Swedish DPA IMY fines Avanza Bank AB 15 million SEK (around 1.3m€) for using Meta Pixel on its website without implementing proper technical and organizational measures, leading to unauthorized transfer of personal data, including personal IDs and financial information, to Meta (Facebook). IMY received a breach notification from Avanza Bank AB in 2021. The notification showed that personal data of 500k – 1 million data subjects was erroneously transferred to Facebook (now Meta). Among the data transferred were social security numbers, loan amounts and account number. From the investigation of the case IMY found that personal data of bank's customers and website visitors were transferred to Meta. The personal data transferred has included, among other things social security numbers and extensive financial information. The information, including detailed information about customers' finances, has in several cases been transmitted in plain text. IMY notes that the data subjects have legitimate expectations of a high degree of confidentiality and a robust protection against unauthorized access. The data transferred has been covered by statutory duty of confidentiality. The processing of personal data has taken place within the framework of the bank's core business, which entails even higher requirements for the level of protection. Link in the comments!
PrivacyDesigner’s Post
More Relevant Posts
-
Swedish DPA fined local Avanza Bank 1.4 million euros for using Meta pixels, which led to customers' personal data being transmitted to Meta. Key takeaways: Use case: When using Meta pixels on its website and in the application, the Bank mistakenly activated the Automatic Advanced Matching (AAM) feature, which led to the following consumer data transmitted to Meta: • Information on loan amounts • Account number and credit limit • Fees, taxes, and current interest rates • Orders in progress and end of day • Signatory and Bank as pension moved from • E-mail address and social security number The Bank notified the DPA about the breach, stating that personal data of 500,001 - 1 million from 15 November 2019 to 2 June 2021 inclusive was incorrectly transferred to the Bank's partner, Facebook (now Meta). The AAM function transmitted data in hashed form (using the SHA256 hashing function) to Meta if the user filled in any of the five forms on the Bank's website or mobile app. For the data to be transferred, a person had to be logged in to the Bank's website and accept the Bank's marketing cookies. If these conditions were not met, the AAM would not have been activated, and no data would have been transferred. Mitigation measures: - The Bank asked Meta to remove the data (Meta has confirmed that the personal data processed has been deleted at Meta in a way that does not allow Meta to recover it); - The Bank has established a process for implementing and managing third-party scripts (these scripts will be evaluated from a security and privacy perspective); - The Bank has moved the scripts from the third-party providers to its systems to prevent changes to the scripts from being introduced without the Bank's knowledge; - The Bank has also completed internal guidelines to more clearly describe the failure scenario, how it is avoided, and the expectations of the Bank's development team when dealing with this type of product. DPA's position: - This information processing does not involve data being stored in or retrieved from a subscriber's or user's terminal equipment and is therefore not covered by Chapter 9, section 28 of LEK or the previously applicable corresponding provision in the Electronic Communications Act; - The Bank has lacked technical and organizational security procedures to follow up and detect unintentional changes in its systems systematically; - The DPA has concluded that the Bank has processed personal data in breach of Article 32(1) of the GDPR and that the breach is of such a serious nature that it also constitutes a breach of the principles of integrity and confidentiality in Article 5(1)(f). Why did this not trigger the Data protection by design and by default requirements? #privacy #GDPR
To view or add a comment, sign in
-
Banks using messaging apps like iMessage and WhatsApp without retaining records? That's a clear violation of laws, hindering oversight. ⚠️ (https://lnkd.in/esmuGPad) But here's the good news: With Convrs, you're in safe hands. Our platform not only empowers businesses to harness the power of messaging apps for effective engagement but also ensures full data retention and GDPR compliance. 🌐👍 Avoid the pitfalls and embrace secure, compliant messaging with Convrs. Let's chat about how we can help: https://lnkd.in/g36bjFpw #GoConvrs #CompliantMessaging #Compliance
To view or add a comment, sign in
-
Artificial intelligence has been surging through every business, and it continues to do so in finance. For finance cybersecurity, AI can utilize pattern recognition and data analysis to find fraud more quickly. This will drastically change the industry's efforts to reduce insider trading and money laundering. Because of this, Wall Street firms, transitioning from legacy technology, are increasingly adopting AI. This is a necessary step for innovation and a response to outdated infrastructure. #AI #Finance #FinTech #Cybersecurity
How AI Could Transform Wall Street And Personal Finance
forbes.com
To view or add a comment, sign in
-
It's always helpful to have an information source you can refer back to- particularly on complex topics like the current regulatory perimeter for fintech activities. Several of my colleagues at Simmons & Simmons have contributed their analysis and insight to 'Getting the Deal Through - Fintech 2024', a summary of fintech regulations and related government initiatives across 31 countries, which is freely available at the link below. #fintech #crypto #payments #regulation Lexology Getting The Deal Through – FinTech 2024 | Simmons & Simmons (simmons-simmons.com)
Together, we deliver smarter solutions
simmons-simmons.com
To view or add a comment, sign in
-
In a dynamic fintech landscape, staying informed about the latest developments is crucial. Today, we are excited to bring you a curated digest of the latest news highlights: EU Watchdog Calls for Enhanced Privacy in Digital Euro Legislation: The European Data Protection Board and Supervisor recommend amendments to EU legislation on the digital euro to strengthen data protection. They propose clearer delineation of data protection responsibilities and a "privacy threshold" for transactions, aiming to enhance privacy standards in the digital currency space. https://lnkd.in/evvrMYVB Scam Epidemic Targets Majority of UK Adults: Over 70% of UK adults report being targeted by scams in the past year, with an average of three scam attempts weekly. Digital platforms and social media are the prime mediums for these scams, including phishing and trusted organisation scams. This trend is causing some to avoid online shopping and holiday bookings due to concerns about scams. https://lnkd.in/ebHAMWWi CLM Technology's Role in Countering US Economic Downturn: Fenergo highlights the importance of Contract Lifecycle Management (CLM) technology in addressing economic challenges in the United States. It provides efficiency, revenue, and regulatory compliance benefits for financial institutions amidst concerns about inflation, interest rates, and operational leverage. https://lnkd.in/ep5RtpVM PayPal Invests in Women's Economic Empowerment: PayPal allocates funds to Sweef Capital's Southeast Asia Women's Economic Empowerment Fund and Quona Opportunity Fund, in line with its commitment to promote economic empowerment for women. These investments aim to support women-led enterprises and transformative fintech companies in emerging markets. https://lnkd.in/e4Z64U4U Vesti Launches in the UK to Support Immigrants: Vesti, a migration FinTech platform, expands to the United Kingdom, offering tailored legal and financial solutions for immigrants. It aims to provide critical information and support for global citizens moving to new countries. Vesti's services include visa options and financial solutions for easy fund management across multiple currencies. https://lnkd.in/exWAEvgk
EU data protection watchdog calls for more privacy for digital euro
finextra.com
To view or add a comment, sign in
-
Founder & Managing Partner at Hintze Law & Founder of Hintze Data Advisors. IAPP Westin Emeritus Fellow
Great overview of privacy and cybersecurity issues that fintech companies should focus on in 2024 - by our own Samuel Castic and Amy Lanchester. #fintech #financialdata #cookies #artificialintelligence #ai #privacy #fcra #databreach
My colleague Amy Lanchester and I wrote this piece on five emerging fintech privacy issues that may pop next year, and offer some tips for how fintech privacy programs can prepare: https://lnkd.in/gb4HfQen. We think #pixels and other tracking technologies, use and governance of #AI, new #financial data rights, expanded regulation of #databrokers, and #infosec and #databreach reporting obligations may impact fintech privacy programs next year. With planning and modifications to existing #privacy programs, fintechs can be well-positioned to respond to these issues. Amy and I both joined Hintze Law PLLC from different fintech companies, and it was fun to bring our different perspectives from those roles and our current work for our #fintech clients to this article. Thanks IAPP - International Association of Privacy Professionals for publishing!
Emerging trends in fintech privacy: 5 key areas to watch in 2024
iapp.org
To view or add a comment, sign in
-
The internet and digital technology have massively improved the speed and reach of financial transactions. But the same technology that has boosted commerce can also be exploited by criminals. Learn more in this insight: https://lseg.group/3Vnoi8H
Mapping the changing landscape of fraud
lseg.com
To view or add a comment, sign in
-
Interesting article from IAPP - International Association of Privacy Professionals-- Emerging trends in Fintech Privacy: https://lnkd.in/dN5ZtjSB 1. Scrutiny of third-party tracking pixels, other tracking technologies may increase 2. Regulators will increasingly expect appropriate use, governance of AI technologies 3. Potential mandates around financial data rights 4. Data brokers may face new requirements 5. New information security, breach response obligations likely They also share tips on how to prepare for these. A good read for my fintech friends!
Emerging trends in fintech privacy: 5 key areas to watch in 2024
iapp.org
To view or add a comment, sign in
-
CEO @ IDPartner Systems | Digital Trust, Identity Management | Program Management | Business Builder
Curious if anyone else has had this experience. And if you have, how did you solve it? I posted an article that began with: In a recent issue of her awesome "AI Agenda" newsletter, The Information's Stephanie Palazzolo predicted that "AI-generated misinformation will gum up a presidential election." LinkedIn seems to have banned the article. At IDPartner Systems, we are trying to stop misinformation, distrust, fraud, and hacking by building a new high-trust identity layer for the entire Internet. Our solution is simple. We use bank-based ID. The global financial system has a huge well understood regulatory framework, lots of bank examiners, privacy laws, and bank-grade authentication systems. Together, these features mean that banks can help us prove we are who we claim to be. My article argued that was a good first step for reducing the threat that Stephanie Palazzolo identified. Why would LinkedIn block such an article? Is there a non-opaque way to ask them to reconsider? How are we supposed to stop AI-generated misinformation and the threat it poses to elections if we can't discuss the topic? The entire article is in the pic attached to this post. I'd be grateful for guidance, ideas, or even an intro to a decision maker at LinkedIn.
To view or add a comment, sign in
-
-
https://lnkd.in/gU3_3bME Twiggy is tackling an issue that is hugely important. I know the volume of stuff to check is overwhelming and I know that to the internet the data is just bytes. However, if a solution could be found it would be a great breakthrough for all.
Andrew 'Twiggy' Forrest and Facebook clickbait battle dropped in court
9news.com.au
To view or add a comment, sign in
https://www.imy.se/nyheter/sanktionsavgift-mot-avanza-for-overforing-av-personuppgifter-till-meta/