EU privacy watchdogs concerned by Yahoo’s email scanning

Yeah, so about that “Privacy Shield” deal…

David bisson
David Bisson
@
@DMBisson

EU privacy watchdogs concerned by Yahoo's email scanning

Privacy watchdogs based in the European Union are concerned Yahoo violated European users’ privacy with its secret email-scanning program.

On 5 October, the office of the Irish Data Protection Commissioner said it is making inquiries into whether Yahoo protected the data of EU citizens when it decided to comply with a classified U.S. government directive asking that it scan its users’ emails.

CIO reports Yahoo modified an existing system at the request of the Department of Justice to help identify instances of spam, malware, and child pornography.

Sign up to our free newsletter.
Security news, advice, and tips.

Unfortunately, it looks like the tech company ended up scanning hundreds of millions of innocent users’ emails in the process.

We wouldn’t blame you if you decided to close your Yahoo account after that revelation. Heck, we recommended as much shortly after the story broke. I’m sure plenty of users would be happy to end the story there.

Not everyone is ready to move on, however.

Yahoo chose to base its European headquarters in Ireland, so in pursuit of protecting EU users, the Dublin privacy regulator feels it has every right to launch an investigation into the company.

As quoted by RTÉ:

“Any form of mass surveillance infringing on the fundamental privacy rights of EU citizens would be viewed as a matter of considerable concern.”

Panews p d9e53032 f202 46db 943c 34ea16dd15d2 i1

Others feel Yahoo’s transgressions might be representative of the United States’ treatment of EU citizens’ data. For that reason, some European politicians are demanding that the European Commission look into raising a legal challenge to Privacy Shield, an EU-U.S. data-sharing deal to which lawmakers agreed earlier in 2016.

In particular, Fabio de Masi, a German member of the European parliament, called on the EU high representative for external affairs Federica Mogherini to demand that U.S. authorities clarify how Yahoo and other U.S. companies are treating EU data.

Yikes… let’s hope Yahoo is an outlier here and that other companies didn’t comply with the U.S. government directive.

In the meantime, one thing’s clear: if the Data Protection Commission decides to investigate Yahoo, it will be icing on the cake that is perhaps one of Yahoo’s worst months in terms of security.

It was just a few weeks ago that we learned a “state-sponsored actor” compromised at least 500 million users’ information back in 2014. Shortly thereafter, we learned that it was likely a group of professional black hat hackers, not a state-sponsored criminal ring, that did the hacking.

Tessa88

Well, tomorrow could always be brighter for the tech company.

But if Yahoo’s actions throw the entire Western world’s agreement around Privacy Shield into question, there could be quite a few bleak tomorrows yet to come.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “EU privacy watchdogs concerned by Yahoo’s email scanning”

  1. Brooke

    You really have to ask yourself, if the US government demanded this sort of thing be done (by yahoo or other companies) where will the government stand on helping out, absorbing fines, paying to keep the company in business when the governments actions are directly responsible for loss of faith in a brand. Today it's Yahoo, but what if Apple had been forced secretyly and didn't fight it or fought and lost it and then 2-3 years later the news came out they had complied. They get crushed, the government doesn't get any slap on the wrist at all! Why the citizens of the US are putting up with this is beyond me!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.