Getting you
the compensation you deserve

We’re here for you. Call us on
0800 327 7575

or request an appointment online.

To get started
Fill in your details below

Latest posts

IAB Europe expecting to be found in breach of GDPR

Following reports earlier this year that the UK was set for a data rules shakeup relating to online cookies, it has been revealed that one widely used framework for gathering consent for tracking cookies is set to be found in breach of the EU’s General Data Protection Regulation (GDPR). IAB Europe’s Transparency and Content Framework (TCF) was actually found to be non-compliant with several strands of the GDPR by the Belgian Data Protection Authority (DPA) in October 2020. However, after 12 months of the complaint moving through the DPA's litigation chamber and process, an official decision is now set to be issued. According to an IAB Europe press statement, it expects its entire business, rather than just the TCF, to be found in breach of the GDPR. Pre-emptive move unlikely to prevent penalties but may prolong process While not wholly unprecedented, issuing a pre-emptive statement ahead of a judgment is a somewhat unusual step. Notably, IAB Europe seems to be looking to reassure users of the TCF by saying the issue is “fixable” within six months. However, the body is non-committal as to how. IAB Europe also seeks to imply that the finding itself may not be fixed an absolute, as the Belgian DPA isn't acting on behalf of the EU as a whole. However, if other European DPAs disagree with the Belgian findings and recommended actions, the European Data Protection Board may need to intervene. Such a scenario saw WhatsApp slapped with a fine earlier this year that was significantly larger than the one initially proposed. While IAB Europe’s statement won’t change whatever judgment is handed down, it sets the scene for a prolonged process of disputes and appeals, meaning there likely won’t be a final resolution until at least the end of 2022. However, even that timeline looks like a generous best-case scenario given the glacial pace with which such investigations and appeals have proceeded in recent years. Whatever the outcome, and to whatever degree European DPA’s agree on a course of action, expect IAB Europe to keep this one running for as long as possible. Tracking cookies probably aren’t going to disappear just yet! Complainants yet to see ruling One point of note, and of some concern, is that while IAB Europe appears to have been given a heads up about what they should expect to be in the Belgian DPA ruling, complainants have not. While it is standard practice for parties to get early access to such documentation to prepare press comments and the like, it's somewhat questionable when only selected parties get this. That hasn't stopped complainants from commenting, though. One of them, Johnny Ryan of the Irish Council for Civil Liberties (ICCL), issued a press statement himself, in which he said: "We have won. The online advertising industry and its trade body, 'IAB Europe', have been found to have deprived hundreds of millions of Europeans of their fundamental rights. "IAB Europe designed the misleading 'consent' popups that feature on almost all (80%+) European websites and apps. That system is known as IAB Europe's 'Transparency & Consent Framework' (TCF). These popups purport to give people control over how their data are used by the online advertising industry. But in fact, it does not matter what people click." IAB Europe defiant in light of likely judgment IAB Europe’s case for its defence seems to rely on it saying it didn’t know it was a data controller, “based on guidance from other DPAs up to now." IAB Europe's statement says that this is why it hasn't fulfilled the obligations expected of data controllers and shouldn't be punished for failing to fulfil them. Will ad tracking be banned outright? Judgment being handed down in this case comes as the European Parliament looks increasingly likely to move towards banning behavioural advertising outright. If, after the appeals process is complete, IAB Europe and its TCF are definitively found to breach the GDPR, then it seems inevitable that such legislation will be introduced with haste. What happens next? It remains to be seen what the definitive outcome of this case will be. Should IAB Europe be found in breach of GDPR and fail with any appeals, that will lead to game changing shakeup to the entire online advertising industry, with significant financial penalties likely to be levied against the body, too.

Google now forcing users to use 2FA

Google has started forcing some account holders to use two-factor authentication (2FA). While such a step is a positive one for security, the Android Police website has found that many users appear to be more concerned about the inconvenience such a step could cause them. Presumably they’ve never encountered the inconvenience of having their email accounts hacked or having their details used to commit fraud! Google has also been pretty publicly disclosing plans to auto-enrol users onto 2FA for at least six months, so this development shouldn't come as too much of a surprise. Change won’t actually affect many users Although having a mandatory requirement for 2FA seems like a big step, in real terms, it will likely only affect users who access their Google accounts in specific ways. For example, if you have an Android phone with Google Play or an iPhone or iPad with Google apps installed, these devices are already set up to be the second factor. As such, if you always check your Gmail account via your phone or iPad using the official app, it's unlikely you'll notice any difference. For all other users, 2FA will provide an added layer of security when accessing emails or other Google services using your account via a desktop browser or an unknown device. It's also worth noting that you'll only need to use 2FA the first time you log in from a new device or location. After that, you'll be able to set up "Trust this device" settings to ensure you can log in quickly in future. These protections mean that if your Google account credentials are involved in a data breach, hackers should be unable to access your account. However, this will also be largely dependent on the methods you choose for using 2FA. You will only be auto-enrolled into 2FA if your account has a phone number or another email address associated with it. Choosing a 2FA method to stay secure If your account is able to move to 2FA, Google will take you through the process of setting it up. You’ll initially have two options: Push notifications sent to your smartphoneTemporary one-time passcodes sent to your phone via SMS Opting for push notifications is the most secure method, as you’ll almost always have your phone on you. In contrast, one-time passcodes can be intercepted by stolen or forwarded phone numbers, granting criminals access to your Google account without your knowledge while appearing to be you. What about authenticator apps? You’ll need to set up one of the above methods first before you can connect your Google account to an authenticator app. The same is true if you wish to use USB security keys as your 2FA method. Is there anything else you can do to stay safe? Yes, but it comes at a price. Hardware security keys can be carried around on your person at all times, and when you need to provide 2FA you simply plug them into your computer or connect wirelessly to your device. However, hardware security keys typically cost at least £25 for a basic model, but that could be a small price to pay for the peace of mind that comes with robust security!

Vulnerability in Apple tvOS potentially exploited by cybercriminals – users told to update software immediately

Apple recently disclosed that it had identified 18 software vulnerabilities in its’ tvOS. Among the disclosure were five vulnerabilities classed as high risk. Apple also admitted that it believed one of the vulnerabilities has potentially been exploited by cybercriminals. Another blow to Apple’s reputation This latest security disclosure strikes another blow to Apple’s reputation. Once seen as the gold standard in security, Apple has recently found itself increasingly dealing with security vulnerabilities across operating systems, software, and different devices. If you’re an iPhone user and have noticed the frequency of software updates increasing, the growing number of security vulnerabilities being identified is why. Turning back to Apple tvOS, at the time of writing, a reported 166 vulnerabilities had been identified within this operating system alone so far in 2021. What is Apple TV? It’s basically Apple’s means of competing in the colossal global streaming market. Whereas you can access Netflix or Amazon Prime Video via an app on your smart TV, you need a set-top box to get Apple TV. As of late 2021, Apple TV has around 30 million global users. A significant number that gives Apple around 6% market share of the worldwide streaming market, but way behind Netflix and Amazon Prime, both of which boast over 200 million subscribers. What are the main vulnerabilities that have been identified? The vulnerability that Apple believes may have been exploited by cybercriminals relates to a flaw leading to memory corruption within the tvOS. It allows malicious applications to escalate user privileges within Apple tvOS, which could, in turn, allow a remote attacker to compromise the system and execute code to carry out a ransomware attack or steal data. The affected versions of Apple tvOS are: 14.0 18J38614.0.1 18J40014.0.2 18J41114.114.2 18K5714.3 18K56114.4 18K80214.5 18L20414.6 18L56914.7 18M6015.0 19J346 What should Apple TV users do next? Apple has released a security patch that deals with all 18 identified vulnerabilities within tvOS 15.1. If you’re an Apple TV user, ensure your set-top box is updated to this version. To ensure safety in the future, you should also turn on the automatic updates feature if you haven’t already done so. If such a vulnerability leads to a data breach, you could be entitled to compensation Did you know that if your data and privacy are compromised due to a device, software, or operating system vulnerability, you could be entitled to compensation? You don't need to have been a victim of financial fraud or identity theft to have grounds for a claim; the fact your privacy has been compromised is enough. If your privacy has been compromised due to a security flaw in a tech product you use, contact us now for a free, no-obligation assessment of your potential claim.