LinkedIn has come under scrutiny for using user data to train AI models without updating its privacy terms in advance. While LinkedIn has since revised its terms, United States users were not informed beforehand, which usually allows them time to make decisions about their accounts. LinkedIn offers an opt-out feature for data used in generative AI, but this was not initially reflected in their privacy policy.
LinkedIn clarified that its AI models, including content creation tools, use user data. Some models on its platform may also be trained by external providers like Microsoft. LinkedIn assures users that privacy-enhancing techniques, such as redacting personal information, are employed during the process.
The Open Rights Group has criticised LinkedIn for not seeking consent from users before collecting data, calling the opt-out method inadequate for protecting privacy rights. Regulatory bodies, including Ireland‘s Data Protection Commission, have been involved in monitoring the situation, especially within regions under GDPR protection, where user data is not used for AI training.
LinkedIn is one of several platforms reusing user-generated content for AI training. Others, like Meta and Stack Overflow, have also begun similar practices, with some users protesting the reuse of their data without explicit consent.
Australia has introduced the Privacy and Other Legislation Amendment Bill 2024, marking a pivotal advancement in addressing privacy concerns within the digital landscape. The landmark legislation establishes stringent penalties for privacy breaches, imposing sentences of up to six years in prison for general offences and up to seven years for doxxing incidents that target protected characteristics.
Furthermore, the bill enhances the enforcement powers of the Australian Information Commissioner, enabling swift action against non-compliance with privacy laws. Restoring the Australian Privacy Commissioner as a standalone position further strengthens the oversight needed to uphold privacy standards nationwide.
In its commitment to modernising privacy laws for the digital age, Australia views the Privacy and Other Legislation Amendment Bill 2024 as the initial phase of a comprehensive strategy to safeguard citizens’ privacy. The government demonstrates its resolve to hold companies and individuals accountable by significantly increasing maximum penalties for serious privacy breaches.
Additionally, recognising the importance of collaboration, the government will continue to engage with key stakeholders—including industry representatives, small businesses, consumer groups, and the media—to ensure that the approach to privacy protection is equitable and beneficial for both individuals and society.
India is set to introduce an umbrella framework for consent management under the Digital Personal Data Protection (DPDP) Act, focusing on broad guidelines rather than specific rules. That approach is designed to provide flexibility for companies while ensuring they adhere to the overarching principles of data protection. Initially, organisations will be required to use government-issued identity cards for age and consent verification. However, they will eventually have the option to develop and implement their systems tailored to their needs.
Moreover, India is expected to offer certain exemptions to educational institutions, including schools, colleges, and universities, concerning the processing and obtaining parental consent for children’s data. That measure aims to alleviate the compliance burden on educational entities. In contrast, edtech companies will not benefit from these exemptions and must adhere to the full consent management rules outlined by the DPDP Act.
Furthermore, India is reinforcing its commitment to protecting children’s data by prohibiting behavioural tracking and targeted advertising for users under 18. This provision of the DPDP Act highlights the government’s focus on safeguarding young users from intrusive digital practices. It ensures that their online activities are not subject to targeted marketing strategies.
The Brazilian Data Protection Authority (ANPD) has introduced Resolution 19/2024, which establishes new regulations for international data transfers under the Brazilian General Data Protection Law (LGPD). Effective 23 August 2024, the regulation provides a structured framework for transferring personal data from Brazil to other countries to ensure that data protection standards are upheld.
The framework outlines Standard Contractual Clauses (SCCs), adequacy decisions for third countries, and the approval of binding corporate rules for intra-group data transfers. The Brazilian Data Protection Authority has approved Standard Contractual Clauses (SCCs) as a key instrument for international data transfers.
These SCCs cover controller-to-controller and controller-to-processor transfers, ensuring legal protection without needing prior ANPD authorisation. Similar to the EU’s SCCs, they are non-modifiable, and companies in Brazil must adopt these new clauses by 22 August 2025, replacing any existing contractual arrangements. The ANPD may also recognise equivalent SCCs from other jurisdictions, though no decision has been made yet regarding the EU SCCs.
The Brazilian Data Protection Authority also provides procedures for adequacy decisions, bespoke contractual clauses, and binding corporate rules (BCRs). Adequacy decisions will assess whether a third country offers sufficient data protection. Companies can use bespoke contractual clauses in exceptional cases with ANPD approval, while BCRs allow data transfers within corporate groups if approved by the ANPD.
China’s National Information Security Standardization Technical Committee (TC260) introduced new guidelines titled ‘Cybersecurity Standard Practice Guidelines – Sensitive Personal Information Identification.’ These guidelines establish clear criteria for what constitutes sensitive personal information. Specifically, personal data is deemed sensitive if its unauthorised disclosure or misuse could harm an individual’s dignity, jeopardise their safety, or threaten their property.
In addition, the guidelines outline several key categories of sensitive personal information, such as biometric data, religious beliefs, specific identity details, medical and health information, financial account details, movement tracking data, and personal information of minors. Each category is illustrated with examples to assist organisations in effectively identifying and managing sensitive data.
Furthermore, the TC260 emphasises the necessity of evaluating individual data points and their combined effects when determining the sensitivity of personal information. That comprehensive approach ensures a nuanced understanding of the potential impacts of data breaches or misuse. By considering both isolated pieces of information and their possible cumulative effects, the guidelines provide a robust framework for assessing the risk levels associated with different data types.
Moreover, the TC260 underscores existing laws and regulations in China that may also define sensitive personal information. This reinforces the importance of organisations remaining informed about legal requirements and adhering to all relevant standards for safeguarding sensitive data.
Authorities in South West England are set to introduce new AI cameras on the A361 near Frome, Somerset, in a bid to reduce road deaths after a rise in serious crashes. The technology will be used to detect speeding, mobile phone use, and seatbelt violations. Nine people have died on this road in less than two years.
The Avon and Somerset Police have already taken action, positioning unmarked cars and using speed detection equipment on the A361. Since the start of 2023, there have been 22 serious or fatal accidents along the route. Officials aim to improve public confidence in road safety measures.
The parents of two sisters killed in a high-speed crash on the A361 last year have criticised the lack of action. They believe better speed controls could have prevented the deaths of Madison and Liberty North, aged 21 and 17, who died in July 2022.
Local authorities, led by MP Anna Sabine, are also planning further safety measures. These include improving road signage, enhancing visibility, and urging drivers to adopt safer behaviours when navigating these fast A-roads.
Nintendo and The Pokémon Company have sued Pocketpair Inc., the maker of ‘Palworld’, for patent infringement. The lawsuit was filed in the Tokyo District Court and aims to halt the game’s distribution, claiming multiple patent violations. Nintendo and Pokémon Co are seeking damages from the Tokyo-based game studio.
‘Palworld’ gained attention as a survival adventure game where players capture and train creatures using guns, a concept many fans dubbed ‘Pokémon with guns’. Pocketpair expressed surprise at the lawsuit, stating they had not yet been informed of the specific patents in question.
The company confirmed it would begin legal proceedings and investigations in response to the claims. It expressed frustration over being forced to divert time from game development due to the legal battle.
Earlier this year, The Pokémon Company had already warned it would pursue any intellectual property violations. Meanwhile, Pocketpair had partnered with Sony in July to promote the global licensing of ‘Palworld’.
On 18 September 2024, US Senate Intelligence Committee members questioned top tech executives from Google, Microsoft, and Meta about their plans to combat foreign disinformation ahead of the November elections. The executives, including Microsoft’s Brad Smith and Meta’s Nick Clegg, acknowledged the heightened risk during the 48 hours surrounding Election Day, with Smith emphasising the period as particularly vulnerable. Senator Mark Warner echoed this concern, noting that the time immediately after the polls close could also be crucial, especially in a tight race.
During the hearing, lawmakers discussed recent tactics used by foreign actors, including fake news websites mimicking reputable US media outlets and fabricated recordings from elections in other countries. Senators pressed the tech companies for detailed data on how many people were exposed to such content and the extent of its promotion. While the companies have adopted measures like labeling and watermarking to address deepfakes and misinformation, they were urged to enhance their efforts to prevent the spread of harmful content during this sensitive period.
Taiwan’s government is taking decisive action to combat telecom fraud through new regulations proposed by the Ministry of Digital Affairs. These regulations focus on the stringent management of four-digit telephone numbers beginning with ’19,’ typically allocated to government agencies and charitable organisations.
The primary goal is to safeguard these critical numbers from misuse. To this end, the government plans to impose penalties on telecom operators who breach the Fraud Hazard Prevention Act, including limiting the number of phone numbers they can receive. This measure aims to deter fraudulent activities effectively. Furthermore, organisations in Taiwan will need to obtain government approval before making any changes to the use of these numbers and must return them if their usage changes. To ensure compliance, the Ministry will conduct random inspections to monitor the proper use of these numbers.
Taiwan’s government is also enhancing its anti-fraud efforts by proposing amendments to the Subsidy, Reward, and Assistance Regulations for Promoting Industry Innovation. These changes will allow the Ministry to offer financial support, including subsidies and rewards, to digital industries developing technologies to prevent fraud. By encouraging technological innovation in this field, the government aims to strengthen fraud prevention measures and protect individuals and organisations against telecom-related fraud.
Australian authorities have charged a Sydney man with creating and managing an encrypted messaging app, Ghost, allegedly used by global crime networks. The man, 32, was arrested in western Sydney and appeared in court on Wednesday, facing multiple charges related to the platform’s role in organised crime. Ghost is said to have been used by syndicates from Australia, the Middle East, and South Korea for drug trafficking and contract killings.
Police, in collaboration with international forces, carried out extensive raids across Australia and beyond, with searches also conducted in Italy, Ireland, Sweden, and Canada. Up to 50 Australians allegedly involved with Ghost are now facing charges, with significant prison terms expected. More arrests are anticipated in both Australia and abroad.
Authorities have made a breakthrough by cracking Ghost’s encryption, preventing the deaths or serious injuries of 50 individuals in Australia. This marks the first time an Australian has been accused of running a global criminal messaging platform, a major milestone in the country’s fight against organised crime.
The Australian Federal Police Deputy Commissioner highlighted the complex nature of dismantling encrypted communication platforms. The success in accessing evidence from Ghost represents a major achievement in efforts to disrupt global criminal activity.
