Hi there! I hope you are well and excited about 2022. I'm back with my weekly emails after a really long break.
Google Analytics usage by Austrian website violates GDPR
On Thursday, the Austrian Data Protection Authority ruled that an Austrian website violated the EU's privacy law (GDPR) because of its use of Google Analytics since it shares personal data of website visitors with Google.
The ruling states that the data exporter, the website, and not Google is solely liable for breaching GDPR. Nevertheless, the data transferred to Google also includes personal user identifiers such as IP address and browser parameters, which Google has previously argued is not the case.
Google has responded, writing in a statement that "Google Analytics is a service used by organizations to understand how their sites and apps are used, so that they can make them work better. It does not track people or profile people across the internet."
However, many European websites will most likely think twice about using Google Analytics since the penalty for violating GDPR can be as high as 4% of a company's annual global turnover. Similar rulings are now expected to drop gradually throughout the EU and could additional US cloud services.
Russian authorities closed down operations of criminal ransomware group behind several damaging cyber attacks
On Friday, the Russian Federal Security Service (FSB) said it had raided and shut down the criminal ransomware group REvil, arresting several group members. REvil has been blamed for some of the most damaging attacks of the last 12 months, including those targeting Colonial Pipeline, JBS Foods and US technology firm Kaseya.
Authorities conducted raids at 25 addresses across Russia that belonged to 14 suspected members of REvil. They claim to have taken more than 426 million rubles and €500,000, as well as $600,000 in cash, cryptocurrency wallets, computers and 20 high-end cars. This move undoubtedly sends a message to other ransomware groups operating out of Russia.
The FSB said in a statement that US authorities had requested the operation. However, the raids appeared just hours after a significant cyberattack towards the Ukrainian government that took down websites for the Ukrainian foreign ministry, national security and defence council.
Several tech platforms subpoenaed to partake in January 6 attack investigation
On Thursday, four major tech companies got subpoenas to participate in the United States Congress investigation of the January 6, 2021 insurrection at the US Capitol. The US House committee is looking into how Youtube, Facebook, Instagram, Reddit, and Twitter were used to organise the violent attack. The committee chairman Bennie G. Thompson sent letters to parent companies Alphabet and Meta, Twitter, and Reddit, asking for additional information.
Facebook was an influential hub for the "Stop the Steal" movement, with users spreading content denying the legitimate results of the 2020 US presidential election. It was also previously the platform of choice for several organisations playing a part in the Capitol attack, such as the Proud Boys and the Three Percenters.
YouTube was used to livestream the events, and Twitter users "reportedly used the platform for communications regarding the planning and execution of the assault," according to the committee. The complaint with Reddit relates to the r/The_Donald subreddit, which migrated to its own domain in late January 2020 after being banned for hate speech.
In August last year, the committee collected relevant information from 15 different platforms. That request included extremist-friendly sites such as 4chan, Gab, Parler and theDonald.win and traditional social media apps like TikTok, Snapchat and Twitch.
Best long read of the week:
Wall Street Journal - The internet didn't turn out the way its visionaries wanted it to. So they are now gathering to change that.
Anna Loverus Newsletter
Join the newsletter to receive the latest updates in your inbox.