CySecurity News - Latest Information Security and Hacking Incidents: EU

Cyble vulnerabilities Digital Privacy enhanced user privacy EU European Union Privacy Privacy Regulations

EU’s Child Sexual Abuse Regulation Risks Undermining Encryption and Global Digital Privacy

The European Union’s proposed Child Sexual Abuse Regulation (CSAR)—often referred to as Chat Control—is being criticized for creating an illusion of safety while threatening the very foundation of digital privacy. Experts warn that by weakening end-to-end encryption, the proposal risks exposing users worldwide to surveillance, exploitation, and cyberattacks.

Encryption, which scrambles data to prevent unauthorized access, is fundamental to digital trust. It secures personal communications, financial data, and medical records, forming a critical safeguard for individuals and institutions alike. Yet, several democratic governments, including those within the EU, have begun questioning its use, framing strong encryption as an obstacle to law enforcement. This false dichotomy—between privacy and public safety—has led to proposals that inadvertently endanger both.

At the center of the EU’s approach is client-side scanning, a technology that scans messages on users’ devices before encryption. Critics compare it to having someone read over your shoulder as you type a private letter. While intended to detect child sexual abuse material (CSAM), the system effectively eliminates confidentiality. Moreover, it can be easily circumvented—offenders can hide files by zipping, renaming, or converting them to other formats, undermining the entire purpose of the regulation.

Beyond its inefficiency, client-side scanning opens the door to mass surveillance. Once such systems exist, experts fear they could be repurposed to monitor political dissent, activism, or journalism. By introducing backdoors—intentional weaknesses that allow access to encrypted data—governments risk repeating mistakes like those seen in the Salt Typhoon case, where a Chinese state-sponsored group exploited backdoors originally built for U.S. agencies.

The consequences of weakened encryption are vast. Journalists would struggle to protect sources, lawyers could no longer guarantee client confidentiality, and businesses risk exposure of trade secrets. Even governments rely on encryption to protect national security. For individuals—especially victims of domestic abuse or marginalized groups—encrypted communication can literally be a matter of life and death.

Ironically, encryption also protects children. Research from the UK’s Information Commissioner’s Office found that encrypted environments make it harder for predators to access private data for grooming. Weakening encryption, therefore, could expose children to greater harm rather than prevent it.

Public opposition to similar policies has already shifted outcomes elsewhere. In Australia, controversial encryption laws passed in 2018 have yet to be enforced due to political backlash. In the UK, public resistance to the Online Safety Act led major tech companies to threaten withdrawal rather than compromise encryption.

Within the EU, member states remain divided. Poland, Finland, the Netherlands, and the Czech Republic have opposed the CSAR for privacy and security reasons, while France, Denmark, and Hungary support it as a necessary tool against abuse. Whatever the outcome, the effects will extend globally—forcing tech companies to either weaken encryption standards or risk losing access to the European market.

As the world marks Global Encryption Day, the debate surrounding CSAR highlights a broader truth: safeguarding the internet means preserving both safety and privacy. Rather than imposing blanket surveillance, policymakers should focus on targeted investigations, rapid CSAM takedown measures, and support for victims.

Encryption remains the cornerstone of a secure, trustworthy, and free internet. If the EU truly aims to protect children and its citizens, it must ensure that this foundation remains unbroken—because once privacy is compromised, safety soon follows.

Danish Developer’s Website Sparks EU Debate on Online Privacy and Child Protection



 

surveillance

CSAM Denmark EU Privacy Regulation Software surveillance

Danish Developer’s Website Sparks EU Debate on Online Privacy and Child Protection

In August, a 30-year-old developer from Aalborg, identified only as Joachim, built a platform called Fight Chat Control to oppose a proposed European Union regulation aimed at tackling the spread of child sexual abuse material (CSAM) online. The EU bill seeks to give law enforcement agencies new tools to identify and remove illegal content, but critics argue it would compromise encrypted communication and pave the way for mass surveillance.

Joachim’s website allows visitors to automatically generate and send emails to European officials expressing concerns about the proposal. What began as a weekend project has now evolved into a continent-wide campaign, with members of the European Parliament and national representatives receiving hundreds of emails daily. Some offices in Brussels have even reported difficulties managing the flood of messages, which has disrupted regular communication with advocacy groups and policymakers.

The campaign’s influence has extended beyond Brussels. In Denmark, a petition supported by Fight Chat Control gained more than 50,000 signatures, qualifying it for parliamentary discussion. Similar debates have surfaced across Europe, with lawmakers in countries such as Ireland and Poland referencing the controversy in national assemblies. Joachim said his website has drawn over 2.5 million visitors, though he declined to disclose his full name or employer to avoid associating his workplace with the initiative.

While privacy advocates applaud the campaign for sparking public awareness, others believe the mass email tactic undermines productive dialogue. Some lawmakers described the influx of identical messages as “one-sided communication,” limiting space for constructive debate. Child rights organisations, including Eurochild, have also voiced frustration, saying their outreach to officials has been drowned out by the surge of citizen emails.

Meanwhile, the European Union continues to deliberate the CSAM regulation. The European Commission first proposed the law in 2022, arguing that stronger detection measures are vital as online privacy technologies expand and artificial intelligence generates increasingly realistic harmful content. Denmark, which currently holds the rotating presidency of the EU Council, has introduced a revised version of the bill and hopes to secure support at an upcoming ministerial meeting in Luxembourg.

Danish Justice Minister Peter Hummelgaard maintains that the new draft is more balanced than the initial proposal, stating that content scanning would only be used as a last resort. However, several EU member states remain cautious, citing privacy concerns and the potential misuse of surveillance powers.

As European nations prepare to vote, the controversy continues to reflect a broader struggle: finding a balance between protecting children from online exploitation and safeguarding citizens’ right to digital privacy.

EU's Chat Control Bill faces backlashes, will access encrypted chats



 

Chats Encryption EU Privacy Social Media WhatsApp

EU's Chat Control Bill faces backlashes, will access encrypted chats

The EU recently proposed a child sexual abuse (CSAM) scanning bill that is facing backlashes from the opposition. The controversial bill is amid controversy just a few days before the important meeting.

On 12 September, the EU Council will share its final assessment of the Danish version of what is known as “Chat Control.” The proposal has faced strong backlash, as it aims to introduce new mandates for all messaging apps based in Europe to scan users’ chats, including encrypted ones.

Who is opposing?

Belgium and the Czech Republic are now opposing the proposed law, with the former calling it "a monster that invades your privacy and cannot be tamed." The other countries that have opposed the bill so far include Poland, Austria, and the Netherlands.

Who is supporting?

But the list of supporters is longer, including important member states: Ireland, Cyprus, Spain, Sweden, France, Lithuania, Italy, and Ireland.

Germany may consider abstaining from voting. This weakens the Danish mandate.

Impact on encrypted communications in the EU

Initially proposed in 2022, the Chat Control Proposal is now close to becoming an act. The vote will take place on 14 October 2025. Currently, the majority of member states are in support. If successful, it will mean that the EU can scan chats of users by October 2025, even the encrypted ones.

The debate is around encryption provisions- apps like Signal, WhatsApp, ProtonMail, etc., use encryption to maintain user privacy and prevent chats from unauthorized access.

Who will be affected?

If the proposed bill is passed, the files and things you share through these apps can be scanned to check for any CSAM materials. However, military and government accounts are exempt from scanning. This can damage user privacy and data security.

Although the proposal ensures that encryption will be “protected fully,” which promotes cybersecurity, tech experts and digital rights activists have warned that scanning can’t be done without compromising encryption. This can also expose users to cyberattacks by threat actors.

Legal Battle Over Meta’s AI Training Likely to Reach Europe’s Top Court



 

Privacy

Data protection EU GDPR hamburg LLM Meta AI Privacy

Legal Battle Over Meta’s AI Training Likely to Reach Europe’s Top Court

The ongoing debate around Meta’s use of European data to train its artificial intelligence (AI) systems is far from over. While Meta has started training its large language models (LLMs) using public content from Facebook and Instagram, privacy regulators in Europe are still questioning whether this is lawful and the issue may soon reach the European Court of Justice (ECJ).

Meta began training its AI using public posts made by users in the EU shortly after getting the go-ahead from several privacy watchdogs. This approval came just before Meta launched AI-integrated products, including its smart glasses, which rely heavily on understanding cultural and regional context from online data.

However, some regulators and consumer groups are not convinced the approval was justified. A German consumer organization had attempted to block the training through an emergency court appeal. Although the request was denied, that was only a temporary decision. The core legal challenges, including one led by Hamburg’s data protection office, are still expected to proceed in court.

Hamburg’s commissioner, who initially supported blocking the training, later withdrew a separate emergency measure under Europe’s data protection law. He stated that while the training has been allowed to continue for now, it’s highly likely that the final ruling will come from the EU’s highest court.

The controversy centers on whether Meta has a strong enough legal reason, known as "legitimate interest" to use personal data for AI training. Meta’s argument was accepted by Irish regulators, who oversee Meta’s EU operations, on the condition that strict privacy safeguards are in place.

What Does ‘Legitimate Interest’ Mean Under GDPR?

Under the General Data Protection Regulation (GDPR), companies must have a valid reason to collect and use personal data. One of the six legal bases allowed is called “legitimate interest.”

This means a company can process someone’s data if it’s necessary for a real business purpose, as long as it does not override the privacy rights of the individual.

In the case of AI model training, companies like Meta claim that building better products and improving AI performance qualifies as a legitimate interest. However, this is debated, especially when public data includes posts with personal opinions, cultural expressions, or identity-related content.

Data protection regulators must carefully balance:

1. The company’s business goals

2. The individual’s right to privacy

3. The potential long-term risks of using personal data for AI systems

Some experts argue that this sets a broader precedent. If Meta can train its AI using public data under the concept of legitimate interest, other companies may follow. This has raised hopes among many European AI firms that have felt held back by unclear or strict regulations.

Industry leaders say that regulatory uncertainty, specifically surrounding Europe’s General Data Protection Regulation (GDPR) and the upcoming AI Act has been one of the biggest barriers to innovation in the region. Others believe the current developments signal a shift toward supporting responsible AI development while protecting users’ rights.

Despite approval from regulators and support from industry voices, legal clarity is still missing. Many legal experts and companies agree that only a definitive ruling from the European Court of Justice can settle whether using personal data for AI training in this way is truly lawful.

WhatsApp Ads Delayed in EU as Meta Faces Privacy Concerns



 

Privacy

Ads Data Privacy data security DPC EU European Cyber Security European Union Legal Action Against Meta Meta Chatbots Meta Data personalized ads Privacy

WhatsApp Ads Delayed in EU as Meta Faces Privacy Concerns

Meta recently introduced in-app advertisements within WhatsApp for users across the globe, marking the first time ads have appeared on the messaging platform. However, this change won’t affect users in the European Union just yet. According to the Irish Data Protection Commission (DPC), WhatsApp has informed them that ads will not be launched in the EU until sometime in 2026.

Previously, Meta had stated that the feature would gradually roll out over several months but did not provide a specific timeline for European users. The newly introduced ads appear within the “Updates” tab on WhatsApp, specifically inside Status posts and the Channels section. Meta has stated that the ad system is designed with privacy in mind, using minimal personal data such as location, language settings, and engagement with content. If a user has linked their WhatsApp with the Meta Accounts Center, their ad preferences across Instagram and Facebook will also inform what ads they see.

Despite these assurances, the integration of data across platforms has raised red flags among privacy advocates and European regulators. As a result, the DPC plans to review the advertising model thoroughly, working in coordination with other EU privacy authorities before approving a regional release. Des Hogan, Ireland’s Data Protection Commissioner, confirmed that Meta has officially postponed the EU launch and that discussions with the company will continue to assess the new ad approach.

Dale Sunderland, another commissioner at the DPC, emphasized that the process remains in its early stages and it’s too soon to identify any potential regulatory violations. The commission intends to follow its usual review protocol, which applies to all new features introduced by Meta. This strategic move by Meta comes while the company is involved in a high-profile antitrust case in the United States. The lawsuit seeks to challenge Meta’s ownership of WhatsApp and Instagram and could potentially lead to a forced breakup of the company’s assets.

Meta’s decision to push forward with deeper cross-platform ad integration may indicate confidence in its legal position. The tech giant continues to argue that its advertising tools are essential for small business growth and that any restrictions on its ad operations could negatively impact entrepreneurs who rely on Meta’s platforms for customer outreach. However, critics claim this level of integration is precisely why Meta should face stricter regulatory oversight—or even be broken up.

As the U.S. court prepares to issue a ruling, the EU delay illustrates how Meta is navigating regulatory pressures differently across markets. After initial reporting, WhatsApp clarified that the 2025 rollout in the EU was never confirmed, and the current plan reflects ongoing conversations with European regulators.

EU Sanctions Actors Involved in Russian Hybrid Warfare



 

Ukraine

Cyber Attacks EU Fake news Information War propaganda Russia Ukraine

EU Sanctions Actors Involved in Russian Hybrid Warfare

EU takes action against Russian propaganda

The European Union (EU) announced sweeping new sanctions against 21 individuals and 6 entities involved in Russia’s destabilizing activities abroad, marking a significant escalation in the bloc’s response to hybrid warfare threats.

European Union announced huge sanctions against 6 entities and 21 individuals linked to Russia’s destabilizing activities overseas, highlighting the EU’s efforts to address hybrid warfare threats.

The Council’s decision widens the scope of regulations to include tangible assets and brings new powers to block Russian media broadcasting licenses, showcasing the EU’s commitment to counter Moscow’s invading campaigns. The new approach now allows taking action against actors targeting vessels, real estate, aircraft, and physical components of digital networks and communications.

Financial organizations and firms giving crypto-asset services that allow Russian disruption operations also fall under the new framework.

The new step addresses systematic Russian media control and manipulation, the EU is taking authority to cancel the broadcasting licenses of Russian media houses run by the Kremlin and block their content distribution within EU countries.

Experts describe this Russian tactic as an international campaign of media manipulation and fake news aimed at disrupting neighboring nations and the EU.

Interestingly, the ban aligns with the Charter of Fundamental Rights, allowing select media outlets to do non-broadcasting activities such as interviews and research within the EU.

Propaganda and Tech Companies

The EU has also taken action against StarkIndustries, a web hosting network. The company is said to have assisted various Russian state-sponsored players to do suspicious activities such as information manipulation, interference ops, and cyber attacks against the Union and third-world countries.

The sanctions also affect Viktor Medvedchuk, an ex-Ukranian politician and businessman, who is said to control Ukranian media outlets to distribute pro-Russian propaganda.

Hybrid Threats Framework

The sections are built upon a 2024 framework to address Russian interference actions compromising EU fundamental values, stability, independence, integrity, and stability.

Designated entities and individuals face asset freezes, whereas neutral individuals will face travel bans blocking entry and transit through EU nations. This displays the EU’s commitment to combat hybrid warfare via sustained, proportionate actions.

Polish Space Agency "POLSA" Suffers Breach; System Offline



 

Data Breach EU Internet IT POLSA Space X

Polish Space Agency "POLSA" Suffers Breach; System Offline

Systems offline to control breach

The Polish Space Agency (POLSA) suffered a cyberattack last week, it confirmed on X. The agency didn’t disclose any further information, except that it “immediately disconnected” the agency network after finding that the systems were hacked. The social media post indicates the step was taken to protect data.

US News said “Warsaw has repeatedly accused Moscow of attempting to destabilise Poland because of its role in supplying military aid to its neighbour Ukraine, allegations Russia has dismissed.” POLSA has been offline since to control the breach of its IT infrastructure.

Incident reported to authorities

After discovering the attack, POLSA reported the breach to concerned authorities and started an investigation to measure the impact. Regarding the cybersecurity incident, POLSA said “relevant services and institutions have been informed.”

POLSA didn’t reveal the nature of the security attack and has not attributed the breach to any attacker. "In order to secure data after the hack, the POLSA network was immediately disconnected from the Internet. We will keep you updated."

How did the attack happen?

While no further info has been out since Sunday, internal sources told The Register that the “attack appears to be related to an internal email compromise” and that the staff “are being told to use phones for communication instead.”

POLSA is currently working with the Polish Military Computer Security Incident Response Team (CSIRT MON) and the Polish Computer Security Incident Response Team (CSIRT NASK) to patch affected services.

Who is responsible?

Commenting on the incident, Poland's Minister of Digital Affairs, Krzysztof Gawkowski, said the “systems under attack were secured. CSIRT NASK, together with CSIRT MON, supports POLSA in activities aimed at restoring the operational functioning of the Agency.” On finding the source, he said, “Intensive operational activities are also underway to identify who is behind the cyberattack. We will publish further information on this matter on an ongoing basis.”

About POLSA

A European Space Agency (ESA) member, POLSA was established in September 2014. It aims to support the Polish space industry and strengthen Polish defense capabilities via satellite systems. The agency also helps Polish entrepreneurs get funds from ESA and also works with the EU, other ESA members and countries on different space exploration projects.

Third-Party Data Breaches Expose Cybersecurity Risks in EU's Largest Firms



 

Third-Party Data Breaches Expose Cybersecurity Risks in EU's Largest Firms

A recent report by SecurityScorecard has shed light on the widespread issue of third-party data breaches among the European Union’s top companies. The study, which evaluated the cybersecurity health of the region’s 100 largest firms, revealed that 98% experienced breaches through external vendors over the past year. This alarming figure underscores the vulnerabilities posed by interconnected digital ecosystems.

Industry Disparities in Cybersecurity

While only 18% of the companies reported direct breaches, the prevalence of third-party incidents highlights hidden risks that could disrupt operations across multiple sectors. Security performance varied significantly by industry, with the transport sector standing out for its robust defenses. All companies in this sector received high cybersecurity ratings, reflecting strong proactive measures.

In contrast, the energy sector lagged behind, with 75% of firms scoring poorly, receiving cybersecurity grades of C or lower. Alarmingly, one in four energy companies reported direct breaches, further exposing their susceptibility to cyber threats.

Regional differences also emerged, with Scandinavian, British, and German firms demonstrating stronger cybersecurity postures. Meanwhile, French companies recorded the highest rates of third- and fourth-party breaches, reaching 98% and 100%, respectively.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, stressed the importance of prioritizing third-party risk management. His remarks come as the EU prepares to implement the Digital Operational Resilience Act (DORA), a regulation designed to enhance the cybersecurity infrastructure of financial institutions.

“With regulations like DORA set to reshape cybersecurity standards, European companies must prioritise third-party risk management and leverage rating systems to safeguard their ecosystems,” Sherstobitoff stated in a media briefing.

Strengthening Cybersecurity Resilience

DORA introduces stricter requirements for banks, insurance companies, and investment firms to bolster their resilience against cyberattacks and operational disruptions. As organizations gear up for the rollout of this framework, addressing third-party risks will be crucial for maintaining operational integrity and adhering to evolving cybersecurity standards.

The findings from SecurityScorecard highlight the urgent need for EU businesses to fortify their digital ecosystems and prepare for regulatory demands. By addressing third-party vulnerabilities, organizations can better safeguard their operations and protect against emerging threats.

The Intersection of Travel and Data Privacy: A Growing Concern



 

Protecting online travel accounts

Biometric data Data Privacy data security database EU Personal Data Privacy Privacy Invasion Protecting online travel accounts

The Intersection of Travel and Data Privacy: A Growing Concern

The evolving relationship between travel and data privacy is sparking significant debate among travellers and experts. A recent Spanish regulation requiring hotels and Airbnb hosts to collect personal guest data has particularly drawn criticism, with some privacy-conscious tourists likening it to invasive surveillance. This backlash highlights broader concerns about the expanding use of personal data in travel.

Privacy Concerns Across Europe

This trend is not confined to Spain. Across the European Union, regulations now mandate biometric data collection, such as fingerprints, for non-citizens entering the Schengen zone. Airports and border control points increasingly rely on these measures to streamline security and enhance surveillance. Advocates argue that such systems improve safety and efficiency, with Chris Jones of Statewatch noting their roots in international efforts to combat terrorism, driven by UN resolutions and supported by major global powers like the US, China, and Russia.

Challenges with Biometric and Algorithmic Systems

Despite their intended benefits, systems leveraging Passenger Name Record (PNR) data and biometrics often fall short of expectations. Algorithmic misidentifications can lead to unjust travel delays or outright denials. Biometric systems also face significant logistical and security challenges. While they are designed to reduce processing times at borders, system failures frequently result in delays. Additionally, storing such sensitive data introduces serious risks. For instance, the 2019 Marriott data breach exposed unencrypted passport details of millions of guests, underscoring the vulnerabilities in large-scale data storage.

The EU’s Ambitious Biometric Database

The European Union’s effort to create the world’s largest biometric database has sparked concern among privacy advocates. Such a trove of data is an attractive target for both hackers and intelligence agencies. The increasing use of facial recognition technology at airports—from Abu Dhabi’s Zayed International to London Heathrow—further complicates the privacy landscape. While some travelers appreciate the convenience, others fear the long-term implications of this data being stored and potentially misused.

Global Perspectives on Facial Recognition

Prominent figures like Elon Musk openly support these technologies, envisioning their adoption in American airports. However, critics argue that such measures often prioritize efficiency over individual privacy. In the UK, stricter regulations have limited the use of facial recognition systems at airports. Yet, alternative tracking technologies are gaining momentum, with trials at train stations exploring non-facial data to monitor passengers. This reflects ongoing innovation by technology firms seeking to navigate legal restrictions.

Privacy vs. Security: A Complex Trade-Off

According to Gus Hosein of Privacy International, borders serve as fertile ground for experiments in data-driven travel technologies, often at the expense of individual rights. These developments point to the inevitability of data-centric travel but also emphasize the need for transparent policies and safeguards. Balancing security demands with privacy concerns remains a critical challenge as these technologies evolve.

The Choice for Travelers

For travelers, the trade-off between convenience and the protection of personal information grows increasingly complex with every technological advance. As governments and companies push forward with data-driven solutions, the debate over privacy and transparency will only intensify, shaping the future of travel for years to come.

ENISA’s Biennial Cybersecurity Report Highlights EU Threats and Policy Needs



 

Security Report

Cyber Security Cybersecurity measures cybersecurity research ENISA EU European Commission NIS NIS2 Directive Security Report

ENISA’s Biennial Cybersecurity Report Highlights EU Threats and Policy Needs

The EU Agency for Cybersecurity (ENISA) has released its inaugural biennial report under the NIS 2 Directive, offering an analysis of cybersecurity maturity and capabilities across the EU. Developed in collaboration with all 27 EU Member States and the European Commission, the report provides evidence-based insights into existing vulnerabilities, strengths, and areas requiring improvement. Juhan Lepassaar, ENISA’s Executive Director, emphasized the importance of readiness in addressing increasing cybersecurity threats, technological advancements, and complex geopolitical dynamics. Lepassaar described the report as a collective effort to bolster security and resilience across the EU.

The findings draw on multiple sources, including the EU Cybersecurity Index, the NIS Investment reports, the Foresight 2030 report, and the ENISA Threat Landscape report. A Union-wide risk assessment identified significant cyber threats, with vulnerabilities actively exploited by threat actors. While Member States share common cybersecurity objectives, variations in critical sector sizes and complexities pose challenges to implementing uniform cybersecurity measures. At the individual level, younger generations have shown improvements in cybersecurity awareness, though disparities persist in the availability and maturity of education programs across Member States.

ENISA has outlined four priority areas for policy enhancement: policy implementation, cyber crisis management, supply chain security, and skills development. The report recommends providing increased financial and technical support to EU bodies and national authorities to ensure consistent implementation of the NIS 2 Directive. Revising the EU Blueprint for managing large-scale cyber incidents is also suggested, aiming to align with evolving policies and improve resilience. Tackling the cybersecurity skills gap is a key focus, with plans to establish a unified EU training framework, evaluate future skills needs, and introduce a European attestation scheme for cybersecurity qualifications.

Additionally, the report highlights the need for a coordinated EU-wide risk assessment framework to address supply chain vulnerabilities and improve preparedness in specific sectors. Proposed mechanisms, such as the Cybersecurity Emergency Mechanism under the Cyber Solidarity Act, aim to strengthen collective resilience.

Looking to the future, ENISA anticipates increased policy attention on emerging technologies, including Artificial Intelligence (AI) and Post-Quantum Cryptography. While the EU’s cybersecurity framework provides a solid foundation, evolving threats and expanding roles for authorities present ongoing challenges. To address these, ENISA underscores the importance of enhancing situational awareness and operational cooperation, ensuring the EU remains resilient and competitive in addressing cybersecurity challenges.

Irish Data Protection Commission Halts AI Data Practices at X



 

Twitter

Ai Data AI Models Cyber Security Data protection data security DPC EDPB EU Personal Data Twitter

Irish Data Protection Commission Halts AI Data Practices at X

The Irish Data Protection Commission (DPC) recently took a decisive step against the tech giant X, resulting in the immediate suspension of its use of personal data from European Union (EU) and European Economic Area (EEA) users to train its AI model, “Grok.” This marks a significant victory for data privacy, as it is the first time the DPC has taken such substantial action under its powers granted by the Data Protection Act of 2018.

The DPC initially raised concerns that X’s data practices posed a considerable risk to individuals’ fundamental rights and freedoms. The use of publicly available posts to train the AI model was viewed as an unauthorized collection of sensitive personal data without explicit consent. This intervention highlights the tension between technological innovation and the necessity of safeguarding individual privacy.

Following the DPC’s intervention, X agreed to cease its current data processing activities and commit to adhering to stricter privacy guidelines. Although the company did not acknowledge any wrongdoing, this outcome sends a strong message to other tech firms about the importance of prioritizing data privacy when developing AI technologies. The immediate halt of Grok AI’s training on data from 60 million European users came in response to mounting regulatory pressure across Europe, with at least nine GDPR complaints filed during its short stint from May 7 to August 1.

After the suspension, Dr. Des Hogan, Chairperson of the Irish DPC, emphasized that the regulator would continue working with its EU/EEA peers to ensure compliance with GDPR standards, affirming the DPC’s commitment to safeguarding citizens’ rights. The DPC’s decision has broader implications beyond its immediate impact on X. As AI technology rapidly evolves, questions about data ethics and transparency are increasingly urgent. This decision serves as a prompt for a necessary dialogue on the responsible use of personal data in AI development.

To further address these issues, the DPC has requested an opinion from the European Data Protection Board (EDPB) regarding the legal basis for processing personal data in AI models, the extent of data collection permitted, and the safeguards needed to protect individual rights. This guidance is anticipated to set clearer standards for the responsible use of data in AI technologies. The DPC’s actions represent a significant step in regulating AI development, aiming to ensure that these powerful technologies are deployed ethically and responsibly. By setting a precedent for data privacy in AI, the DPC is helping shape a future where innovation and individual rights coexist harmoniously.

Alarm Bells Ring in Germany Over Chinese Tech Advancements



 

Technology

Chinese Tech CyberCrime Cyberhackers. Cybersecurity CyberThreat EU Germany Cyberbreach Technology

Alarm Bells Ring in Germany Over Chinese Tech Advancements

During the next five years, Germany will phase out components made by Chinese companies Huawei and ZTE from its 5G wireless network. This will likely worsen its already strained ties with the second-largest economy in the world, which may further strain its relations with Germany. According to the German Interior Ministry (BMI), by the end of 2026, components made by Chinese technology companies such as Huawei and ZTE will not be allowed to be used in the construction of the country's next-generation 5G mobile networks made by the German industry.

To comply with this decision, the BMI decided that all existing components must be replaced by the year 2029. Considering 5G networks as a critical infrastructure, the German government maintains that they will have a key role to play in the energy, transportation, health care, and finance sectors in the coming years. A statement made by Huawei has been issued to CNN, stating that there has been no evidence or scenario that explicitly illustrates that its technology poses any security risks.

A statement from the Chinese embassy in Germany said it was committed to taking whatever "necessary measures" to protect the interests of Chinese companies in Germany. According to the ban, Chinese technology companies are increasingly viewed with suspicion due to their alleged too-close ties to the government in Beijing as a result of their proliferation of investments.

Particularly Beijing's desire to turn Huawei and ZTE into world leaders in higher-tech sectors has made Western governments wary of giving them too much influence over their national infrastructures, as it wants to establish them as the hub of the world's high-tech sector. In the meantime, another collaboration between several German and Chinese companies has created a stir in the industry. It has been announced that Luxcara, an independent asset manager based in Hamburg, Germany, has signed a contract with a Chinese company, Ming Yang, to construct wind turbines as part of a project that will be based off the coast of Germany.

Ming Yang said in a statement on July 2 that its decision was based upon an extensive due diligence exercise that covered all aspects of the supply chain, environmental, social and governance compliance aligned with the EU taxonomy, as well as cybersecurity. It was a result of independent expertise provided by reputed international advisors. The German government also considers energy supply a critical infrastructure to generate 80% of the country's electricity by 2035 from renewable sources, which means that they will use less fossil fuels in the process.

There is no doubt that wind power will play a significant role in the future mix of electric power sources in the world. As per official German data, during the first three months of this year, 38.5% of all electricity produced in Germany was generated by wind power, as well as 16.3% from solar energy. Among all the renewable sources of energy, wind power has seen the most significant growth. It has been important to Luxcara, according to Lars Haugwitz, senior consultant at Luxcara to select the most powerful turbines for their project to be a success.

DW reported that only Ming Yang could deliver the unit on time with an 18.5-megawatt capacity by the end of 2028. He added that the decision was based on a thorough review of all the bids that DW had received throughout the international tender. In Europe, Vestas, a Danish offshore wind company, and Siemens Gamesa, a German-Spanish company, have held the majority of offshore wind power installations to date. The Chinese companies are now also considered by another German wind farm operator as a possible supplier for his project.

The German business daily Handelsblatt reports that RWE, the world's biggest energy company, is among those looking for alternatives, noting that there are limited wind turbine supplies in Europe, along with high demand. The German-based utility company recently issued a statement asserting that it currently has no Chinese suppliers within its wind energy portfolio and intends to maintain its collaboration with established European suppliers.

However, a company spokesperson informed Deutsche Welle (DW) that the offshore wind industry must evaluate the offerings of Asian suppliers to determine if they meet the necessary standards in technology, quality, safety, and cost-effectiveness. According to Michael Tenten, managing director of Pure ISM—a company specializing in data security within the renewable energy sector—there are multiple reasons for the technological advancements of Asian companies, primarily economic. Tenten explained to DW that the swift availability of equipment is a significant factor.

However, research conducted by the Kiel Institute for the World Economy (IfW) in Germany revealed that in 2022, over 99% of listed Chinese companies benefited from direct state subsidies. These companies also enjoyed privileged access to critical raw materials, enforced technology transfers in joint ventures, and support in public procurement processes. An example highlighted is China's car manufacturer BYD, which has emerged as the world's leading electric vehicle producer, largely due to substantial subsidies. Dirk Dohse, research director at IfW, recently told Handelsblatt that BYD has also received subsidies for battery production and component manufacturing.

Dohse noted that while European industries often struggle to compete with Chinese pricing, without China's subsidized technology, the products essential for Germany's green transformation would be more expensive and less available. Michael Tenten of Pure ISM added that another source of mistrust towards Chinese suppliers is data security concerns. He pointed out that manufacturers typically operate their own control centres to monitor the wind farms they construct, and unless these centres are located in Germany, there remains a risk of foreign influence on operations. Lars Haugwitz of Luxcara considers this risk to be more theoretical, as there will be "no direct data link" between the German offshore wind park and the Chinese turbine manufacturer.

Haugwitz assured that the control, operation, and maintenance of the turbines would be entirely managed within Germany. China's Ministry of Foreign Affairs issued a statement asserting that Germany’s actions severely damaged mutual trust and could affect future cooperation between China and Europe in related fields. This decision could further strain Germany’s relationship with China, its largest trading partner. Recently, Berlin blocked the sale of a Volkswagen subsidiary to a Chinese state-owned company on national security grounds, eliciting a strong response from Beijing.

Concurrently, China is engaged in a trade dispute with the European Union, which recently increased tariffs on Chinese electric vehicles. A spokesperson for China’s Ministry of Foreign Affairs commented on Thursday that politicizing economic, trade, and technological issues would only disrupt normal technological exchanges. Germany has been deliberating for years on how to handle Huawei components in its 5G network, following the lead of the United States, the United Kingdom, Australia, and Japan, which have effectively banned the company from their 5G infrastructure due to concerns that Beijing could use Chinese tech companies to conduct espionage.

Polish State Media Targeted in Alleged Russian-Backed Cyberattack



 

Russia cyber threats

Cyber Attacks EU Media Media Industry NATO Poland Poland CyberSecurity Russia cyber threats

Polish State Media Targeted in Alleged Russian-Backed Cyberattack

In a concerning development on May 31, the Polish Press Agency (PAP), a state-run media outlet, was targeted in a cyberattack that authorities have attributed to Russian-backed operatives. This incident adds to a growing list of cyber aggression linked to Russian intelligence services, which have previously been accused of targeting Ukraine and various Western nations.

The European Union (EU) and NATO recently condemned Russia's "malicious cyber campaign" against Germany and Czechia earlier in May, highlighting the persistent threat posed by such activities. On the morning of the attack, PAP's website displayed false messages claiming that Polish Prime Minister Donald Tusk had ordered a "partial mobilization" to begin on July 1. The swift identification of this disinformation was crucial. Deputy Prime Minister Krzysztof Gawkowski promptly declared the message as "false" and confirmed that an investigation was underway.

He noted, "Everything points to a cyberattack and planned disinformation!" This immediate response was vital in preventing the spread of the false information. Jacek Dobrzynski, spokesperson for the Polish security service, also indicated that the attack was a "probable Russian cyberattack." Gawkowski elaborated on the intent behind the cyber operation, suggesting that it aimed to spread "disinformation before the upcoming EU parliamentary elections" and to "paralyze society."

The false message was detected within two minutes, and Gawkowski commended the media for accurately labeling it as disinformation, thus preventing further dissemination. Gawkowski's remarks reflect a broader sentiment of heightened vigilance in Poland and across the EU regarding cyber threats. He emphasized that Poland is in a "cold war" with Russia, a stance that underscores the pervasive impact of Russian cyber activities on EU countries.

This sentiment has been echoed by other European leaders who have called for stronger cyber defenses and increased international cooperation to counter such threats. The incident underscores the ongoing cyber conflict between Russia and Western nations, highlighting the need for robust cybersecurity measures. The EU and NATO's condemnation of Russia's cyber activities against Germany and Czechia earlier in May further illustrates the widespread nature of these threats. Poland's response to the cyberattack on PAP demonstrates the importance of rapid identification and response to disinformation campaigns.

Gawkowski assured that Prime Minister Tusk was informed of the incident immediately, showcasing the high level of alertness among Polish authorities. As cyber threats continue to evolve, the international community must remain vigilant and proactive in defending against such attacks. This incident serves as a reminder of the critical importance of cybersecurity in safeguarding national security and public trust.

EU Data Centers to Report Energy and Water Use Under New Rules



 

water supply

Cyber Security Data Center Data Policies Data reports Energy EU European Commission water supply

EU Data Centers to Report Energy and Water Use Under New Rules

The European Union is poised to take a significant step toward regulating energy and water use in data centers. Beginning in September, all organizations operating data centers within EU nations will be required to file detailed reports on their water and energy consumption. Additionally, these organizations must outline the measures they are taking to reduce their environmental footprint.

Data centers have been specifically targeted because they account for an estimated 2% to 3% of the total energy consumption in the EU. The increasing demand for data processing power, driven largely by the rise of AI technologies, is a major factor behind this significant energy use. Ermengarde Jabir, a senior economist at Moody’s, highlights the immense power requirements of data center hubs within the EU.

For instance, data centers in Amsterdam demand approximately 950 megawatts of energy capacity, while those in Dublin require over 700 megawatts. Similarly, data centers in Paris and Frankfurt have comparable energy needs to Dublin. To put this in perspective, 1 megawatt of power is sufficient to power between 750 to 1,000 homes for an entire year. Notably, the world’s largest data center hub, located in northern Virginia, has a staggering capacity of 4,500 megawatts.

The EU's new reporting rules, along with any subsequent regulations aimed at reducing energy consumption, currently apply only to data centers within EU member states. However, EU environmental regulations often serve as a model for other regions, with the notable exception of North America, according to Cándido García Molyneux, an environmental lawyer based in Brussels with the law firm Covington & Burling. “When the EU adopts these reporting requirements, it is very likely that many other countries will follow suit,” Molyneux explains. He also notes that nations aspiring to join the EU or engage in trade with the EU may need to comply with these energy regulations.

Moreover, the EU has already implemented government procurement regulations focused on energy efficiency. Companies providing cloud or web-based services to EU residents and businesses from data centers outside the EU might also face future energy use regulations. The EU’s drive to reduce energy consumption is motivated by several factors, including the desire to phase out fossil fuels and decrease dependence on foreign energy sources, according to Moody’s Jabir.

Although efforts to reduce energy consumption began before the conflict in Ukraine, the war has intensified the EU's resolve to cut imports of Russian oil, gas, and coal. The introduction of energy and water use reporting rules marks an early step toward broader regulation. While some energy experts believe most data center operators are prepared to comply, Molyneux anticipates challenges for certain operators. Smaller data center operators might not be aware of the new rules, and others could struggle to gather the required information in time.

In summary, the EU’s new reporting requirements for data centers represent a crucial move toward greater transparency and accountability in energy and water use. By enforcing these regulations, the EU aims to achieve substantial reductions in energy consumption, contributing to broader environmental and sustainability goals.

Nude Deepfakes: What is EU Doing to Prevent Women from Cyber Harassment



 

Sexual abuse

Cyber Crime Cyber Harassment Deepfake EU Sexual abuse

Nude Deepfakes: What is EU Doing to Prevent Women from Cyber Harassment

The disturbring rise of sexual deepfakes

Deepfakes are a worry in digital development in this age of rapid technical advancement. This article delves deeply into the workings of deepfake technology, exposing both its potential dangers and its constantly changing capabilities.

The manipulation of images and videos to make sexually oriented content may be considered a criminal offense across all the European Union nations.

The first directive on violence against will move through its final approval stage by April 2024.

With the help of AI programs, these images are being modified to undress women without their consent.

What changes will the new directive bring? And what will happen if the women who live in the European Union are the target of manipulation but the attacks happen in countries outside the European Nation?

The victims: Women

If you are wondering how easy it is to create sexual deepfakes, some websites are just a click away and provide free-of-cost services.

According to the 2023 State of Deepfakes research, it takes around 25 minutes to create a sexual deepfake, and it's free. You just need a photo and the face has to be visible.

A sample of 95000 deepfake videos were analyzed between 2019 and 2023, and the research discloses that there has been a disturbing 550% increase.

AI and Deepfakes expert Henry Aider says the people who use these stripping tools want to humiliate, defame, traumatize, and in some incidents, sexual pleasure.

“And it's important to state that these synthetic stripping tools do not work on men. They are explicitly designed to target women. So it's a good example of a technology that is explicitly malicious. There's nothing neutral about that,” says Henry.

The makers of nude deepfakes search for their target's pictures "anywhere and everywhere" on the web. The pictures can be taken from your Instagram account, Facebook account, or even your WhatsApp display picture.

Prevention: What to do?

When female victims come across nude deepfakes of themselves, there's a societal need to protect them.

But the solution lies not in the prevention, but in taking immediate actions to remove them.

Amanda Manyame, Digital Law and Rights Advisor at Equality Now, says “I'm seeing that trend, but it's like a natural trend any time something digital happens, where people say don't put images of you online, but if you want to push the idea further is like, don't go out on the street because you can have an accident.” The expert further says, “unfortunately, cybersecurity can't help you much here because it's all a question of dismantling the dissemination network and removing that content altogether.”

Today, the victims of nude deepfakes seek various laws like the General Data Protection Regulation, the European Union's Privacy Law, and national defamation laws to seek justice and prevention.

To the victims who suffer such an offense, it is advisable to take screenshots or video recordings of the deepfake content and use them as proof while reporting it to the police and social media platforms where the incident has happened.

“There is also a platform called StopNCII, or Stop Non-Consensual Abuse of Private Images, where you can report an image of yourself and then the website creates what is called a 'hash' of the content. And then, AI is then used to automatically have the content taken down across multiple platforms," says the Digital Law and Rights at Equality Now.

Global Impact

The new directive aims to combat sexual violence against women, all 27 member states will follow the same set of laws to criminalize all forms of cyber-violence like sexually motivated "deepfakes."

Amanda Manyame says “The problem is that you might have a victim who is in Brussels. You've got the perpetrator who is in California, in the US, and you've got the server, which is holding the content in maybe, let's say, Ireland. So, it becomes a global problem because you are dealing with different countries.”

Addressing this concern, the MEP and co-author of the latest directive explain that “what needs to be done in parallel with the directive" is to increase cooperation with other countries, "because that's the only way we can also combat crime that does not see any boundaries."

"Unfortunately, AI technology is developing very fast, which means that our legislation must also keep up. So we need to revise the directive in this soon. It is an important step for the current state, but we will need to keep up with the development of AI,” Evin Incir further admits.

EU Takes a Leap Forward with Cybersecurity Certification Scheme



 

EUCC

Certification Cyber Security ENISA EU EUCC

EU Takes a Leap Forward with Cybersecurity Certification Scheme

What is the EU cybersecurity certification scheme?

The EUCC, or EU cybersecurity certification scheme, has an implementing rule that was adopted by the European Commission. The result is consistent with the cybersecurity certification methodology under consideration on EUCC, which was created by ENISA in response to a request from the European Commission.

An ad hoc working group (AHWG) made up of subject matter experts from various industrial sectors and National Cybersecurity Certification Authorities (NCCAs) of EU member states provided support to ENISA in the design of the candidate scheme.

ENISA is appreciative of the efforts made by the Stakeholder Cybersecurity Certification Group (SCCG) as well as the advice and assistance provided by Member States through the European Cybersecurity Certification Group (ECCG).

It is anticipated that the EUCC sets the path for the upcoming schemes that are presently being developed, as it is the first cybersecurity certification system accepted by the EU. While the cybersecurity certification framework is optional, an implementing act is a component of the EU Law, or "acquis communautaire." National certification programs that were previously part of the SOG-IS agreement will eventually be replaced by EUCC.

"The adoption of the first cybersecurity certification scheme marks a milestone towards a trusted EU digital single market, and it is a piece of the puzzle of the EU cybersecurity certification framework that is currently in the making," stated Juhan Lepassaar, Executive Director of the EU Agency for Cybersecurity.

About EUCC

The new program is compliant with the EU cybersecurity certification system, as stipulated by the 2019 Cybersecurity Act. Raising the degree of cybersecurity for ICT goods, services, and procedures on the EU market was the aim of this framework. It accomplishes this by establishing a thorough set of guidelines, technical standards, specifications, norms, and protocols that must be followed throughout the Union.

The new voluntary EUCC program enables ICT vendors to demonstrate proof of assurance by putting them through a commonly recognized EU assessment procedure. This approach certifies ICT goods, including hardware, software, and technological components like chips and smartcards.

The program is built around the tried-and-true SOG-IS Common Criteria assessment framework, which is currently in use in 17 EU Member States. Based on the degree of risk connected to the intended use of the good, service, or process in terms of the likelihood and consequence of an accident, it suggests two levels of assurance.

The complete plan has been customized to meet the requirements of the EU Member States through thorough research and consultation. Hence, European enterprises can compete on a national, Union, and international scale thanks to the certification processes implemented throughout the Union.

What next?

In collaboration with the Ad-hoc working group, ENISA developed the candidate scheme, defining and agreeing upon the security requirements as well as generally recognized assessment techniques.

Following ECCG's opinion, ENISA forwarded the draft scheme to the European Commission. As a result, the European Commission issued an implementing act, which was later approved through the pertinent comitology procedure.

The enacted legislation anticipates a transitional period wherein firms will reap the advantages of current certifications obtained under national systems in a subset of Member States. Accreditation and notice are available to Conformity Assessment Bodies (CABs) who are interested in evaluating against the EUCC. After evaluating their solutions against any updated or new standards outlined in the EUCC, vendors will be able to convert their current SOG-IS certificates into EUCC ones.

Other certificates

Two further cybersecurity certification programs, EUCS for cloud services and EU5G for 5G security are presently being developed by ENISA. Additionally, the Agency is assisting the European Commission and Member States in developing a certification plan for the eIDAS/wallet and has conducted a feasibility assessment on EU cybersecurity certification standards for AI. A managed security services (MSSP) program is envisioned in a recent modification to the Cybersecurity Act proposed by the European Commission.

Privacy Watchdog Fines Italy’s Trento City for Privacy Breaches in Use of AI



 

Trento Italy

AI Artificial Intelligence EU European Union Italy Italy privacy watchdog Privacy street surveillance project Trento Italy

Privacy Watchdog Fines Italy’s Trento City for Privacy Breaches in Use of AI

Italy’s privacy watchdog has recently fined the northern city of Trento since they failed to keep up with the data protection guidelines in how they used artificial intelligence (AI) for street surveillance projects.

Trento was the first local administration in Italy to be sanctioned by the GPDP watchdog for using data from AI tools. The city has been fined a sum of 50,000 euros (454,225). Trento has also been urged to take down the data gathered in the two European Union-sponsored projects.

The privacy watchdog, known to be one of the most proactive bodies deployed by the EU, for evaluating AI platform compliance with the bloc's data protection regulations temporarily outlawed ChatGPT, a well-known chatbot, in Italy. In 2021, the authority also reported about a facial recognition system tested under the Italian Interior Ministry, which did not meet the terms of privacy laws.

Concerns around personal data security and privacy rights have been brought up by the rapid advancements in AI across several businesses.

Following a thorough investigation of the Trento projects, the GPDP found “multiple violations of privacy regulations,” they noted in a statement, while also recognizing how the municipality acted in good faith.

Also, it mentioned that the data collected in the project needed to be sufficiently anonymous and that it was illicitly shared with third-party entities.

“The decision by the regulator highlights how the current legislation is totally insufficient to regulate the use of AI to analyse large amounts of data and improve city security,” it said in a statement.

Moreover, in its presidency of the Group of Seven (G7) major democracies, the government of Italy which is led by Prime Minister Giorgia Meloni has promised to highlight the AI revolution.

Legislators and governments in the European Union reached a temporary agreement in December to regulate ChatGPT and other AI systems, bringing the technology one step closer to regulations. One major source of contention concerns the application of AI to biometric surveillance.

Open AI Moves to Minimize Regulatory Risk on Data Privacy in EU



 

User Privacy

Cyber Security Data Privacy Concerns EU Open AI User Privacy

Open AI Moves to Minimize Regulatory Risk on Data Privacy in EU

While the majority of the world was celebrating the arrival of 2024, it was back to work for ChatGPT's parent company, OpenAI.

After being investigated for violating people's privacy, the firm is believed to be rushing against the clock to do everything in its capacity to limit the regulatory risk in the EU. This is the primary reason why the company has returned to work on amending its terms and conditions.

With a line of investigations in place to combat data protection issues concerning how chatbots process user data and how they produce data in general, including those coming from top watchdogs in the region, ChatGPT's powerful AI offering was accused of negatively impacting users' privacy.

Things even got bad enough for Italy to temporarily halt the AI tool after determining that the company needed to modify some data and the degree of control granted to users generally.

Now, OpenAI is sending out emails detailing how it has modified its ChatGPT service in the regions where the most concerns have arisen. They have made clear which entity, as stated in their privacy policy, is in charge of processing and regulating personal data.

The latest terms established the firm's Dublin subsidiary as the primary regulator for user data across the EEA region, including Switzerland.

The company claimed that this would be effective as early as next month. If there is any disagreement on the matter, users are advised to delete their OpenAI accounts immediately. More discussion was conducted about how the GDPR's OSS would be implemented for firms processing EU data in order to better coordinate privacy oversights through a single supervisory body operating in the EU.

The likelihood that privacy watchdogs operating in other parts of the world will take action on these issues is made less likely by such a status. They would have to go the path previously. The supervisor of the main firm can now receive complaints from them and address any issues.

If an immediate risk arises, GDPR regulators would maintain the authority to intervene through local means. This year, we saw the company establish an office in Ireland's capital and hire numerous professionals for senior legal and privacy positions. However, the majority of the company's open roles are still in the United States.

However, due to Brexit, the company's users in the United Kingdom are excluded from the entire legal basis on which OpenAI's transfer to Ireland operates. Since its inception, the EU's GDPR has failed to function and apply to those in the United Kingdom.

A lot is going on here, and it will be interesting to see how the change in OpenAI's terms affects the regulatory risk at its peak in the EU.

Europol Dismantles Ukrainian Ransomware Gang



 

Ukraine Organization

Cyber Security Data Extortion Encryption EU EU Regulators European Union Europol Geopolitical Malicious actor Ransomware Attacks. Ransomware Gang Ukraine Organization

Europol Dismantles Ukrainian Ransomware Gang

A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target of multiple raids.

The joint effort, which included law enforcement agencies from various countries, highlights the growing need for global cooperation in combating cyber threats. The dismantled group had been a prominent player in the world of ransomware, utilizing sophisticated techniques to extort individuals and organizations.

The operation comes at a crucial time, with Ukraine already facing challenges due to ongoing geopolitical tensions. Europol's involvement underscores the commitment of the international community to address cyber threats regardless of the geopolitical landscape.

One of the key events leading to the takedown was a series of coordinated raids across Ukraine. These actions, supported by Europol, aimed at disrupting the ransomware gang's infrastructure and apprehending key individuals involved in the criminal activities. The raids not only targeted the group's operational base but also sought to gather crucial evidence for further investigations.

Europol, in a statement, emphasized the significance of international collaboration in combating cybercrime. "This successful operation demonstrates the power of coordinated efforts in tackling transnational threats. Cybercriminals operate globally, and law enforcement must respond with a united front," stated the Europol representative.

The dismantled ransomware gang was reportedly using the Lockergoga ransomware variant, known for its sophisticated encryption methods and targeted attacks on high-profile victims. The group's activities had raised concerns globally, making its takedown a priority for law enforcement agencies.

In the aftermath of the operation, cybersecurity experts are optimistic about the potential impact on reducing ransomware threats. However, they also stress the importance of continued vigilance and collaboration to stay ahead of evolving cyber threats.

As the international community celebrates this successful operation, it serves as a reminder of the ongoing battle against cybercrime. The events leading to the dismantlement of the Ukrainian-based ransomware gang underscore the necessity for countries to pool their resources and expertise to protect individuals, businesses, and critical infrastructure from the ever-evolving landscape of cyber threats.

Allegations of Spying in the EU Hit YouTube as it Targets Ad Blockers



 

Youtube

Ad Blockers Cyber Security Data Surveillance EU online privacy concerns spying allegations targeted ads Youtube

Allegations of Spying in the EU Hit YouTube as it Targets Ad Blockers

YouTube's widespread use of ads, many of which are unavoidable, has raised concerns among some users. While some accept ads as a necessary part of the free video streaming experience, privacy advocate Alexander Hanff has taken issue with YouTube and its parent company, Google, over their ad practices. Hanff has filed a civil complaint with the Irish Data Protection Commission, alleging that YouTube's use of JavaScript code to detect and disable ad blockers violates data protection regulations.

Additionally, Hanff has filed a similar complaint against Meta, the company behind Instagram and Facebook, claiming that Meta's collection of personal data without explicit consent is illegal. Meta is accused of using surveillance technology to track user behavior and tailoring ads based on this information, a practice that Hanff believes violates Irish law.

These complaints come amid a growing focus on data privacy and security in the EU, which has implemented stricter regulations for Big Tech companies. In response, Google has expanded its Ads Transparency Center to provide more details on how advertisers target consumers and how ads are displayed.

The company has also established a separate Transparency Center to showcase its safety policy development and enforcement processes. Google has committed to continued collaboration with the European Commission to ensure compliance with regulations.

Hanff's complaints could be the first of many against Google, Meta, and other tech giants, as legislators and the public alike express increasing concerns over market competition and data privacy.

If additional regulations are implemented, these companies will have to adapt their practices accordingly. The potential impact on their profits remains to be seen, but compliance could ultimately prove less costly than facing financial penalties.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Footer About