Vulnerabilities / Threats

9/11/2017
04:50 PM
50%
50%

Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine

Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.

Facebook got slapped with a 1.2 million euro fine by Spain's data and privacy enforcement agency, the Spanish Data Protection Agency (AEPD).

The AEPD, which enforces the Organic Law on Data Protection (LOPD) regulations, claims Facebook raked up one "very serious" LOPD infringement and two "serious" infringements.

In the "very serious" case, the AEPD alleges Facebook collected privacy protected data, such as religious beliefs, sex, ideology, personal tastes, and sites visited, without clearly notifying users beforehand.

The AEPD issued the second infringement over Facebook's alleged use of cookies to process members' information when they are browsing non-Facebook pages, and when non-Facebook members come to visit the site. The information collected is then applied to that specific user's social network account, AEPD alleges. The enforcement agency also claims Facebook retains users' site navigation information beyond the period of its stated purpose.

Read more about the Facebook fine here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Melissa Anders
50%
50%
Melissa Anders,
User Rank: Apprentice
9/12/2017 | 9:27:57 AM
Re: Facebook-->Apple
I absolutely agree with you.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/12/2017 | 7:35:06 AM
Facebook-->Apple
Facebook needs to take a lesson from Apple and everytime a function is changed to gather more data, hit the user with an agreement page during sign-in. Especially if they intend to apply this functionality without user input.
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14332
PUBLISHED: 2018-07-19
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user...
CVE-2018-1529
PUBLISHED: 2018-07-19
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...
CVE-2018-1535
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...
CVE-2018-1536
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...
CVE-2018-1585
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...