The New York Times reports on the race to develop stronger encryption techniques as the field of quantum computing continues to advance. The technology could bring substantial change to the medicine and artificial intelligence fields by reducing the time and power needed to run complex simulations, but it poses a major risk to privacy and data security.Full story... Read More

Spain's data protection authority, the Agencia Española de Protección de Datos, released a browser app to assess the security of online encryption systems. The tool is meant to give guidance on what encryption standards to look for while processing personal data and does not transmit any information back to the authority.Full story... Read More

The U.K. Home Office released guidelines on the interplay between end-to-end encryption standards and children's safety as it relates to the recently passed U.K. Online Safety Bill. The office explained the overlap between the two topics, Meta's leading example on the matter, and current techniques and technological solutions being used. Notably, the guidance also lays out the application of the Online Safety Bill in the encryption-child safety context.Full story... Read More

Meta announced millions of Facebook Messenger accounts will be able to trial end-to-end encryption standards for individual and group chats. Meta is working to finalize default encryption standards by year's end and maintains it is on track to do so. The company said default encryption will "enhance the security we already provide and give people additional confidence that their personal messages will remain private."Full story... Read More

Apple announced Wednesday a suite of data security improvements it plans to roll out in the coming months that aim to protect consumer data and ward off hackers.  The three data security features include iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. In a company announcement, Apple Senior Vice President of Software Engineering Craig Federighi said the new features will provide users with "three powerful new tools to further protect their ... Read More

Privacy-enhancing technologies like secure multiparty computation, homomorphic encryption, federated learning, differential privacy, secure enclaves, zero-knowledge proof or synthetic data are becoming increasingly relevant in practice and considered by regulators. Approaching the challenging trade-off between data privacy and data utility for a vast variety of use cases, privacy-enhancing technologies embed important privacy-by-design principles in the data life cycle. They aim at enabling inc... Read More

In the last decade, California has suffered twice as many data breaches as any other state, with roughly 1,493 breaches affecting nearly 5.6 billion records. Where California’s privacy laws apply to an organization, encrypting customer data will provide immunity from the private right of action under the California Consumer Privacy Act and limit obligations of notification in the event of a data breach under California’s data breach notification law. Santa Clara University School of Law's Solima... Read More

In a piece for CMSWire, Securiti.ai Product Lead Anas Baig provides a breakdown of how encryption meshes with privacy regulations around the world. Baig goes into detail on what privacy laws in the U.S., EU, Canada, Brazil and others say about the deployment of encryption. Additionally, Baig lays out the fines associated with encryption while offering best practices for companies implementing it into their systems. "In this era of data privacy, encryption is no longer an option, but rather a nec... Read More

On Dec. 6, Australia passed a surprising law with a global impact on privacy. The new law requires any Australian company to build backdoors to encrypted data and communications when instructed to do so by the government, while also requiring secrecy about the existence of such surveillance capabilities from individuals and enterprise customers. This unverifiable question of compromised encryption presents many technical threats and introduces international regulatory compliance challenges as we... Read More

How familiar are you with the “encryption exception” in the EU General Data Protection Regulation and some U.S. state laws? It can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised. The GDPR identifies the exception in Article 34(3)(a), stating that the breach notification of Article 34(1) is not required if “the controller has implemented appropriate technical and organisational protection measures, … ... Read More