Starting with Chrome 69, Google has implemented a Chrome/Sync change that would automatically sign a Chrome user into a google site that was accessed.
Chris Olson, CEO at The Media Trust:
“The change in Chrome’s behavior is part of Google’s efforts to stay compliant with GDPR and other consumer data privacy regulations, some of which, like the recently passed California Consumer Privacy Act, allow individual consumers to seek statutory damages of up to $750 and penalizes companies up to $7,500 per intentional violation. All companies should inform their customers about the latest GDPR actions they are taking. No business will be left untouched by these laws, least of all the big social platform providers that have been under intensifying consumer and government scrutiny. The upcoming laws vary in how they define data subjects, so taking a hard and close look at the data they collect, process, store, and share is crucial; as is keeping track of legal developments. Companies should get ahead of the curve by ensuring digital assets like websites and mobile apps, which collect data and are supported by third parties, not infrequently without full knowledge of the digital asset owners, are secure. They can do so by continuously scanning these assets in real time and policing their network of direct and indirect third party code suppliers to minimize the risk of a data breach that can expose them to stiff penalties, not to mention the inevitable PR crisis. In the short- and long-run, companies that honor consumers’ data privacy rights will do well.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.