A case that many people can relate to is MAF vs Shopee. Although focused on data privacy and decided by the National Privacy Commission, we use this in cybersecurity courses as it shows gaps in technical controls on how big organizations like Shopee handle personal information collected by their riders.
Lastly and on a very important note, the personal information collected may have a legitimate interest, but it may violate the proportionality principle as decided in this case. In the cybersecurity context, the concepts of “need to know” and KISS (keep it short and simple) apply.
