{"id":8198,"date":"2024-03-05T11:51:50","date_gmt":"2024-03-05T10:51:50","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=8198"},"modified":"2025-02-03T09:36:02","modified_gmt":"2025-02-03T08:36:02","slug":"data-protection-digest-05032024-web-browsing-data-for-sale-us-restricted-data-transfers-and-cybersecurity","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05032024-web-browsing-data-for-sale-us-restricted-data-transfers-and-cybersecurity\/","title":{"rendered":"Data protection digest 18 Feb – 2 Mar 2024: web browsing data for sale, banking sector outsourcing, cybersecurity core 2.0"},"content":{"rendered":"\n

This issue highlights how web browsing data, non-anonymised according to America\u2019s FTC, was sold worldwide in the Avast\/Jumpshot case, the EDPB\u2019s new enforcement action on the right of access, cloud outsourcing in the banking sector, the NIST\u2019s new cybersecurity framework for all organisations, and federated learning analysis.<\/em><\/p>\n\n\n\n

Stay tuned! Sign up to receive our fortnightly digest via email.<\/em><\/a><\/p>\n\n\n\n

Web browsing data for sale<\/h4>\n\n\n\n

The UK software provider Avast will have to pay 16.5 million dollars to the US Federal Trade Commission, and the business will not be allowed to sell or license any web browsing data for advertising purposes. Avast Limited, a UK-based firm, obtained customer surfing data unjustly through its antivirus software and browser extensions, retained it indefinitely, and sold it<\/a> without providing consumers with sufficient notice or asking for their consent. The company also did this through its Czech subsidiary. <\/p>\n\n\n\n

Following its acquisition of rival antivirus software supplier Jumpshot, Avast renamed the business as an analytics firm. Jumpshot sold surfing data that Avast had gathered from users between 2014 and 2020 to a range of customers, including marketing, advertising, and data analytics firms as well as data brokers. The business said that before sending the data to its clients, it eliminated identifying information using an algorithm. <\/p>\n\n\n\n

\"web<\/figure>
\n

<\/p>\n\n\n\n

However, according to the FTC, the business did not adequately anonymise user web browsing data that it sold through a variety of products<\/a> in non-aggregated form. The FTC says, the business did not prohibit some of its data purchasers from using Jumpshot’s data to re-identify Avast users. For instance, Jumpshot allegedly signed a deal with advertising giant Omnicom for a supply of an “All Clicks Feed” for 50% of its clients in the US, UK, Mexico, Australia, Canada, and Germany.\u00a0<\/p>\n<\/div><\/div>\n\n\n\n

Americans’ sensitive data<\/h4>\n\n\n\n

The US seems to have increased regulations on restricted cross-border data transfers due to national security concerns. <\/p>\n\n\n\n

President Biden issued an Executive Order to protect Americans\u2019 sensitive personal data. It will prevent the large-scale transfer of America\u2019s sensitive and government-related data to countries of concern, (reportedly they are China, Cuba, Iran, North Korea, Russia and Venezuela), and prohibit commercial data brokers and other companies from selling biometrics, healthcare, geolocation, financial and other sensitive data to countries of concern, or entities controlled by those governments, intelligence services and militaries. <\/p>\n\n\n\n

The US Justice Department\u2019s National Security Division has already published an Advance Notice of Proposed Rulemaking to provide transparency and clarity about the intended scope of the program. It would include six defined categories of bulk US sensitive data – US persons\u2019 covered personal identifiers, personal financial data, health, precise geolocation data, biometric identifiers, human genomic data<\/strong>, and combinations of those data. The security requirements for certain data classes of transactions would include: <\/p>\n\n\n\n