A new piece of legislation in Spain, scheduled to come into force on 1 October 2024, mandates that hoteliers, travel agencies, and private rental landlords collect and share sensitive information about travellers with the Ministry of the Interior. The law requires the collection of extensive personal details, including payment methods, financial transactions, credit card numbers, contract specifics, and personal contact information, affecting both domestic and international tourists.
The Spanish Confederation of Hotels and Tourist Accommodation (CEHAT), representing over 16,000 businesses and around 1.8 million accommodation options, has expressed strong opposition, citing concerns about data collection, storage, and privacy. CEHAT argues that the law is impractical, may increase errors due to manual processing, and could heighten operational costs for hospitality businesses. The industry’s primary concerns also include the privacy rights of travellers and the potential economic disadvantage compared to other EU markets.
However, the Ministry of the Interior defends the legislation as necessary for enhancing public safety and combating terrorism and organised crime, asserting that detailed traveller information will improve security efforts. Despite this, the tourism sector in Spain, already dealing with challenges such as anti-tourism protests, fears the law could further harm its economic contributions. Travel agencies have requested either exclusion from the law’s requirements or clear limits on its application to mitigate confusion and potential privacy infringements.
Why does it matter?
With the implementation date approaching, anxiety within the industry is growing due to the lack of clarity over data submission processes and the potential legal ramifications of non-compliance. As the debate continues, industry is urgently calling on the government to provide clearer guidelines and reconsider certain aspects of the legislation.
Manx Telecom has launched a survey to understand how AI is perceived by individuals and businesses on the Isle of Man. The firm aims to gather insights into AI usage, preparedness, and challenges in both personal and professional contexts.
Kate Hegarty, head of marketing at Manx Telecom, highlighted that feedback from the community would guide the development of new telecom services tailored to meet the island’s evolving needs. The survey also explores potential opportunities AI presents for local industries.
The Isle of Man government recently launched a programme to boost digital skills as part of a wider initiative to grow the island’s GDP by 10% by 2030. Manx Telecom plans to use the results of the survey to collaborate with partners and enhance the technology offerings on the island.
Conducted by Island Global Research, the survey remains open to the public until 9 October. Responses will influence Manx Telecom’s future product development and the services it offers.
A federal judge has scaled down a privacy lawsuit against Apple, which alleged the company collected personal data from iPhone, iPad, and Apple Watch users without permission. The lawsuit targets Apple’s apps, including the App Store, Apple Music, and Apple TV. US District Judge Edward Davila dismissed most claims involving the “Allow Apps to Request to Track” setting, clarifying that it only governs data collection by third-party apps and websites, not Apple’s in-house apps.
Despite dismissing many claims, the judge allowed some to proceed related to Apple’s ‘Share [Device] Analytics’ setting. The plaintiffs claim that Apple continued collecting data even after users disabled the setting, despite promises that it would stop data sharing. Judge Davila agreed, noting that users could reasonably assume they had withdrawn consent based on Apple’s own disclosure that disabling the option would prevent data collection.
This lawsuit is part of a broader trend of legal actions against major tech companies like Google and Meta, accusing them of gathering user data without proper consent. Neither Apple nor the plaintiffs’ lawyers have responded to requests for comment on the case as it unfolds.
Google has introduced a major update to its AI-powered note-taking platform, NotebookLM. Users will soon be able to upload YouTube URLs and audio files, such as mp3 and wav formats, for analysis by the Gemini AI.
Previously, NotebookLM allowed users to interact with documents like Google Docs, PDFs, and web pages. Now, a new sharing feature enables public URL generation for Audio Overviews, enhancing collaboration.
NotebookLM’s latest features position it as a strong rival to Microsoft OneNote’s Copilot and Notion AI. Gemini is also integrated into Google Workspace, offering business customers enterprise-grade data protection.
The National Communications Commission (NCC) has introduced new regulations to curtail telecom fraud in Taiwan significantly. These measures establish a comprehensive framework to identify users categorised as ‘high-risk’ based on their repeated involvement in fraudulent activities. As a result, these high-risk users will face strict limitations and be permitted to apply for only three telephone numbers across the three major telecom providers within three years. The initiative is designed to deter fraudulent behaviour by restricting access to essential communication services.
Moreover, these regulations align with the recently enacted Fraud Hazard Prevention Act, which provides a foundational legal framework for addressing and mitigating fraud within the telecom sector. The NCC also prioritises collaboration with governmental agencies such as the National Police Agency (NPA) and the National Immigration Agency (NIA). That partnership aims to develop a comprehensive strategy for effectively combating telecom fraud and protecting consumers.
To further this goal, the NCC implements advanced verification systems allowing telecom companies to access NIA and NPA databases. That access will enable them to reauthenticate user identities upon receiving fraud alerts, ensuring that only legitimate users can access telecom services. This proactive approach fosters a safer environment for subscribers and empowers providers to make informed decisions to prevent fraud before it occurs.
In addition to these domestic initiatives, the NCC focuses on the international dimensions of telecom fraud, particularly regarding international roaming services. Under the new regulations, telecom providers must verify that users activating roaming services have entered Taiwan and can present appropriate identification.
That crucial measure aims to curb the misuse of these services for fraudulent purposes. Furthermore, the NCC plans to monitor high-risk offshore telecom operators, assessing their involvement in fraudulent activities and exploring the potential need for mutual legal assistance agreements with their home countries to strengthen enforcement efforts.
Meta, Facebook’s owner, has been fined €91 million ($101.5 million) by the EU’s privacy regulator for mishandling user passwords. The issue, which surfaced five years ago, involved Meta storing certain users’ passwords in plaintext, a format lacking encryption or security protection. Ireland’s Data Protection Commission (DPC), which oversees GDPR compliance for many US tech firms operating in the EU, launched an investigation after Meta reported the incident.
Meta admitted the error, emphasising that third parties had not accessed the exposed passwords. However, storing passwords in an unprotected format is considered a major security flaw, as it exposes users to significant risks if unauthorised individuals access the data. Deputy Commissioner Graham Doyle underscored that storing passwords without encryption is widely unacceptable due to potential abuse.
This fine adds to Meta’s growing list of penalties under the EU’s General Data Protection Regulation (GDPR). To date, Meta has been fined a total of 2.5 billion euros for various data breaches, including a record €1.2 billion fine in 2023, which Meta is currently appealing. These repeated infractions highlight ongoing concerns about how the company handles sensitive user data.
Alphabet, Goldman Sachs, and several other firms have agreed to pay a combined total of $3.8 million in penalties to settle charges from the US Securities and Exchange Commission (SEC) over late filings. This action is part of a wider initiative aimed at companies and executives who failed to timely disclose important information to investors, such as changes in beneficial ownership and insider stock sales.
As part of the settlement, Alphabet will pay $750,000, while Goldman Sachs will contribute $300,000. Additional fines include $375,000 from Bank of Nova Scotia and $130,000 from Bain Capital Credit Member. Other firms, such as Sunbeam Management, TALANTA Investment Group, and Fortress Investment Group, also faced penalties ranging from $40,000 to $225,000.
None of the firms or individuals involved admitted to or denied the SEC’s findings, but they agreed to pay the civil penalties and refrain from any further violations. Additionally, ten individuals were also penalised for late filings, as stated by the SEC.
Meta Platforms has announced it will not immediately join the European Union‘s voluntary AI Pact, which is a temporary initiative ahead of the AI Act coming into force. The company is currently focusing on compliance with the forthcoming regulations set out in the act, but may sign the pact at a later stage.
The EU’s AI Act, agreed in May and adopted by the European Council, will introduce strict rules governing the development and use of artificial intelligence. Under these regulations, companies must provide detailed summaries of the data used to train their AI models. The majority of the law’s provisions will take effect from August 2026.
In the interim, the AI Pact encourages companies to voluntarily adopt some of the key requirements of the forthcoming act. Meta has expressed its support for harmonised EU regulations but is prioritising work on meeting the obligations of the AI Act.
Julian Assange, the former Wikileaks editor-in-chief, has secured a plea deal, with his sentence commuted to time served. He is now set to travel to Saipan before returning to Australia. Despite his release, the financial burden remains, with his fiancée, Stella Assange, disclosing that the cost of his journey to freedom is estimated at $520,000. The family is urgently appealing for funds to cover travel and recovery expenses.
To help raise these funds, a BTCPay Server has been set up, enabling donations through Bitcoin or the Lightning Network. Assange’s brother, Gabriel, confirmed the platform, allowing secure, decentralised contributions. Julian’s connection to Bitcoin is long-standing, having been part of the cryptocurrency’s history, including discussions with its creator, Satoshi Nakamoto, regarding its use for Wikileaks when PayPal froze their accounts.
As Assange embarks on the next chapter of his life, the Bitcoin community continues to rally behind him, with a recent donation of 8 Bitcoins (around $500,000) further showcasing the role of cryptocurrency in supporting his cause.
Google’s online advertising practices are under renewed scrutiny in the United Kingdom, as the Competition and Markets Authority (CMA) raised concerns over the company’s decision to retain third-party cookies in its Chrome browser. In July, Google reversed its plans to remove cookies, which track users across the web, after complaints from advertisers who rely on them to personalise ads. Advertisers feared that without cookies, they would have to depend on Google’s own user data, reducing competition.
To address these concerns, Google stated that Chrome users would be given the option to allow cookies to track them. However, the CMA invited feedback on this change and concluded that competition issues remain, despite Google’s revisions. The watchdog highlighted that Google’s approach could still harm competition in the digital advertising space.
The CMA announced it would seek further changes to Google’s plans to ensure fair competition. If Google does not adequately address the concerns, the CMA may take additional action to protect competition in the online advertising market.
Google has not yet responded to the CMA’s findings. The company’s advertising practices remain under global scrutiny as regulators examine their potential impact on market competition and consumer privacy.
