Meta Fined for Facebook Data Breach
Meta has been fined EUR 251 million for a 2018 Facebook data breach. An Irish Data Protection Authority's investigation revealed that hackers exploited the platform's code vulnerabilities to steal "access tokens" linked to user accounts. The breach affected approximately 29 million users worldwide including 3 million in Europe.
Massive Dutch Fine for Netflix
Netflix has been fined EUR 4.75 million by the Dutch Data Protection Authority for failing to inform customers regarding their data between 2018 and 2020. According to the authority, Netflix's privacy statements did not adequately explain how user data was processed.
Additionally, it was found that the company failed to provide sufficient answers to customer inquiries regarding which data was being collected.
US Takes Action Against Chinese Telecom
The US Commerce Department plans to intensify measures against China Telecom Americas ("CTA") citing national security risks posed by the company's presence in US networks and cloud services. The Federal Communications Commission ("FCC") revoked the company's license to operate in the US due to national security concerns in 2021.
China's alleged so-called "Salt Typhoon" program to infiltrate US telecom companies and steal data have raised concerns in Washington with senators suggesting it could be the largest hack in US telecoms history.
The FCC also identified at least six occasions when Chinese companies exploited vulnerabilities in the Border Gateway Protocol to misroute US internet traffic and called for additional measures to address these security risks. A notice has been sent requiring CTA to respond within 30 days.
Apple vs. Meta
Apple has stated that Meta's requests for access to its iOS operating system poses a threat to user privacy. The dispute has intensified following EU efforts to expand access to iPhone technology. The EU's Digital Markets Act aims to introduce "interoperability" guidelines to prevent monopolistic practices by big tech firms. Apple has claimed that Meta has made over 15 requests for extensive access to Apple's technology which, if granted, could allow monitoring of user messages, emails, phone calls, apps and photos. Meta countered that Apple is behaving anti-competitively and its privacy concerns lack credibility.
Biometric ID Faces German Opposition
World, a biometric identification project, has been ordered to delete its data by Germany's data protection authority which cited noncompliance with the EU's GDPR. World uses iris and facial scans to verify users' identities which the Bavarian State Office for Data Protection Supervision has asserted poses significant data protection risks. The project has been banned in some European countries due to similar privacy concerns.
Police Access Raises EU Privacy Fears
The EU's plan to grant police broader access to personal data is being criticized by privacy and human rights advocates. Over 50 organizations, led by NGO network European Digital Rights, have published an open letter warning that these changes could weaken encryption, jeopardize individual privacy, and increase the risk of misuse. The proposal for "lawful access by design" faces particular criticism for creating security vulnerabilities and fostering a culture of mass surveillance.
Meta Settles in Australia
Meta has reached an approx. USD 31.85 million settlement with Australia's privacy authority arising from the Cambridge Analytica scandal. It was alleged that the data of 311,127 Australian users was at risk of disclosure due to unauthorized sharing of user data through Facebook's "This is Your Digital Life" app. Meta announced that it had settled without admitting liability and thus closed the Australian part of these allegations.
EDPB Clarifies AI Data Rules
The European Data Protection Board ("EDPB") has issued an opinion on the request of the Irish Data Protection Authority which clarifies when personal data can be used in AI model training. It stated that for AI models to be considered anonymous the likelihood of identifying individuals by that data must be insignificant. The opinion also introduced a three-stage test to evaluate whether such use falls under "legitimate interest". While providing flexibility to national data protection authorities, the EDPB supported Ireland's role as watchdog for many major US tech companies.
OpenAI Fined in Italy
Italy's Data Protection Authority has fined OpenAI EUR 15 million for using personal data to train ChatGPT and breaching transparency principles. The inadequacy of its age verification system for users under 13 was also identified.
The Authority has requested that OpenAI conduct a six-month local media campaign to increase public awareness of its data collection practices.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.