Jurisdiction

Netflix fined for failing to inform customers about data usage

The Dutch Data Protection Authority (DPA) has imposed a €4.75 million ($4.98 million) fine on Netflix for not adequately informing its customers about how their personal data was being used between 2018 and 2020. The fine follows a detailed investigation that began in 2019, which revealed that Netflix’s privacy statement was insufficiently clear regarding the company’s data practices. Specifically, the DPA found that the streaming giant did not provide customers with enough information on how their data was being processed or used.

The investigation also uncovered that when customers sought to understand which personal data Netflix was collecting, they did not receive clear answers. This lack of transparency was deemed a violation of the General Data Protection Regulation (GDPR), which sets strict requirements on companies to protect user privacy and ensure clear communication about data usage.

In response to the findings, Netflix has since updated its privacy statement and improved how it informs customers about its data collection practices. Despite these changes, the company has objected to the fine, though it did not provide a comment when approached by the press.

This fine highlights the increasing scrutiny on companies to comply with GDPR and underscores the importance of clear, transparent data handling practices, especially for tech giants like Netflix that handle vast amounts of personal information.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

Ericsson wins patent victory against Lenovo in US

A preliminary ruling by the US International Trade Commission (ITC) has found Lenovo smartphones, including models from its Motorola Mobility division, infringe patents held by Ericsson. The decision, announced on Tuesday, centres on technology related to 5G wireless communications. If upheld, the ruling could lead to a ban on the import of affected Lenovo smartphones into the United States.

The dispute began last year when Ericsson filed a complaint accusing Motorola’s Moto G, Edge, and Razr phones of patent violations. Lenovo has denied these allegations. The ITC is expected to deliver its final verdict in April, leaving the potential ban looming over Lenovo’s operations in a major market.

This is not the only legal battle between the two tech giants. They are currently engaged in related lawsuits across South America, the United Kingdom, and North Carolina. Courts in Brazil and Colombia have already granted preliminary bans on Lenovo smartphone sales, though Lenovo has been pushing back, including a successful appeal in the US to revisit these enforcement measures.

With 5G technology at the heart of the dispute, the case underscores the high stakes involved in global telecommunications innovation and intellectual property rights. Both companies have so far declined to comment on the latest ruling.

US sanctions UAE individuals and companies linked to North Korean illicit digital assets

The US Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a company based in the United Arab Emirates (UAE) for allegedly aiding North Korea’s use of digital assets in illegal activities.

The sanctions target Lu Huaying and Zhang Jian, along with Green Alpine Trading, LLC, a front company linked to a broader scheme of money laundering. These actions aim to disrupt a network that, according to US authorities, funnels millions of dollars to North Korea’s nuclear weapons and missile programs.

North Korea has a history of using digital assets and cybercrimes to fund its military efforts, employing IT workers and hackers to generate funds that are often obscured through complex laundering operations. The sanctions focus on Sim Hyon Sop, a representative of North Korea’s state-run Korea Kwangson Banking Corporation, who has been previously sanctioned. Sim is accused of using a mix of cryptocurrency cash-outs and money mules to move funds back to the regime for its military projects.

Under the new sanctions, any property owned by the designated individuals or entities in the US is blocked, and US citizens and companies are prohibited from engaging in transactions with them. Non-compliance could lead to further enforcement actions, even against those outside the US. The move reflects a coordinated effort with the UAE to combat North Korea’s destabilizing activities. It highlights the importance of international cooperation in tackling illicit financial networks that exploit new technologies, including cryptocurrencies.

Meta data breach leads to huge EU fine

Meta has been fined €251 million by the European Union’s privacy regulator over a 2018 security breach that affected 29 million users worldwide. The breach involved the ‘View As’ feature, which cyber attackers exploited to access sensitive personal data such as names, contact details, and even information about users’ children.

The Irish Data Protection Commission, Meta’s lead EU regulator, highlighted the severity of the violation, which exposed users to potential misuse of their private information. Meta resolved the issue shortly after its discovery and notified affected users and authorities. Of the 29 million accounts compromised, approximately 3 million belonged to users in the EU and European Economic Area.

This latest fine brings Meta’s total penalties under the EU’s General Data Protection Regulation to nearly €3 billion. A Meta spokesperson stated that the company plans to appeal the decision and emphasised the measures it has implemented to strengthen user data protection. This case underscores the ongoing regulatory scrutiny faced by major technology firms in Europe.

Musk faces scrutiny over national security concerns

Elon Musk and his company SpaceX are facing multiple federal investigations into their compliance with security protocols designed to protect national secrets. According to reports, the reviews were initiated by the US Air Force, the Department of Defense Inspector General, and the undersecretary for intelligence and security. Concerns include Musk’s alleged failure to disclose meetings with foreign leaders and his reported contacts with Russian officials, including President Vladimir Putin.

The investigations follow longstanding concerns about Musk’s security practices. A previous review by the Pentagon was prompted in 2018 when Musk appeared on a live podcast and smoked marijuana, raising questions about his security clearance. Recently, the Air Force denied Musk high-level security access, citing potential risks.

SpaceX and Musk have declined to comment on the investigations. However, Pentagon officials emphasised the confidentiality of such probes, stating that the inquiries aim to protect the integrity of the process and those involved. National security concerns surrounding Musk have also been echoed by US allies and lawmakers.

Election integrity in the digital age: insights from IGF 2024

Election integrity and disinformation have been closely followed topics during the session ‘Internet governance and elections: maximising the potential for trust and addressing risks’ at the Internet Governance Forum (IGF) 2024 on Wednesday. Experts from across sectors convened to discuss the need to safeguard election integrity amid digital challenges. With more than 65 elections occurring globally this year, the so-called ‘super election year,’ the risks of being misguided have never been higher. From misinformation to AI deepfakes, the conversation underscored the escalating threats and the need for collaborative, multistakeholder solutions.

The Growing Threat of Disinformation

Tawfik Jelassi from UNESCO emphasised the exponential rise of disinformation, framing it as a key global risk. ‘Without facts, there is no trust, and without trust, democracy falters,’ he cautioned, adding that misinformation spreads ten times faster than verified content, exacerbating distrust in elections. Panellists, including William Bird of Media Monitoring Africa and Lina Viltrakiene of the Lithuanian government, described how malicious actors manipulate digital platforms to mislead voters, with deepfakes and coordinated inauthentic behaviour becoming increasingly pervasive.

Digital Inequality and Global Disparities

Elizabeth Orembo of ICT Africa highlighted the stark challenges faced by the Global South, where digital divides and unequal media access leave populations more vulnerable to misinformation. Unregulated influencers and podcasters wield significant power in Africa, often spreading unchecked narratives. ‘We cannot apply blanket policies from tech companies without addressing regional contexts,’ Orembo noted, pointing to the need for tailored approaches that account for infrastructural and cultural disparities.

AI, Social Media, and Platform Accountability

Meta’s Sezen Yesil shed light on the company’s efforts to combat election-related threats, including stricter measures against fake accounts, improved transparency for political ads, and collaboration with fact-checkers. While AI-driven disinformation remains a concern, Yesil observed that the anticipated impact of generative AI in the 2024 elections was modest. Nonetheless, panellists called for stronger accountability measures for tech companies, with Viltrakiene advocating for legal frameworks like the EU’s Digital Services Act to counter digital harms effectively.

A Multi-Stakeholder Solution

The session highlighted the importance of multistakeholder collaboration, a frequent theme across discussions. Rosemary Sinclair of Australia’s AUDA emphasised that safeguarding democracy is a ‘global team sport,’ requiring contributions from governments, civil society, academia, and the technical community. ‘The IGF is the ideal space for fostering such cooperation,’ she added, urging closer coordination between national and global IGF platforms.

Participants agreed that the fight for election integrity must extend beyond election cycles. Digital platforms, governments, and civil society must sustain efforts to build trust, address digital inequities, and create frameworks that protect democracy in the digital age. The IGF’s role as a forum for global dialogue and action was affirmed, with calls to strengthen its influence in shaping governance solutions for the future.

Election coalitions against misinformation

In our digital age where misinformation threatens the integrity of elections worldwide, a session at the IGF 2024 in Riyadh titled ‘Combating Misinformation with Election Coalitions’ strongly advocated for a collaborative approach to this issue. Panelists from diverse backgrounds, including Google, fact-checking organisations, and journalism, underscored the significance of election coalitions in safeguarding democratic processes. Mevan Babakar from Google introduced the ‘Elections Playbook,’ a public policy guide for forming effective coalitions, highlighting the necessity of trust, neutrality, and collaboration across varied stakeholders.

The session explored successful models like Brazil’s Comprova, which unites media outlets to fact-check election-related claims, and Facts First PH in the Philippines, promoting a ‘mesh’ approach where fact-checked information circulates through community influencers. Daniel Bramatti, an investigative journalist from Brazil, emphasised the importance of fact-checking as a response to misinformation, not a suppression of free speech. ‘Fact-checking is the free speech response to misinformation,’ he stated, advocating for context determination over censorship.

Challenges discussed included maintaining coalition momentum post-election, navigating government pressures, and dealing with the advent of AI-generated content. Alex Walden, Global Head of Human Rights for Google, addressed the delicate balance of engaging with governments while maintaining neutrality. ‘We have to be mindful of the role that we have in engaging neutrally,’ she noted, stressing the importance of clear, consistent policies for content moderation.

The conversation also touched on engaging younger, non-voting demographics in fact-checking initiatives, with David Ajikobi from Africa Check highlighting media literacy programs in Nigeria. The panellists agreed on the need for a multistakeholder approach, advocating for frameworks that focus on specific harms rather than the broad term ‘misinformation,’ as suggested by Peter Cunliffe-Jones’s work at Westminster University.

The session concluded with clear advice: for anyone looking to start or join an election coalition, prioritise relationship-building and choose coordinators with neutrality and independence. The call to action was for continued collaboration, innovation, and adaptation to local contexts to combat the evolving landscape of misinformation, ensuring that these coalitions survive and thrive beyond election cycles.

DR Congo sues Apple subsidiaries over alleged use of conflict minerals, challenges ethical sourcing claims

The Democratic Republic of Congo (DRC) has filed criminal complaints against Apple’s subsidiaries in France and Belgium, accusing the tech giant of indirectly benefiting from conflict minerals sourced from the region. The DRC, a major supplier of tin, tantalum, and tungsten — essential components in electronic devices — alleges that minerals smuggled through its conflict zones fuel violence and atrocities, including mass rapes and killings, often perpetrated by armed groups.

While Apple claims to audit suppliers and maintain a transparent supply chain, international lawyers representing the Congolese government argue the company relies on minerals pillaged from Congo. The legal filings accuse Apple of covering up war crimes, handling stolen goods, and misleading consumers about the integrity of its supply chain. The complaints also criticise the industry-funded ITSCI certification scheme, claiming it falsely legitimises minerals sourced from conflict zones.

Belgium’s historical role in the exploitation of Congo’s resources was highlighted by Congolese lawyers, who called on Belgium to support their legal efforts. Both France and Belgium are seen as jurisdictions that emphasise corporate accountability. Judicial authorities in these countries will decide whether to pursue criminal investigations against Apple and its subsidiaries.

This legal action reflects Congo’s broader struggle to end the illicit trade of its resources, which has contributed to decades of violence. Millions have died or been displaced due to conflicts linked to mineral exploitation, underscoring the urgent need for stricter enforcement of ethical supply chain practices.

TikTok appeals to Supreme Court to block looming US ban

TikTok and its parent company, ByteDance, have asked the Supreme Court to halt a US law that would force ByteDance to sell TikTok by 19 January or face a nationwide ban. The companies argue that the law violates the First Amendment, as it targets one of the most widely used social media platforms in the United States, which currently has 170 million American users. A group of TikTok users also submitted a similar request to prevent the shutdown.

The law, passed by Congress in April, reflects concerns over national security. The Justice Department claims TikTok poses a threat due to its access to vast user data and potential for content manipulation by a Chinese-owned company. A lower court in December upheld the law, rejecting TikTok’s argument that it infringes on free speech rights. TikTok maintains that users should be free to decide for themselves whether to use the app and that shutting it down for even a month could cause massive losses in users and advertisers.

With the ban set to take effect the day before President-elect Donald Trump’s inauguration, TikTok has urged the Supreme Court to decide by 6 January. Trump, who once supported banning TikTok, has since reversed his position and expressed willingness to reconsider. The case highlights rising trade tensions between the US and China and could set a precedent for other foreign-owned apps operating in America.