An anonymous reader quotes a report from The Register: Yahoo's U.K. limb has finally been handed a $334,300 (250,000 GBP) fine for the 2014 cyber attack that exposed data of half a million Brit users. Today, the Information Commissioner's Office issued Yahoo U.K. Services Ltd a $334,300 (250,000 GBP) fine following an investigation that focused on the 515,121 U.K. accounts that the London-based branch of the firm had responsibility for. The ICO said "systemic failures" had put user data at risk as the U.K. arm of Yahoo did not take appropriate technical and organizational measures to prevent a data breach of this size.

In particular, the watchdog said there should have been proper monitoring systems in place to protect the credentials of Yahoo employees who could access customer's data, and to ensure that instructions to transfer very large quantities of personal data from Yahoo's servers would be flagged for investigation. It also noted that, as a data controller, Yahoo U.K. services Ltd had a responsibility to ensure its processors -- in this case Yahoo, whose U.S. servers held the data on U.K. users -- complied with data protection standards.

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned.

While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

An anonymous reader shares a report: Spanish football league La Liga has defended the privacy policy of its app after admitting it was accessing the microphone and GPS of Android users. It said it had been trying to track down venues illegally broadcasting matches, by matching audio data and phone location. The app, downloaded more than 10 million times on the Google Play Store, has been criticised by fans. La Liga said it wanted to "protect clubs and their fans from fraud." The broadcasting of football matches in public places without a paid licence cost the game an estimated 150 million euros ($177m) a year, it said. The new function was enabled on Friday, 8 June.

Vietnamese legislators approved a cybersecurity law on Tuesday that tightens control of the internet and global tech companies operating in the Communist-led country, raising fears of economic harm and a further crackdown on dissent. From a report: The cyber law, which takes effect on Jan. 1, 2019, requires Facebook, Google and other global technology firms to store locally "important" personal data on users in Vietnam and open offices there. The vote in the National Assembly came a day after lawmakers delayed a decision on another controversial bill that had sparked violent protests in parts of the country on the weekend. Thousands of demonstrators in cities and provinces had denounced a plan to create new economic zones for foreign investment that has fueled anti-Chinese sentiment. Some protesters had also derided the cybersecurity bill, which experts and activists say could cause economic harm and stifle online dissent.

An anonymous reader quotes a report from The Washington Post: Facebook pledged to continue refining its privacy practices and investigating its entanglement with Cambridge Analytica in nearly 500 pages of new information supplied to Congress and published Monday (Warning: source may be paywalled; alternative source) -- though the social giant sidestepped some of lawmakers' most critical queries. Much as it did during the hearing, Facebook told lawmakers on the Senate Judiciary Committee and the Senate Commerce Committee that it is reviewing all apps available on its platform that had access to large queries of data, a process that already has resulted in 200 suspensions.

Facebook did acknowledge that its consultants embedded in 2016 presidential campaigns, including President Trump's team, "did not identify any issues involving the improper use of Facebook data in the course of their interactions with Cambridge Analytica." In another exchange, Facebook said it had provided "technical support and best practices guidance to advertisers, including Cambridge Analytica, on using Facebook's advertising tools." Facebook also pointed to new tools meant to address its privacy practices, including a feature called Clear History, which "will enable people to see the websites and apps that send us information when they use them, delete this information from their accounts, and turn off our ability to store it associated with their accounts going forward," the company said. The social network did continue to sidestep many of the lawmakers' questions and concerns. The Washington Post provides a couple examples: "Delaware Sen. Christopher A. Coons (Del.), for example, probed whether Facebook had ever learned of any application developer 'transferring or selling user data without user consent' and in violation of Facebook's policies. In response, Facebook only committed in writing that it would 'investigate all apps that it had access to large amounts of data.'"

Facebook also didn't address Democratic Sen. Patrick J. Leahy's concerns. He asked Facebook to detail if the Obama campaign in 2012 had violated "any of Facebook's policies, and thereby get banned from the platform." Facebook said: "Both the Obama and Romney campaigns had access to the same tools, and no campaign received any special treatment from Facebook."

You can view the nearly 500 pages of new information here.