At a glance.
- Pegasus used to spy on Mexico's undersecretary for human rights.
- Happy birthday, GDPR!
- A primer on the CCPA.
- The novel use of commercial spyware in the Nagorno-Karabakh war.
Pegasus used to spy on Mexico’s undersecretary for human rights.
During its investigation into Pegasus spyware last year, digital research center Citizen Lab confirmed that the surveillance software had been used by the Mexican government to hack the phones of members of the opposition party, journalists, and human rights activists. Now, the Washington Post reports, the spyware has been discovered on the phone of the undersecretary for human rights in Mexico’s Government Ministry Alejandro Encinas, as well as two of his staffers. At a press conference this week, President Andrés Manuel López Obrador acknowledged the hack but said he doesn’t believe the Mexican government was responsible. It’s worth noting that Encinas has been one of López Obrador’s right-hand men throughout his career, and the president enlisted Encinas to investigate a number of high-profile scandals in recent years. Kate Doyle, a senior analyst at the National Security Archive, stated, “This seems like the most dangerous chapter of the Pegasus story in Mexico. If the Mexican military is spying on one of the president’s top aides without his knowledge, then the Mexican military is operating outside of civilian control.”
Happy birthday, GDPR!
The EU’s General Data Protection Regulation (GDPR) turns five-years-old this week, and European officials are using the anniversary as an opportunity to honor the landmark legislation. DataGuidance reports that the European Commission, as part of its 2023 Work Programme, will be introducing legislation aimed at supporting cooperation between data protection authorities in order to better enforce the GDPR. Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice released a joint statement noting that the GDPR has given EU citizens increased confidence that their data is secure. “At the heart of the GDPR lies trust,” the statement reads. “Trust for citizens that their personal data are safe. Trust for businesses in the competitive advantage that our regulatory framework provides. Looking back, we have successfully created a modern data protection culture in Europe, which has been a source of inspiration also in other parts of the world.”
Reynders and Jourová also spoke at an event earlier this week titled “5th Anniversary of the GDPR: Still a benchmark in the EU digital landscape?” Hosted by the European Data Protection Supervisor, along with the German Federal Commissioner for Data Protection and Freedom of Information and the Bavarian Data Protection Commissioner, the gathering focused on the impact the GDPR has made thus far, as well as the new challenges that have surfaced five years in.
Also to commemorate the milestone, international law and tax firm Loyens & Loeff announced it’s working with IBJ-IJE (Instituut voor bedrijfsjuristen - Institut des juristes d'entreprise) to host an event in June: “GDPR: 5 years later - A data protection revolution in progress.” In two panels, speakers will highlight the most important developments since the legislation’s inception in 2018, and how to improve compliance going forward.
A primer on the CCPA.
The California Consumer Privacy Act, the US state of California’s privacy rights and consumer protection law, was also passed in 2018, and Fisher Phillips offers answers to some of the most frequently asked questions about the statute. Highlights include a comprehensive list of the various entities that qualify as “consumers” under the law, as well as the characteristics that determine whether a business is subject to the CCPA. It also addresses the amendments implemented by the passage of the California Privacy Rights Act of 2020 (CPRA), and the consequences of non-compliance.
The novel use of commercial spyware in the Nagorno-Karabakh war.
Some researchers believe that Azerbaijan used commercial spyware developed by NSO group to “target a government worker, journalists, activists, and the human rights ombudsperson in Armenia.” TechCrunch asserts that these instances may be the first public use of commercial spyware to be used in the context of war. Pegasus, the spyware in alleged to be used, has been at the receiving end of controversy as many human rights activists question the ethics of selling such a tool which they assert is being used to spy on journalists and political activists. As Access Now explained in a press release, “Providing Pegasus spyware to either of the sides in the context of a violent conflict carries a substantial risk of potentially contributing to and facilitating serious human rights violations and even war crimes,.” The victims of this hack were alerted to the breach when Apple informed them that their devices might have been targeted by government spyware. Azerbaijan has not yet been confirmed as the perpetrator of this use of spyware, but “a coalition of media sources” point to the country being listed as one of NSO’s customers as evidence to the affirmative. Neither Azerbaijan's US embassy, nor NSO have commented on such allegations at this time.