What does the NCSC 2022 Annual Review, published this week, mean for schools? It’s been a busy year for education already with school budgets hit by unplanned teacher pay rises and doubling energy bills all before the end of the first term. It is hard to fathom or think about how the conflict between Russia and Ukraine, being fought thousands of miles away, can be another influence.
A giant of the adtech industry in France has recently been fined for breaching the European Union data protection regulation. A multi year investigation has been conducted by France’s national privacy watchdog, and they have found that Criteo have breached their privacy laws, and have issued them a $65 million fine.
We’ve discussed in the past the use of biometric systems in UK schools, and how privacy advocates have expressed concern over the collection of the biometric data of students.
They feel that not only is it excessive, but there are also easier alternatives, which will in each case do the same job that using the biometric systems would.
Cybersecurity should be seen as a key element of normal working practices.
On the 10th October 2022 the DfE issued updated cybersecurity standards for schools. Given most of the standards should already implemented or are required to be implemented as soon as possible, there is an implication that these should be part of normal working practices.
Facebook gets a small win in Europe
EU regulators are currently at odds on how to prevent Facebook’s parent company, Meta from transferring EU user data to the US. The draft decision, made in Ireland, aimed to stop certain data from being sent outside the EU, with Facebook claiming that this would severely impact the offerings they would be able to give to EU users, and potentially mean that they have to shut down Facebook and Instagram in Europe all together.
Google releases a monthly security bulletin, and in their recent edition they have outlined their latest patches for Android systems, which you can find here. 37 vulnerabilities were highlighted in the bulletin, and one of them is a security flaw which could allow remote code access through the use of bluetooth, without needing any additional execution privileges. Google has urged users to update their devices to the latest
Recently we’ve been breaking down the Online Safety Bill, which had an updated and strengthened version published by the government recently, and it had gone through parliamentary scrutiny. So far we’ve looked at an introduction to the Bill and what changes have been made since its original draft. Today, we’ll be taking a look at the practical implications for users, so that we can better understand how it will impact our day to day lives- if at all.
The government have recently published an updated version of The Online Safety Bill, after it has gone through Parliamentary Scrutiny. The outcome of this is, according to the government, a stronger and more clarified version of the Bill. Below I'll detail the key differences between the original draft version and the updated version of the Bill. The information for this comes from the government website which breaks down the refined version of the Online Harms Bill, which can be visited
Over the coming weeks we’ll be publishing a series of articles on the Online Safety Bill. Today, as an introduction, we’ll look through the basics of the Bill, and what it means for organisations going forward.
Officials in Denmark have recently carried out a risk assessment around the risks posed by Google when processing personal data for schools. As a result of this investigation, schools in Denmark have effectively banned the use of Google services. The decision, which was published last week by Datatilsynet (Denmark’s data protection agency), stated that Google’s cloud based software services which includes Gmail, Google Drive, and Google Docs, does not reach the requirements set out in the
Our first cyber security story involves another new Whatsapp scam where cyber criminals are posing as Whatsapp user's friends and family and asking them to send them money. Scammers send the victim a message claiming to be someone they know, and providing a ‘reason’ why they are using a new number. They then go on to give a fake reason as to why they need the user to send them money.
Children Aged 10 and Older
Children aged 10 and older can be arrested, interviewed and charged with criminal offences and, if found guilty, they will receive a criminal record. The UK has the youngest age of criminality in Europe and this has been condemned by the UN Committee on the Rights of The Child ( see UNCRC, 2002, 2008,2016) these criticisms have also been reiterated domestically by the National Association for Youth Justice, and the Standing Committee for Youth Justice.
Disney Sign New Automated Advertising Deal
Disney have recently signed a new deal with a global ad tech company called The Trade Desk which will allow brands to to use targeted automated advertising across Disney’s platforms. The agreement makes it one of the biggest deals that facilitate the use of new ad-targeting systems with third-party tracking becoming less popular, and could likely influence more agreements and partnerships between media companies in the future.
Parents and guardians with parental responsibility often use SAR’s as way to obtain the educational record of their children. There appears to be two reasons why this may be the case. Firstly, no charge can be made for a SAR, which makes it more cost effective than making an application under The Education (Pupil Information) (England) Regulations 2005.
Earlier this year, in response to the conflict between Russia and Ukraine, NCSC urged organisations to focus on heightening their cyber security programme. Since the beginning of the conflict, there has been an increase in cyber activity in Ukraine. Therefore it's more important than ever that you have the necessary protocols in place to protect your organisation against a cyber attack. The National Cyber Security Centre has recently published their guidance on ‘Maintaining a sustainable st
In the future, there could be less fines being handed out to Public sector organisations, according to the ICO’s new data protection regulator. The thought behind this comes from the idea that using fines as a punishment for sufficient data breaches only harm the public services that receive them, and therefore fewer financial penalties will be handed out, and the ones that are will be generally speaking of a lower amount.
There are fresh data privacy concerns surrounding Tiktok, after a report by BuzzFeed has brought into question the validity of TikTok’s claim that they had started routing US users’ data to US-based servers, in partnership with Oracle. The report conducted by BuzzFeed alleges that TikTok employees in China continue to access US users’ data, and have done so over a span of several months from September 2021 to January 2022.
Potential Changes to ‘Cookies’
As part of the Government’s proposed changes to data protection laws, one of the areas that would see changes is the practices around cookie consent. Currently, when you visit a website, a cookie pop up ‘pops up’ on your screen asking you to consent to the different types of cookies that the website wants to use.
A new article by The Washington Post discusses how App companies are using loopholes in privacy law to harvest the personal data of children. Geoffrey Fowler, a technology columnist, provides a worrying figure to detail the extent to which these companies are collecting data from the children who use their apps. According to Fowler, by the time a child is 13, online advertising firms have collected on average 72 million data points about that child.
The Human Rights Watch have recently published a report on the relation between virtual schooling and data tracking. The report finds that there is a potentially worrying gap between how kids use online platforms, and how current data privacy policies protect them. As a result of the pandemic, there was an unprecedented transition to online learning, and platforms that were already established, as well as new ones that began scaling up, were used to fill the void.
The first story we’ll be discussing is one involving Facebook, and Mark Zuckerberg. Recently, a new lawsuit has been filed against Zuckerberg by Attorney Karl A. Racine. Zuckerberg is being sued for directly taking part in decision-making that allowed the Cambridge Analytica data breach. The lawsuit also states that Facebook lied to users with regards to promises made around data protection and privacy. It is alleged that Zuckerberg facilitated the poor privacy agreements and lack of protec