Dubai, known for its ultra-luxurious lifestyle and wealthy population, has reportedly fallen victim to a ransomware attack by the Daixin Team. The cybercriminal group claimed on their dark blog to have exfiltrated 60-80GB of sensitive data from the Government of Dubai’s network systems, including ID cards, passports, and other personally identifiable information (PII).
The stolen data, which has not yet been fully analysed or released, reportedly includes many personal and business records. Among the sensitive information are details about the residents of this city in the UAE, many of whom are expatriates and high-net-worth individuals. Due to the city’s high concentration of wealthy residents, this data breach poses significant risks, such as identity theft and targeted phishing attacks.
The Daixin Team, a Russian-speaking ransomware group active since at least June 2022, is known for targeting various sectors, including healthcare and utilities. They typically gain access through compromised VPN servers or phishing attacks and often publish stolen data if ransom demands are not met. The Government of Dubai has been contacted for comment but has not yet responded.
Meta Platforms is facing 11 complaints over proposed changes to its privacy policy that could violate EU privacy regulations. The changes, set to take effect on 26 June, would allow Meta to use personal data, including posts and private images, to train its AI models without user consent. Advocacy group NOYB has urged privacy watchdogs to take immediate action against these changes, arguing that they breach the EU’s General Data Protection Regulation (GDPR).
Meta claims it has a legitimate interest in using users’ data to develop its AI models, which can be shared with third parties. However, NOYB founder Max Schrems contends that the European Court of Justice has previously ruled against Meta’s arguments for similar data use in advertising, suggesting that the company is ignoring these legal precedents. Schrems criticises Meta’s approach, stating that the company should obtain explicit user consent rather than complicating the opt-out process.
In response to the impending policy changes, NOYB has called on data protection authorities across multiple European countries, including Austria, Germany, and France, to initiate an urgent procedure to address the situation. If found in violation of GDPR, Meta could face strict fines.
On Tuesday, a group of current and former OpenAI employees issued an open letter warning that leading AI companies lack necessary transparency and accountability to address potential risks. The letter highlights AI safety concerns, such as deepening inequalities, misinformation, and loss of control over autonomous systems, potentially leading to catastrophic outcomes.
The 16 signatories, including Google DeepMind staff, emphasised that AI firms have financial incentives to avoid effective oversight and criticised their weak obligations to share critical information. They called for stronger whistleblower protections, noting that confidentiality agreements often prevent employees from raising concerns. Some current OpenAI employees signed anonymously, fearing retaliation. AI pioneers like Yoshua Bengio, Geoffrey Hinton, and Stuart Russell also endorsed the letter, criticising inadequate preparations for AI’s dangers.
The letter also calls for AI companies to commit to main principles in order to maintain a curtain level of accountability and transparency. Those principles are – not to enter into or enforce any agreement that prohibits ‘disparagement’ or criticism of the company for risk-related concerns, nor retaliate for risk-related criticism, facilitate a verifiably anonymous process for current and former employees to raise risk-related concerns to the company’s board, to regulators, and to an appropriate independent organization with relevant expertise, and support a culture of open criticism and allow its current and former employees to raise risk-related concerns about its technologies to the public, to the company’s board, to regulators, or to an appropriate independent organization with relevant expertise, so long as trade secrets and other intellectual property interests are appropriately protected.
Why does it matter?
In response, OpenAI defended its record, citing its commitment to safety, rigorous debate, and engagement with various stakeholders. The company highlighted its anonymous integrity hotline and newly formed Safety and Security Committee as channels for employee concerns. The critique of OpenAI comes amid growing scrutiny of CEO Sam Altman’s leadership. The concerns raised by OpenAI insiders highlights the critical need for transparency and accountability in AI development. Ensuring that AI companies are effectively overseen and held accountable and that insiders are enabled to speak out about unethical or dangerous practices without fear of retaliation represent pivotal safeguards to inform the public and the decision makers about AI’s potential capabilities and risks.
Italy’s antitrust regulator AGCM (Autorita’ Garante della Concorrenza e del Mercato) has fined Meta, the owner of Facebook and Instagram, for unfair commercial practices. The authority imposed a fine of €3.5 million on Meta Platforms Ireland Ltd. and parent company Meta Platforms Inc. for two deceptive business practices regarding the creation and management of Facebook and Instagram social network accounts.
Namely, the watchdog stated that Instagram users were not adequately informed about how their personal data was used for commercial purposes and that users of both platforms were not given proper information on contesting account suspensions.
Meta has already addressed these issues, according to the regulator. A Meta spokesperson expressed disagreement with AGCM’s decision and mentioned that the company is considering its options. They also highlighted that since August 2023, Meta has implemented changes for Italian users to increase transparency about data usage for advertising on Instagram.
The first complaint alleges that Microsoft’s contracts with schools attempt to shift responsibility for GDPR compliance onto them despite schools lacking the capacity to monitor or enforce Microsoft’s data practices. That could result in children’s data being processed in ways that do not comply with GDPR. The second complaint highlights the use of tracking cookies within Microsoft 365 Education software, which reportedly collects user browsing data and analyses user behaviour, potentially for advertising purposes.
NOYB claims that such tracking practices occur without users’ consent or the schools’ knowledge, and there appears to be no legal justification for it under GDPR. They request that the Austrian Data Protection Authority investigate the complaints and determine the extent of data processing by Microsoft 365 Education. The group has also urged the authority to impose fines if GDPR violations are confirmed.
Microsoft has not yet responded to the complaints. Still, the company has stated that its 365 for Education complies with GDPR and other applicable privacy laws and that it thoroughly protects the privacy of its young users.
After the adoption of the EU rules which ban real-time facial recognition in public spaces but allows some exceptions for law enforcement, the Swedish government ordered an inquiry into expanded powers for law enforcement to use camera surveillance, including the use of facial recognition technology. The EU exceptions include searching for missing people or specific suspected victims of human trafficking, or preventing imminent threats such as a terrorist attack. It also allows the technology for locating individuals suspected of committing certain criminal offenses.
The Swedish police plan to integrate facial recognition into their daily operations by leveraging a database containing over 40,000 facial images of individuals who have been detained or arrested. This technology enables law enforcement to quickly compare these images with footage from closed-circuit television (CCTV), streamlining the process of identifying suspects and potentially speeding up investigations​.
Why does it matter?
The deployment of FRT by Swedish police is governed by stringent regulations to ensure compliance with both national and EU data protection laws, aligning with Sweden’s Crime Data Act and the EU’s Data Protection Law Enforcement Directive (GDPR). This compliance is crucial to addressing concerns about privacy and civil liberties, which are often raised in discussions about surveillance technologies​. The adoption of FRT in Sweden comes as part of a broader trend within Europe, where several countries are exploring or have already implemented similar technologies. For example, Dutch police utilize a substantial biometric database to aid in their law enforcement efforts.
New York lawmakers are preparing to ban social media companies from using algorithms to control content seen by youth without parental consent. The legal initiative, expected to be voted on this week, aims to protect minors from automated feeds and notifications during overnight hours unless parents approve. The move comes as social media platforms face increasing scrutiny for their addictive nature and impact on young people’s mental health.
Earlier this year, New York City Mayor Eric Adams announced a lawsuit against major social media companies, including Facebook and Instagram, for allegedly contributing to a mental health crisis among youth. Similar actions have been taken by other states, with Florida recently passing a law requiring parental consent for minors aged 14 and 15 to use social media and banning those under 14 from accessing these platforms.
Why does it matter?
The trend started with Utah, which became the first state to regulate children’s social media access last year. States like Arkansas, Louisiana, Ohio, and Texas have since followed suit. The heightened regulation is affecting social media companies, with shares of Meta and Snap seeing a slight decline in extended trading.
Spain’s data protection authority, AEPD, has temporarily suspended two Meta products planned for deployment during the upcoming European election on its social media platforms, Facebook and Instagram. The tools, named ‘Election Day Information’ (EDI) and ‘Voter Information Unit’ (VIU), potentially violate data protection regulations in Spain, according to AEPD. Meta, formerly Facebook, has contested this decision, stating that the tools were designed to respect users’ privacy and comply with GDPR standards.
Meta’s proposed data processing methods, aimed at sending notifications to eligible users reminding them to vote, raised concerns for AEPD. The agency highlighted that Meta’s selection of eligible voters based on user profile data such as city of residence and IP addresses was contrary to Spanish data protection regulations. AEPD deemed this data processing unnecessary, disproportionate, and excessive, as it excluded EU citizens living abroad and targeted non-EU citizens in Europe.
Furthermore, AEPD criticised Meta’s data collection practices regarding users’ ages, stating there was no reliable mechanism to verify self-reported ages. Additionally, the watchdog found Meta’s treatment of interaction data disproportionate to the stated purpose of informing about the elections. Moreover, Meta failed to justify the need to retain the collected data after the election, indicating potential additional purposes for the processing operation, according to AEPD.
TikTok is developing a separate recommendation algorithm for its 170 million US users to address concerns from American lawmakers who are pushing to ban the app. The following action, initiated by ByteDance, TikTok’s Chinese parent company, involves separating millions of lines of code to create an independent US version, potentially paving the way for divestiture of US assets.
The initiative, which predates a bill mandating TikTok’s US operations’ sale, is a response to bipartisan concerns that the app could provide Beijing with access to extensive user data. Despite ByteDance’s legal challenge to the new law, engineers continue to work on the complex and lengthy process of code separation, which is expected to take over a year.
TikTok has stated that selling its US assets is not feasible, citing commercial, technological, and legal constraints. However, the company is exploring options to demonstrate its US operations’ independence, including possibly open-sourcing parts of its algorithm. The success of this separation project could impact TikTok US’s performance, which currently relies on ByteDance’s engineering resources.
The European Securities and Markets Authority (ESMA) has issued its first statement on AI, emphasising that banks and investment firms in the EU must uphold boardroom responsibility and legal obligations to safeguard customers when using AI. ESMA’s guidance, aimed at entities regulated across the EU, outlines how these firms can integrate AI into their daily operations while complying with the EU’s MiFID securities law.
While AI offers opportunities to enhance investment strategies and client services, ESMA underscores its inherent risks, particularly concerning protecting retail investors. The authority stresses that management bodies are ultimately responsible for decisions, regardless of whether humans or AI-based tools make them. ESMA emphasises the importance of acting in clients’ best interests, irrespective of the tools firms choose to employ.
ESMA’s statement extends beyond the direct development or adoption of AI tools by financial institutions, also addressing the use of third-party AI technologies. Whether firms utilise platforms like ChatGPT or Google Bard with or without senior management’s direct knowledge, ESMA emphasises the need for management bodies to understand and oversee the application of AI technologies within their organisations.
Their guidance aligns with the forthcoming EU rules on AI, set to take effect next month, establishing a potential global standard for AI governance across various sectors. Additionally, efforts are underway at the global level, led by the Group of Seven economies (G7), to establish safeguards for AI technology’s safe and responsible development.