The leak of personal information from the Sony PlayStation Network and reports on the collection and storage of location data on Apple’s iPhones have understandably weakened trust in technology, Viviane Reding said in prepared remarks for a speech in Brussels yesterday.
“This trust has to be reinstated now” and “those in charge have to take the relevant technical and organizational measures to guarantee protection against data loss or an unjustified access,” Reding said.
Kazuo Hirai, Sony’s executive deputy president in charge of consumer products and network services, apologized on May 1 for the security breach between April 17 and April 19 that exposed 77 million online customer accounts. Sony alerted customers on April 26 about the security breach involving its PlayStation Network and Qriocity video-and music-streaming services.
Reding said Sony should have let customers know about the hacking sooner. “Seven days is much too long,” she said.
A group of data protection officials from the 27-nation EU, which advises national authorities that can levy penalties, has said several of its members “are considering possible actions” after they have reviewed events involving the companies.
“We are currently re-building PlayStation Network to ensure enhanced security to protect our consumers data moving forward and are doing everything we can to ensure this doesn’t happen again,” Nick Caplin, a Europe spokesman for Tokyo-based Sony, said in an e-mail.
Kristin Huguet, a spokeswoman for Apple, declined to comment on Reding’s remarks.
A report by O’Reilly Radar, a website owned by Sebastopol, California-based publisher O’Reilly Media, said Apple devices log latitude-longitude coordinates along with the time of visits to locations across the globe.
Apple said in a statement last week it is “not tracking the location of your iPhone” and “has no plans to ever do so.”
The Cupertino, California-based company said the iPhone saves information on WiFi hotspots and cellular towers near a handset’s current location, which helps the phone determine its location when needed by the user.
EU rules apply to any companies that have users in the region, Reding said.
“A social network with more than 200 million users in the EU must stick to EU law, even if it is based in the U.S. and its data is stored in a so-called cloud,” she said.
To contact the reporter on this story: Stephanie Bodoni in Luxembourg at firstname.lastname@example.org
To contact the editor responsible for this story: Anthony Aarons at email@example.com