IANAL but shouldn’t this be a requirement within the GDPR? As a data operator, an organisation has the obligation to disclose any loss/leak of data, so this should be enforced.
I'm wondering about this too. The GDPR requires a public notification. Why the hell is this coming from flippin' Google?! Why don't we have numbers on how many users were affected? Why isn't there a way to see if you're the one affected?
There was no Apple data breached. User endpoints were attacked, using various well crafted exploits against their software. This isn't a GDPR (privacy) issue, no company data was leaked, its end user data from their device. Apple tries to protect your data on their devices, but all software has bugs. Bad guys will try to exploit these bugs to reach their goals.
Google does research into making it hard for attackers to compromise user devices. That is the purpose of PZ team. There are no numbers because nobody has these numbers except for the attacker. I am guessing Google has some ball park numbers based on search traffic or web analytics.
If you want to know if you were affected, you need to ask yourself if powerful adversary wants access to your data, possibly because of civil unrest occurring in their territory; and if you visit strange websites related to this. Only the adversary knows for sure, not Apple, Not Google.
The GDPR doesn’t care where the personal data is stored, I thought. It makes no distinction as far as I can tell between data stored on a web server and data stored on a device. You seem to be making a distinction. Is there a source you could reference?
