At a glance.
- Sensitive data found on police-auctioned cellphones.
- ICCL says Irish DPC too soft on GDPR violators.
Sensitive data found on police-auctioned cellphones.
What happens to the smartphones seized during US police investigations? They’re often re-sold online at auction houses like PropertyRoom.com, and a recent study revealed that many of the devices are not being wiped of their data before sale. Of the 228 smartphones purchased by researchers at the University of Maryland last year, forty-nine required no PIN or passcode to be unlocked, and of those, eleven used passcodes that were easily guessed. What’s worse, the unlocked phones contained data pertaining to crimes, including info on victims. Among the private data were photographs of government-issued IDs, correspondence with sex work clients, screenshots of stolen credit cards, and instructions on running identity theft operations. One even had the PIN written on a sticky note on the back, apparently added by authorities after using Graykey software to unlock the phone. As KrebsOnSecuirty explains, if these devices fall into the wrong hands, the data the researchers discovered could easily be used to re-victimize the criminals’ targets. The researchers contacted PropertyRoom about their findings, and the platform responded that they would take the study results into consideration. Dave Levin, an assistant professor of computer science at University of Maryland, says the sale of seized devices on the site has slowed considerably, and most (though not all) of the devices are now being appropriately wiped of the previous owners’ data.
ICCL says Irish DPC too soft on GDPR violators.
A new report from the Irish Council for Civil Liberties (ICCL) has found that approximately 75% of decisions made by Ireland’s Data Protection Commissioner (DPC) have been overruled by the European Data Protection Board in order to impart tougher penalties. As well, nearly two-thirds of the measures imposed against big tech for violations of the General Data Protection Regulation (GDPR) were classed as only reprimands. With the majority of tech heavyweights like Google, Meta, and Apple headquartered in Ireland, the DPC is the leading data watchdog for handling privacy complaints about big tech companies in the EU. In fact, a whopping 87% of cross-border GDPR complaints to the DPC concern just eight firms: Meta, Google, Airbnb, Yahoo!, Twitter, Microsoft, Apple, and Tinder, and the ICCL’s findings indicate that it’s being too soft on these offenders. ICCL senior fellow Dr Johnny Ryan stated, “Five years on, the data now show a stark failure to enforce the GDPR – particularly against Big Tech. That failure exposes everyone to serious digital hazards: discrimination, manipulation, information distortion, and invasive AI. We urge the European Commissioner for Justice, Didier Reynders, to finally take action.” The Irish Times adds that since last summer, the DPC has been conducting a review of its processes and staffing; the ICCL hopes its findings will be taken into consideration.