Privacy watchdogs based in the European Union are concerned Yahoo violated European users’ privacy with its secret email-scanning program.
On 5 October, the office of the Irish Data Protection Commissioner said it is making inquiries into whether Yahoo protected the data of EU citizens when it decided to comply with a classified U.S. government directive asking that it scan its users’ emails.
CIO reports Yahoo modified an existing system at the request of the Department of Justice to help identify instances of spam, malware, and child pornography.
Unfortunately, it looks like the tech company ended up scanning hundreds of millions of innocent users’ emails in the process.
We wouldn’t blame you if you decided to close your Yahoo account after that revelation. Heck, we recommended as much shortly after the story broke. I’m sure plenty of users would be happy to end the story there.
Not everyone is ready to move on, however.
Yahoo chose to base its European headquarters in Ireland, so in pursuit of protecting EU users, the Dublin privacy regulator feels it has every right to launch an investigation into the company.
As quoted by RTÉ:
“Any form of mass surveillance infringing on the fundamental privacy rights of EU citizens would be viewed as a matter of considerable concern.”
Others feel Yahoo’s transgressions might be representative of the United States’ treatment of EU citizens’ data. For that reason, some European politicians are demanding that the European Commission look into raising a legal challenge to Privacy Shield, an EU-U.S. data-sharing deal to which lawmakers agreed earlier in 2016.
In particular, Fabio de Masi, a German member of the European parliament, called on the EU high representative for external affairs Federica Mogherini to demand that U.S. authorities clarify how Yahoo and other U.S. companies are treating EU data.
Yikes… let’s hope Yahoo is an outlier here and that other companies didn’t comply with the U.S. government directive.
In the meantime, one thing’s clear: if the Data Protection Commission decides to investigate Yahoo, it will be icing on the cake that is perhaps one of Yahoo’s worst months in terms of security.
It was just a few weeks ago that we learned a “state-sponsored actor” compromised at least 500 million users’ information back in 2014. Shortly thereafter, we learned that it was likely a group of professional black hat hackers, not a state-sponsored criminal ring, that did the hacking.
Well, tomorrow could always be brighter for the tech company.
But if Yahoo’s actions throw the entire Western world’s agreement around Privacy Shield into question, there could be quite a few bleak tomorrows yet to come.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.