Yahoo Email scanning breach casts doubt on forthcoming EU-US “Privacy Shield” deal

Yahoo Offices

The European regulator for privacy has launched enquiries into the recent Yahoo email scanning breach, in a move likely to encourage further legal challenges to the EU-US Privacy Shield data sharing agreement.

Yahoo has faced widespread criticism following disclosures by former employees that it secretly built a custom software program, at the behest of US intelligence officials, to search all of its customers’ incoming emails for specific information.

According the Irish regulator, “any form of mass surveillance infringing on the fundamental privacy rights of EU citizens would be viewed as a matter of considerable concern”. Earlier in 2016, the EU approved much tougher regulations on data protection (GDPR), active from May 2018, and designed to increase the protection of privacy for EU citizens.

Via the Privacy Shield initiative, the EU had agreed that US data processors such as Yahoo, were entitled to ‘self-certify’ their compliance with the forthcoming GDPR. A previous similar data-sharing agreement with the USA, known as Safe Harbor, was thrown out by the EU Court of Justice in 2015.

Yahoo, whose European headquarters are in Dublin, also provides email services for a number of European entities such as BT Plc and Sky Plc

In November, the Irish Data Commissioner Helen Dixon announced her office was investigating whether Yahoo’s Dublin-based EMEA operation was “complicit” regarding its role in transferring data to the USA.

Speaking at a conference in Dublin on November 17th, Commissioner Dixon stressed that Irish entities of US operations “must understand there will be consequences”, in case they are linked to breaches involving cross-border data transfers.

 

Source : https://www.rte.ie/news/2016/1005/821706-yahoo/

the challenge - wizuda case studies

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be  considered:

  • Geographically dispersed stakeholders
  • Highly commercially sensitive documentation
  • No internal IT involvement
  • Multiple stakeholders required to collaborate on
    single documents
the solution- wizuda case studies

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish 

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly

Quick Contact