PrivacyDesigner’s Post

Swedish DPA fined local Avanza Bank 1.4 million euros for using Meta pixels, which led to customers' personal data being transmitted to Meta. Key takeaways: Use case: When using Meta pixels on its website and in the application, the Bank mistakenly activated the Automatic Advanced Matching (AAM) feature, which led to the following consumer data transmitted to Meta: • Information on loan amounts • Account number and credit limit • Fees, taxes, and current interest rates • Orders in progress and end of day • Signatory and Bank as pension moved from • E-mail address and social security number The Bank notified the DPA about the breach, stating that personal data of 500,001 - 1 million from 15 November 2019 to 2 June 2021 inclusive was incorrectly transferred to the Bank's partner, Facebook (now Meta). The AAM function transmitted data in hashed form (using the SHA256 hashing function) to Meta if the user filled in any of the five forms on the Bank's website or mobile app. For the data to be transferred, a person had to be logged in to the Bank's website and accept the Bank's marketing cookies. If these conditions were not met, the AAM would not have been activated, and no data would have been transferred. Mitigation measures: - The Bank asked Meta to remove the data (Meta has confirmed that the personal data processed has been deleted at Meta in a way that does not allow Meta to recover it); - The Bank has established a process for implementing and managing third-party scripts (these scripts will be evaluated from a security and privacy perspective); - The Bank has moved the scripts from the third-party providers to its systems to prevent changes to the scripts from being introduced without the Bank's knowledge; - The Bank has also completed internal guidelines to more clearly describe the failure scenario, how it is avoided, and the expectations of the Bank's development team when dealing with this type of product. DPA's position: - This information processing does not involve data being stored in or retrieved from a subscriber's or user's terminal equipment and is therefore not covered by Chapter 9, section 28 of LEK or the previously applicable corresponding provision in the Electronic Communications Act; - The Bank has lacked technical and organizational security procedures to follow up and detect unintentional changes in its systems systematically; - The DPA has concluded that the Bank has processed personal data in breach of Article 32(1) of the GDPR and that the breach is of such a serious nature that it also constitutes a breach of the principles of integrity and confidentiality in Article 5(1)(f). Why did this not trigger the Data protection by design and by default requirements? #privacy #GDPR

Banks using messaging apps like iMessage and WhatsApp without retaining records? That's a clear violation of laws, hindering oversight. ⚠️ (https://lnkd.in/esmuGPad) But here's the good news: With Convrs, you're in safe hands. Our platform not only empowers businesses to harness the power of messaging apps for effective engagement but also ensures full data retention and GDPR compliance. 🌐👍 Avoid the pitfalls and embrace secure, compliant messaging with Convrs. Let's chat about how we can help: https://lnkd.in/g36bjFpw #GoConvrs #CompliantMessaging #Compliance

Artificial intelligence has been surging through every business, and it continues to do so in finance. For finance cybersecurity, AI can utilize pattern recognition and data analysis to find fraud more quickly. This will drastically change the industry's efforts to reduce insider trading and money laundering. Because of this, Wall Street firms, transitioning from legacy technology, are increasingly adopting AI. This is a necessary step for innovation and a response to outdated infrastructure. #AI #Finance #FinTech #Cybersecurity

It's always helpful to have an information source you can refer back to- particularly on complex topics like the current regulatory perimeter for fintech activities. Several of my colleagues at Simmons & Simmons have contributed their analysis and insight to 'Getting the Deal Through - Fintech 2024', a summary of fintech regulations and related government initiatives across 31 countries, which is freely available at the link below. #fintech #crypto #payments #regulation Lexology Getting The Deal Through – FinTech 2024 | Simmons & Simmons (simmons-simmons.com)

In a dynamic fintech landscape, staying informed about the latest developments is crucial. Today, we are excited to bring you a curated digest of the latest news highlights: EU Watchdog Calls for Enhanced Privacy in Digital Euro Legislation: The European Data Protection Board and Supervisor recommend amendments to EU legislation on the digital euro to strengthen data protection. They propose clearer delineation of data protection responsibilities and a "privacy threshold" for transactions, aiming to enhance privacy standards in the digital currency space. https://lnkd.in/evvrMYVB Scam Epidemic Targets Majority of UK Adults: Over 70% of UK adults report being targeted by scams in the past year, with an average of three scam attempts weekly. Digital platforms and social media are the prime mediums for these scams, including phishing and trusted organisation scams. This trend is causing some to avoid online shopping and holiday bookings due to concerns about scams. https://lnkd.in/ebHAMWWi CLM Technology's Role in Countering US Economic Downturn: Fenergo highlights the importance of Contract Lifecycle Management (CLM) technology in addressing economic challenges in the United States. It provides efficiency, revenue, and regulatory compliance benefits for financial institutions amidst concerns about inflation, interest rates, and operational leverage. https://lnkd.in/ep5RtpVM PayPal Invests in Women's Economic Empowerment: PayPal allocates funds to Sweef Capital's Southeast Asia Women's Economic Empowerment Fund and Quona Opportunity Fund, in line with its commitment to promote economic empowerment for women. These investments aim to support women-led enterprises and transformative fintech companies in emerging markets. https://lnkd.in/e4Z64U4U Vesti Launches in the UK to Support Immigrants: Vesti, a migration FinTech platform, expands to the United Kingdom, offering tailored legal and financial solutions for immigrants. It aims to provide critical information and support for global citizens moving to new countries. Vesti's services include visa options and financial solutions for easy fund management across multiple currencies. https://lnkd.in/exWAEvgk

Great overview of privacy and cybersecurity issues that fintech companies should focus on in 2024 - by our own Samuel Castic and Amy Lanchester. #fintech #financialdata #cookies #artificialintelligence #ai #privacy #fcra #databreach

The internet and digital technology have massively improved the speed and reach of financial transactions. But the same technology that has boosted commerce can also be exploited by criminals. Learn more in this insight: https://lseg.group/3Vnoi8H

Interesting article from IAPP - International Association of Privacy Professionals-- Emerging trends in Fintech Privacy: https://lnkd.in/dN5ZtjSB 1. Scrutiny of third-party tracking pixels, other tracking technologies may increase 2. Regulators will increasingly expect appropriate use, governance of AI technologies 3. Potential mandates around financial data rights  4. Data brokers may face new requirements  5. New information security, breach response obligations likely They also share tips on how to prepare for these. A good read for my fintech friends!

Curious if anyone else has had this experience. And if you have, how did you solve it? I posted an article that began with: In a recent issue of her awesome "AI Agenda" newsletter, The Information's Stephanie Palazzolo predicted that "AI-generated misinformation will gum up a presidential election." LinkedIn seems to have banned the article. At IDPartner Systems, we are trying to stop misinformation, distrust, fraud, and hacking by building a new high-trust identity layer for the entire Internet. Our solution is simple. We use bank-based ID. The global financial system has a huge well understood regulatory framework, lots of bank examiners, privacy laws, and bank-grade authentication systems. Together, these features mean that banks can help us prove we are who we claim to be. My article argued that was a good first step for reducing the threat that Stephanie Palazzolo identified. Why would LinkedIn block such an article? Is there a non-opaque way to ask them to reconsider? How are we supposed to stop AI-generated misinformation and the threat it poses to elections if we can't discuss the topic? The entire article is in the pic attached to this post. I'd be grateful for guidance, ideas, or even an intro to a decision maker at LinkedIn.

https://lnkd.in/gU3_3bME Twiggy is tackling an issue that is hugely important. I know the volume of stuff to check is overwhelming and I know that to the internet the data is just bytes. However, if a solution could be found it would be a great breakthrough for all.