China has announced new regulations on network data security management, representing a significant step forward in its efforts to govern data processing activities effectively. Scheduled to take effect on 1 January 2025, these regulations establish a comprehensive framework that ensures organisations comply with legal standards and adopt best practices in data handling.
The regulations aim to bolster compliance and accountability across various sectors by clearly defining expectations for network data processing and fostering a safer digital environment. Additionally, they refine mechanisms for managing sensitive data, ultimately enhancing overall governance in this vital area. A primary focus of these regulations is the protection of the rights of individuals and organisations, guaranteeing that personal information is handled with the utmost care.
Moreover, China has introduced explicit guidelines for cross-border data transfers, recognising the complexities of international data flows in today’s interconnected economy. These regulations specify the conditions under which personal information can be shared with overseas entities, striking a balance between data security and global business and cooperation facilitation.
Furthermore, they impose rigorous obligations on internet platform service providers and third-party entities, mandating adherence to stringent data protection standards. These regulations cultivate a culture of responsibility in data management practices by holding service providers accountable for their data protection efforts. Overall, this comprehensive regulatory framework addresses critical issues of individual rights, national security, and global data flow, significantly enhancing data security management in China.
Russia has ordered Discord to delete nearly 1,000 posts that are deemed illegal. The communication regulator, Roskomnadzor, highlighted that the posts include content related to child pornography, extremism, drug abuse, and LGBT promotion.
Discord, a San Francisco-based platform, and the regulator have yet to respond to queries regarding the order. Previous actions have seen Discord fined 3.5 million roubles for failing to remove illegal material.
Russia’s demands follow a long-standing policy of controlling content on foreign technology platforms. Regular fines are issued for non-compliance, with social media platforms even facing bans in some instances.
President Vladimir Putin continues to emphasise traditional values, particularly with stricter rules on LGBT promotion. Moscow’s broader push aims to restrict content that contradicts the state’s values and regulations.
California Governor Gavin Newsom has signed a groundbreaking bill aimed at enhancing protections for domestic abuse survivors in internet-connected vehicles. As car manufacturers increasingly incorporate advanced technology, incidents of stalking and harassment through features like location tracking have surfaced. The bill passed with strong support in the California legislature and is part of a broader effort to safeguard victims of domestic violence.
One key provision of the new law mandates that automakers create a process for drivers to submit restraining orders and request the termination of another driver’s remote access within two business days. The legislation also requires manufacturers to enable drivers to easily disable location access from within the vehicle. This could establish a precedent for similar regulations across the country, as automakers generally produce uniform models for all markets.
The legislation follows reports indicating that some car manufacturers have failed to address complaints from women who experienced stalking through their vehicles’ technology. A notable case involved a woman suing Tesla for inaction despite having a restraining order. Although no automaker opposed the bill, the Alliance for Automotive Innovation supported victim protection but raised concerns about the law’s technical implementation. The alliance intends to seek solutions to these challenges in the future.
A new piece of legislation in Spain, scheduled to come into force on 1 October 2024, mandates that hoteliers, travel agencies, and private rental landlords collect and share sensitive information about travellers with the Ministry of the Interior. The law requires the collection of extensive personal details, including payment methods, financial transactions, credit card numbers, contract specifics, and personal contact information, affecting both domestic and international tourists.
The Spanish Confederation of Hotels and Tourist Accommodation (CEHAT), representing over 16,000 businesses and around 1.8 million accommodation options, has expressed strong opposition, citing concerns about data collection, storage, and privacy. CEHAT argues that the law is impractical, may increase errors due to manual processing, and could heighten operational costs for hospitality businesses. The industry’s primary concerns also include the privacy rights of travellers and the potential economic disadvantage compared to other EU markets.
However, the Ministry of the Interior defends the legislation as necessary for enhancing public safety and combating terrorism and organised crime, asserting that detailed traveller information will improve security efforts. Despite this, the tourism sector in Spain, already dealing with challenges such as anti-tourism protests, fears the law could further harm its economic contributions. Travel agencies have requested either exclusion from the law’s requirements or clear limits on its application to mitigate confusion and potential privacy infringements.
Why does it matter?
With the implementation date approaching, anxiety within the industry is growing due to the lack of clarity over data submission processes and the potential legal ramifications of non-compliance. As the debate continues, industry is urgently calling on the government to provide clearer guidelines and reconsider certain aspects of the legislation.
Manx Telecom has launched a survey to understand how AI is perceived by individuals and businesses on the Isle of Man. The firm aims to gather insights into AI usage, preparedness, and challenges in both personal and professional contexts.
Kate Hegarty, head of marketing at Manx Telecom, highlighted that feedback from the community would guide the development of new telecom services tailored to meet the island’s evolving needs. The survey also explores potential opportunities AI presents for local industries.
The Isle of Man government recently launched a programme to boost digital skills as part of a wider initiative to grow the island’s GDP by 10% by 2030. Manx Telecom plans to use the results of the survey to collaborate with partners and enhance the technology offerings on the island.
Conducted by Island Global Research, the survey remains open to the public until 9 October. Responses will influence Manx Telecom’s future product development and the services it offers.
A federal judge has scaled down a privacy lawsuit against Apple, which alleged the company collected personal data from iPhone, iPad, and Apple Watch users without permission. The lawsuit targets Apple’s apps, including the App Store, Apple Music, and Apple TV. US District Judge Edward Davila dismissed most claims involving the “Allow Apps to Request to Track” setting, clarifying that it only governs data collection by third-party apps and websites, not Apple’s in-house apps.
Despite dismissing many claims, the judge allowed some to proceed related to Apple’s ‘Share [Device] Analytics’ setting. The plaintiffs claim that Apple continued collecting data even after users disabled the setting, despite promises that it would stop data sharing. Judge Davila agreed, noting that users could reasonably assume they had withdrawn consent based on Apple’s own disclosure that disabling the option would prevent data collection.
This lawsuit is part of a broader trend of legal actions against major tech companies like Google and Meta, accusing them of gathering user data without proper consent. Neither Apple nor the plaintiffs’ lawyers have responded to requests for comment on the case as it unfolds.
Google has introduced a major update to its AI-powered note-taking platform, NotebookLM. Users will soon be able to upload YouTube URLs and audio files, such as mp3 and wav formats, for analysis by the Gemini AI.
Previously, NotebookLM allowed users to interact with documents like Google Docs, PDFs, and web pages. Now, a new sharing feature enables public URL generation for Audio Overviews, enhancing collaboration.
NotebookLM’s latest features position it as a strong rival to Microsoft OneNote’s Copilot and Notion AI. Gemini is also integrated into Google Workspace, offering business customers enterprise-grade data protection.
The National Communications Commission (NCC) has introduced new regulations to curtail telecom fraud in Taiwan significantly. These measures establish a comprehensive framework to identify users categorised as ‘high-risk’ based on their repeated involvement in fraudulent activities. As a result, these high-risk users will face strict limitations and be permitted to apply for only three telephone numbers across the three major telecom providers within three years. The initiative is designed to deter fraudulent behaviour by restricting access to essential communication services.
Moreover, these regulations align with the recently enacted Fraud Hazard Prevention Act, which provides a foundational legal framework for addressing and mitigating fraud within the telecom sector. The NCC also prioritises collaboration with governmental agencies such as the National Police Agency (NPA) and the National Immigration Agency (NIA). That partnership aims to develop a comprehensive strategy for effectively combating telecom fraud and protecting consumers.
To further this goal, the NCC implements advanced verification systems allowing telecom companies to access NIA and NPA databases. That access will enable them to reauthenticate user identities upon receiving fraud alerts, ensuring that only legitimate users can access telecom services. This proactive approach fosters a safer environment for subscribers and empowers providers to make informed decisions to prevent fraud before it occurs.
In addition to these domestic initiatives, the NCC focuses on the international dimensions of telecom fraud, particularly regarding international roaming services. Under the new regulations, telecom providers must verify that users activating roaming services have entered Taiwan and can present appropriate identification.
That crucial measure aims to curb the misuse of these services for fraudulent purposes. Furthermore, the NCC plans to monitor high-risk offshore telecom operators, assessing their involvement in fraudulent activities and exploring the potential need for mutual legal assistance agreements with their home countries to strengthen enforcement efforts.
Meta, Facebook’s owner, has been fined €91 million ($101.5 million) by the EU’s privacy regulator for mishandling user passwords. The issue, which surfaced five years ago, involved Meta storing certain users’ passwords in plaintext, a format lacking encryption or security protection. Ireland’s Data Protection Commission (DPC), which oversees GDPR compliance for many US tech firms operating in the EU, launched an investigation after Meta reported the incident.
Meta admitted the error, emphasising that third parties had not accessed the exposed passwords. However, storing passwords in an unprotected format is considered a major security flaw, as it exposes users to significant risks if unauthorised individuals access the data. Deputy Commissioner Graham Doyle underscored that storing passwords without encryption is widely unacceptable due to potential abuse.
This fine adds to Meta’s growing list of penalties under the EU’s General Data Protection Regulation (GDPR). To date, Meta has been fined a total of 2.5 billion euros for various data breaches, including a record €1.2 billion fine in 2023, which Meta is currently appealing. These repeated infractions highlight ongoing concerns about how the company handles sensitive user data.
Alphabet, Goldman Sachs, and several other firms have agreed to pay a combined total of $3.8 million in penalties to settle charges from the US Securities and Exchange Commission (SEC) over late filings. This action is part of a wider initiative aimed at companies and executives who failed to timely disclose important information to investors, such as changes in beneficial ownership and insider stock sales.
As part of the settlement, Alphabet will pay $750,000, while Goldman Sachs will contribute $300,000. Additional fines include $375,000 from Bank of Nova Scotia and $130,000 from Bain Capital Credit Member. Other firms, such as Sunbeam Management, TALANTA Investment Group, and Fortress Investment Group, also faced penalties ranging from $40,000 to $225,000.
None of the firms or individuals involved admitted to or denied the SEC’s findings, but they agreed to pay the civil penalties and refrain from any further violations. Additionally, ten individuals were also penalised for late filings, as stated by the SEC.
