Privacy and data protection Archives | Page 285 of 328

Lawsuit over Google Play gift card scams dismissed

A federal judge has dismissed a proposed class-action lawsuit claiming Google illegally profited from scams involving Google Play gift cards. The plaintiff, Judy May, alleged she lost $1,000 after a scammer posed as a government official, instructing her to purchase Google Play gift cards to claim grant money. She argued that Google should have warned consumers about such scams on the card packaging.

However, Judge Beth Labson Freeman ruled that Google was not responsible for May’s losses, as the tech giant neither caused her financial harm nor knowingly benefited from the stolen funds. Freeman also dismissed claims that Google’s 15% to 30% commission on purchases using the gift cards was linked to the initial fraud.

The Federal Trade Commission reported that Americans lost $217 million to gift card fraud in 2023, with Google Play cards implicated in roughly 20% of reported cases. Though May’s case was dismissed, the judge allowed her the option to refile.

South Korea fines Meta $15.7 million for privacy violations

South Korea’s data protection agency has fined Meta Platforms, the owner of Facebook, 21.62 billion won ($15.67 million) for improperly collecting and sharing sensitive user data with advertisers. The Personal Information Protection Commission found that Meta gathered details on nearly one million South Korean users, including their religion, political views, and sexual orientation, without obtaining the necessary consent. This information was reportedly used by around 4,000 advertisers.

The commission revealed that Meta analysed user interactions, such as pages liked and ads clicked, to create targeted ad themes based on sensitive personal data. Some users were even categorised by highly private attributes, including identifying as North Korean defectors or LGBTQ+. Additionally, Meta allegedly denied users’ requests to access their information and failed to secure data for at least ten users, leading to a data breach.

Meta has not yet issued a statement regarding the fine. This penalty underscores South Korea’s commitment to strict data privacy enforcement as concerns over digital privacy intensify worldwide.

MIT introduces new data-rich approach for training robots

MIT has unveiled a new method for training robots that scales up data in a way similar to large language models (LLMs), marking a shift from the narrow, task-focused data sets traditionally used in robotics. Imitation learning, where robots learn by observing humans, often struggles with new variables like lighting changes or unexpected obstacles. By adopting a vast data approach similar to that used in models like GPT-4, MIT’s researchers aim to help robots adapt more flexibly in varied environments.

The team developed a new architecture called Heterogeneous Pretrained Transformers (HPT), which combines information from multiple sensors and diverse settings to build robust training models. Larger transformers yielded improved outcomes, aligning with trends seen in LLMs, as HPT integrates data from multiple sources for more adaptable robotic responses.

Ultimately, researchers aspire to create a universal ‘robot brain’ that can be downloaded and used immediately without extra training. While still in early stages, the project has support from Toyota Research Institute, which recently partnered with Boston Dynamics to integrate learning research with advanced robotic hardware.

US tech firms warn Vietnam’s draft law could limit growth

US tech companies have raised concerns over a proposed data protection law in Vietnam, warning it could restrict their ability to grow in one of Asia’s largest digital markets. The draft law, which is under discussion in Vietnam’s parliament, aims to tighten controls on data protection, limit data transfers abroad, and give authorities easier access to information. Major industry players, represented by the Information Technology Industry Council, argue that these restrictions could hinder companies like Meta, Google, and Equinix from effectively reaching their large Vietnamese user base and building new data centres.

Vietnam, home to 100 million people, is an attractive market for tech and social media companies and has ambitions to expand its data centre industry through foreign investments. However, the new law would require companies to obtain prior authorisation before transferring “core” or “important” data abroad—terms that critics say are vaguely defined. In addition, companies may be required to share data with the government in cases broadly categorised as being in the “public interest.”

The US tech sector has voiced opposition, citing an “undue expansion of government access” that could create significant compliance challenges. The American Chamber of Commerce in Hanoi has joined the call, urging lawmakers to reconsider the legislation’s quick adoption, which is scheduled for a vote on November 30. Industry analysts are watching closely, as the law could impact foreign investment plans, including Google’s potential new data centre in southern Vietnam.

UNDP Bahrain and Derasat partner for digital transformation report

The United Nations Development Programme (UNDP) Bahrain and the Bahrain Center for Strategic, International, and Energy Studies (Derasat) have embarked on a significant partnership to develop the National Human Development Report (NHDR), titled ‘Digital Transformation: A Roadmap for Progress.’ That collaboration aims to harness digital transformation as a strategic tool for fostering inclusive growth in the Kingdom, aligning with Bahrain Vision 2030 and the Sustainable Development Goals (SDGs).

In this context, the NHDR will comprehensively analyse how digital transformation can enhance human development outcomes in Bahrain, addressing critical issues such as the digital divide, privacy concerns, cybersecurity, and integrating digital technologies into public services. Furthermore, the report will benchmark Bahrain’s digital landscape against regional and international standards, offering actionable insights and recommendations to improve digital inclusion, protect privacy, and secure digital infrastructures.

Moreover, the UNDP Bahrain and Derasat highlight the importance of stakeholder engagement in developing the NHDR. By collaborating with government entities, civil society organisations, and the private sector, diverse perspectives will be included to ensure alignment with Bahrain’s national development goals.

The US federal agency investigates how Meta uses consumer financial data for targeted advertising

The Consumer Financial Protection Bureau (CFPB) has informed Meta of its intention to consider ‘legal action’ concerning allegations that the tech giant improperly acquired consumer financial data from third parties for its targeted advertising operations. This federal investigation was revealed in a recent filing that Meta submitted to the Securities and Exchange Commission (SEC).

The filing indicates that the CFPB notified Meta on 18 September that it evaluated whether the company’s actions violate the Consumer Financial Protection Act, designed to protect consumers from unfair and deceptive financial practices. The status of the investigation remains uncertain, with the filing noting that the CFPB could initiate a lawsuit soon, seeking financial penalties and equitable relief.

Meta, the parent company of Instagram and Facebook, is facing increased scrutiny from regulators and state attorneys general regarding various concerns, including its privacy practices.

In the SEC filing, Meta disclosed that the CFPB has formally notified the company about an investigation focusing on the alleged receipt and use for advertising of financial information from third parties through specific advertising tools. The inquiry targets explicitly advertising related to ‘financial products and services,’ although it remains to be seen whether the scrutiny pertains to Facebook, Instagram, or both platforms.

While a Meta spokesperson refrained from commenting on the matter, the company stated in the filing that it disputes the allegations and believes any enforcement action would be unjustified. The CFPB also opted not to provide additional comments.

Amid this scrutiny, Meta recently reported $41 billion in revenue for the third quarter, a 19 percent increase from the previous year. A significant portion of this revenue is generated from its targeted advertising business, which has faced criticism from the Federal Trade Commission (FTC) and European regulators for allegedly mishandling user data and violating privacy rights.

In 2019, Meta settled privacy allegations related to the Cambridge Analytica scandal by paying the FTC $5 billion after it was revealed that the company had improperly shared Facebook user data with the firm for voter profiling. Last year, the European Union fined Meta $1.3 billion for improperly transferring user data from Europe to the United States.

Google researchers discover first vulnerability using AI

Google researchers announced a breakthrough in cybersecurity, revealing they have discovered the first vulnerability using a large language model. This vulnerability, identified as an exploitable memory-safety issue in SQLite—a widely used open-source database engine—marks a significant milestone, as it is believed to be the first public instance of an AI tool uncovering a previously unknown flaw in real-world software.

The vulnerability was reported to SQLite developers in early October, who promptly addressed the issue on the same day it was identified. Notably, the bug was discovered before being included in an official release, ensuring that SQLite users were unaffected. Google emphasised this development as a demonstration of AI’s significant potential for enhancing cybersecurity defences.

The initiative is part of a collaborative project called Big Sleep, which involves Google Project Zero and Google DeepMind, stemming from previous efforts focused on AI-assisted vulnerability research.

Many companies, including Google, typically employ a technique known as ‘fuzzing,’ where software is tested by inputting random or invalid data to uncover vulnerabilities. However, Google noted that fuzzing often needs to improve in identifying hard-to-find bugs. The researchers expressed optimism that AI could help bridge this gap. ‘We see this as a promising avenue to achieve a defensive advantage,’ they stated.

The identified vulnerability was particularly intriguing because it was missed by existing testing frameworks, including OSS-Fuzz and SQLite’s internal systems. One of the key motivations behind the Big Sleep project is the ongoing challenge of vulnerability variants, with more than 40% of zero-day vulnerabilities identified in 2022 being variants of previously reported issues.

TikTok faces lawsuit in France after teen suicides linked to platform

Seven families in France are suing TikTok, alleging that the platform’s algorithm exposed their teenage children to harmful content, leading to tragic consequences, including the suicides of two 15-year-olds. Filed at the Créteil judicial court, this grouped case seeks to hold TikTok accountable for what the families describe as dangerous content promoting self-harm, eating disorders, and suicide.

The families’ lawyer, Laure Boutron-Marmion, argues that TikTok, as a company offering its services to minors, must address its platform’s risks and shortcomings. She emphasised the need for TikTok’s legal liability to be recognised, especially given that its algorithm is often blamed for pushing disturbing content. TikTok, like Meta’s Facebook and Instagram, faces multiple lawsuits worldwide accusing these platforms of targeting minors in ways that harm their mental health.

TikTok has previously stated it is committed to protecting young users’ mental well-being and has invested in safety measures, according to CEO Shou Zi Chew’s remarks to US lawmakers earlier this year.

OpenAI adds search capabilities to ChatGPT

OpenAI has introduced new search functions to its popular ChatGPT, making it a direct competitor with Google, Microsoft’s Bing, and other emerging AI-driven search tools. Instead of launching a separate search engine, OpenAI chose to integrate search capabilities directly into ChatGPT, which will pull information from the web and relevant sources based on user questions.

Initially, ChatGPT’s search feature will be available to Plus and Team users, with plans to expand access to enterprise and educational users, as well as free users, in the coming months. OpenAI’s partnerships with major publishers like Condé Nast, Time, and the Financial Times aim to provide a rich pool of content for ChatGPT’s search.

This launch follows OpenAI’s selective testing of SearchGPT, an AI-based search prototype, earlier in the year. With its recent funding round boosting its valuation to an estimated $157 billion, OpenAI continues to strengthen its standing as a leading private AI company.

EU moves to formalise disinformation code under DSA

The EU‘s voluntary code of practice on disinformation will soon become a formal set of rules under the Digital Services Act (DSA). According to Paul Gordon, assistant director at Ireland’s media regulator Coimisiúin na Meán, efforts are underway to finalise the transition by January. He emphasised that the new regulations should lead to more meaningful engagement from platforms, moving beyond mere compliance.

Originally established in 2022 and signed by 44 companies, including Google, Meta, and TikTok, the code outlines commitments to combat online disinformation, such as increasing transparency in political advertising and enhancing cooperation during elections. A spokesperson for the European Commission confirmed that the code aims to be recognised as a ‘Code of Conduct’ under the DSA, which already mandates content moderation measures for online platforms.

The DSA, which applies to all platforms since February, imposes strict rules on the largest online services, requiring them to mitigate risks associated with disinformation. The new code will help these platforms demonstrate compliance with the DSA’s obligations, as assessed by the Commission and the European Board of Digital Services. However, no specific timeline has been provided for the code’s formal implementation.