Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Valery Brozhinsky/Getty Images

A researcher has demonstrated how to exploit Europe's privacy protection laws to violate other people's privacy — and new privacy rules on the way in the U.S. could be vulnerable in the same way.

The state of play: Privacy laws, including Europe's mammoth General Data Protection Regulation (GDPR) and California's recently passed regulations, often include provisions to allow people to request the personal information that companies have compiled on them.

Yes, but: These laws have not generally done a good job clarifying acceptable ways to do this safely.

Details: James Pavur, a Ph.D. student at Oxford University, bet his fiancee he could use GDPR to steal her personal information.

  • He contacted around 150 companies, requesting her data via a fake email account in her name. 83 of the firms had her data, and roughly a quarter of those provided it to him, no questions asked.

"The very big companies did an excellent job fighting fraud and told me to access that information through my profile or email from the account I used to sign up," Pavur, who will present his research in August at the Black Hat conference, told Axios. "The small companies — like a podcast company in the U.S. — knew the law didn't apply to them."

  • Many midsized companies took the bait. They knew they had to respond to the requests, but hadn't adopted processes for doing so safely.
  • Pavur has not released any names of the companies he tested.

Between the lines: "These laws focus upon the user, not the company," said Matthew McCabe, senior vice president and assistant general counsel for cyber policy at Marsh.

  • More robust regulations would outline acceptable identity verification practices. "They would not just consider end points, but process as well," said Pavur. "And they would say it's OK to say 'no.'"

What's next: "The same problem in GDPR is in the California Consumer Privacy Act," which goes into effect at the start of 2020, said Shannon Yavorsky, data security and privacy partner at Venable.

  • Yavorsky hopes the California attorney general will clarify best practices for fighting fraud in upcoming commentary on the law.

Why it matters: Without a concerted effort to mandate fighting fraud while protecting privacy, these experts agree, new U.S. privacy laws are likely to create similar new vulnerabilities.

Go deeper: Europe's privacy law celebrates its first birthday

Go deeper

40 mins ago - Health

U.S. tops 88,000 COVID-19 cases, setting new single-day record

Expand chart
Data: COVID Tracking Project; Chart: Axios Visuals

The United States reported 88,452 new coronavirus cases on Thursday, setting a single-day record, according to data from the COVID Tracking Project.

The big picture: The country confirmed 1,049 additional deaths due to the virus, and there are over 46,000 people currently being hospitalized, suggesting the U.S. is experiencing a third wave heading into the winter months.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Large coronavirus outbreaks leading to high death rates — Coronavirus cases are at an all-time high ahead of Election Day.
  2. Politics: Top HHS spokesperson pitched coronavirus ad campaign as "helping the president" — Space Force's No. 2 general tests positive for coronavirus.
  3. World: Taiwan reaches a record 200 days with no local coronavirus cases.
  4. Sports: MLB to investigate Dodgers player who joined celebration after positive COVID test.
  5. 🎧Podcast: The vaccine race turns toward nationalism.

The norms around science and politics are cracking

Illustration: Aïda Amer/Axios

Crafting successful public health measures depends on the ability of top scientists to gather data and report their findings unrestricted to policymakers.

State of play: But concern has spiked among health experts and physicians over what they see as an assault on key science protections, particularly during a raging pandemic. And a move last week by President Trump, via an executive order, is triggering even more worries.