that have beset preceding agreements.
Continue Reading United States-Australia CLOUD Act Agreement Leaves Encryption Uncertainties