Google faces antitrust lawsuit for abusing its dominance over ad business

The US Department of Justice (DoJ) and eight US states filed a lawsuit against Google, accusing it of illegally abusing its dominance over internet advertising business and limiting fair competition.

The lawsuit by DoJ alleges that Google used anti-competitive methods to eliminate or drastically reduce any threat to its dominance over the technologies used for digital advertising. Allegedly, Google has undertaken a systematic campaign to take control of a wide range of high-tech tools used by publishers, advertisers and brokers to facilitate digital advertising and manipulate the mechanics of online ad auctions to force advertisers and publishers to use its tools.

The suit, filed in the state of Virginia, asked the US District Court to force Google to sell its suite of ad technology products, including software for buying and selling ads, a marketplace for completing transactions and an online ad-serving service. The lawsuit also asked the court to stop the company from allegedly engaging in anti-competitive practices.

Lazarus group responsible for virtual currency theft

The Federal Bureau of Investigation (FBI) confirmed that the DPRK cybercriminal group, Lazarus, is responsible for stealing $100 million of virtual currency from Harmony’s Horizon Bridge. FBI found that the portion of the stolen Ethereum, laundered during the June 2022 heist, was sent to virtual asset providers and converted to bitcoins.

European Parliament calls for strengthened consumer protection in online video games

The European Parliament adopted a report on consumer protection in online video games, calling for better protection of gamers from addiction and manipulative practices. The report notes the need for harmonised rules that would give parents an overview of and control over the games played by their children. It also highlights the importance of clearer information on the content, in-game purchase policies, and target age group of games.

In the view of the European Parliament, online video games should prioritise data protection, gender balance, and the safety of players and should not discriminate against people with disabilities. Moreover, cancelling game subscriptions must be as easy as subscribing to them. The purchase, return, and refund policies must comply with EU rules.

World Economic Forum issues ‘State of the Connected World 2023’ report

The World Economic Forum and the Council on the Connected World published the State of the Connected World 2023 report exploring governance gaps related to the internet of things (IoT). The report outlines the findings of a survey conducted with 271 experts worldwide to understand the state of IoT affairs. The COVID-19 pandemic has increased IoT demand in health, manufacturing, and consumer IoT. However, there is a lack of confidence when it comes to matters such as privacy and security.

Two main governance gaps are identified: (1) a lack of governmental regulation and implementation of industry standards and (2) IoT users are more susceptible to cyber threats and cyberattacks.

One recommendation is for businesses and governments to develop and implement practices to improve privacy and security and create a more inclusive and accessible IoT ecosystem. The need to improve equal access to technology and its benefits is also underscored.

German competition regulator releases statement of objections against Google’s data processing terms

The German Federal Cartel Office, Bundeskartellamt, issued a statement of objections against Google’s data processing terms, declaring that it plans to oblige the company to change the choices offered to consumers regarding data processing.

The Bundeskartellamt’s preliminary conclusions of its administrative proceeding against Google state that users of Google services ‘are not given sufficient choice as to whether and to what extent they agree to [a] far-reaching processing of data. The choices offered so far, if any, are, in particular, not sufficiently transparent and too general.’ The office argues that users should be able to limit the processing of data to the specific service used and to differentiate between the purposes for which the data are processed. In addition, the choices offered must not be devised in a way that makes it easier for users to consent to the processing of data across services than not to consent to this.

Following the issuance of the statement of objections, Google has the opportunity to comment on the office’s preliminary assessment and present either reasons to justify its practices or suggestions to dispel the concerns. A final decision on the administrative proceeding is awaited in 2023.

Epic Games to pay $520 million penalty in USA over privacy violations and ‘dark patterns’ cases

The US Federal Trade Commission and the creator of Fortnite, Epic Games, have reached a settlement which would see the company pay a total of US$ 520 million in penalties over allegations that it had violated the Children’s Online Privacy Protection Act and used dark patterns to trick players into making unintentional purchases.

For allegations related to collecting personal information from Fortnite players under the age of 13 without getting consent from their parents or caregivers, Epic has agreed to pay a US$ 275 million penalty. Furthermore, the FTC determined that Epic’s default settings for its live text and voice communication features, as well as its system of pairing children with adults/strangers to play Fortnite with, exposed youngsters to harassment and abuse. Epic is also required to adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default.

In a second case, the business conceded to pay US$ 245 million to refund users for its dark patterns and billing practices.

New threat actor enhancing Linux cryptocurrency mining attacks identified

Trend Micro security researchers have identified an advanced remote access trojan (RAT) named CHAOS that enhances Linux cryptocurrency mining attacks. It is based on an open-source project in which the main downloader script and further payloads are hosted in different locations to ensure the campaign remains active and constantly spreading. Investigation shows that the main server appears to be in Russia, which is also used for cloud bulletproof hosting. Trend Micro researchers stated that the infection routine of cryptocurrency mining malware seems minor, but organisations and individuals should stay cautious.

Australian Federal Court orders Uber to pay AUD$21m for misleading representations to consumers

On 7 December 2022, the Federal Court of Australia penalised Uber with AUD$21m after the platform admitted it had breached the Australian Consumer Law regarding misleading conduct, cancellation messages, and the price of Uber taxi rides.

Cancellation messages between December 2017 and September 2021 stated that users might be charged a cancellation fee even if users decided to cancel during Uber’s ‘free cancellation period’. Uber also admitted that between July 2018 and August 2020, the prices of Uber taxi rides displayed on the app and website were false and overstated.

The Federal Court Order prohibited Uber from making similar representations to consumers for the following three years, required publishing a corrective notice on its website, as well as contributing to the payment of the Australian Competition and Consumer Commission costs.

TikTok sued in a US State for security and safety violations

Indiana’s Attorney General filed a lawsuit against TikTok for violation of state consumer protection laws. The lawsuit alleges that the social media company failed to disclose that ByteDance, the Chinese company that owns TikTok, has access to sensitive consumer information. Moreover, another complaint claims that the company exposes children to sexual and substance-related content, while misleading the users with its age rating of 12 plus on App Store and Google Play. Indiana seeks penalties of up to US$5000 per violation and asks the Indiana Superior Court to order the company to stop false and misleading representations to its users.

Australian Competition and Consumer Commission initiated Federal Court proceedings against Telstra

On 6 December 2022, the Australian Competition and Consumer Commission (ACCC) started Federal Court proceedings against internet services provider Telstra for making false or misleading representations to consumers about upload speed to the residential broadband plan called ‘Belong.’

ACCC found that, between October and November 2020, Telstra transferred approximately 9000 customers from Belong plan with a maximum download speed of 100Mbps and maximum upload speed of 40Mbps to a service with a maximum upload speed of 20Mbps.

In November 2022, Telstra, Optus, and TPG were ordered to pay AUD$33.5 million for making false or misleading representations to consumers about specific internet plans under Australia’s national broadband network (NBN).