Tracking without consent at zerocopter
A common theme when trying to report unlawful tracking on websites and apps is that it can be ambiguous whether CVD is meant for these kinds of issues. Is it really a security vulnerability or even a breach of security? My assumption is that generally security policies dictate that security measures are in place to protect against unauthorised and unlawful disclosures of personal data. If that’s the case, when I find unlawful disclosure of personal data I assume there has been a breach of security policy or even technical measures and that it’s fair to report under CVD to allow the organisation to stop the breach and take appropriate measures to prevent further breaches....