US wireless carriers fined millions for sharing customers’ personal data

The US government has issued draconian fines against major wireless carriers AT&T, Sprint, T-Mobile, and Verizon following an investigation revealing the unauthorised sharing of customers’ personal data. The sanctions stem from 2020 allegations by the Federal Communications Commission (FCC) that the carriers had unlawfully shared users’ geolocation histories with third parties, including prisons, as part of their commercial programs. The fines target sharing user location information with data resellers, known as ‘location aggregators,’ who then distribute the data to third-party customers.

AT&T faces a fine of $57 million, while Verizon was fined nearly $47 million. Sprint received a $12 million fine, and T-Mobile was fined $80 million. Despite promises to cease the practice after the issue came to light in 2018, carriers continued for nearly a year or longer, according to the FCC. The investigation, initiated during the Trump administration, revealed that carriers attempted to shift responsibility for obtaining customer consent onto downstream recipients of location information, often resulting in no valid customer consent.

Responding to the fines, all wireless carriers intend to appeal the FCC’s decision. AT&T, Verizon, and T-Mobile assert that the FCC’s order lacks legal and factual merit, with each carrier highlighting its efforts to address the situation and emphasising its commitment to customer privacy. T-Mobile, in particular, discontinued its location data-sharing program five years ago and plans to challenge the decision, stating that the fine is excessive.

The investigation into unauthorised data sharing gained stimulus in 2018 when Oregon Democratic Senator Ron Wyden’s probe revealed that cellphone location information had made its way to Securus, a provider of prison phone services. Wyden commended the FCC for holding the companies accountable and stressed the importance of protecting customer privacy and safety.

NOYB files a privacy complaint against OpenAI’s ChatGPT

OpenAI, a startup supported by Microsoft, faces a privacy complaint from the European Center for Digital Rights (NOYB), an advocacy group, for allegedly failing to address incorrect information provided by its AI chatbot, ChatGPT, which could violate the EU privacy regulations. ChatGPT, renowned for its ability to mimic human conversation and perform various tasks, including summarising texts and generating ideas, has been scrutinised after reportedly providing inaccurate responses to queries about a public figure’s birthday.

NOYB claims that despite the complainant’s requests, OpenAI refused to rectify or erase the erroneous data, citing technical limitations. Additionally, the group alleges that OpenAI did not disclose crucial information regarding data processing, sources, or recipients, prompting NOYB to file a complaint with the data protection authority in Austria.

According to NOYB’s data protection lawyer, Maartje de Graaf, the incident underscores the challenge of ensuring compliance with the EU law when processing individuals’ data using chatbots like ChatGPT. She emphasised the necessity for technology to adhere to legal requirements rather than vice versa.

OpenAI has previously acknowledged ChatGPT’s tendency to provide plausible yet incorrect responses, citing it as a complex issue. However, NOYB’s complaint highlights the urgency for companies to ensure the accuracy and transparency of personal data processed by large language models like ChatGPT.

WhatsApp threatens shutdown over encryption demands in India

WhatsApp and Facebook are challenging India’s amended IT Rules, claiming they infringe on privacy rights and are unconstitutional. At a Delhi High Court hearing, WhatsApp argued that being forced to decrypt messages could shut down their service. A key issue is Rule 4(2), which mandates social media companies to trace the original source of messages under certain conditions. WhatsApp contends this would require them to store messages for years, a demand not made in any other country, including Brazil.

The Indian government argues that these companies, which profit from user data, don’t have a basis to claim they protect user privacy. The government insists these rules are vital for law enforcement to track false messages and uphold public order. The Ministry of Electronics and Information Technology supports the rules, stating they meet global standards and ensure accountability of digital platforms, keeping the internet secure and respecting citizen rights. The case has been adjourned to August 14 for further consideration.

Why does it matter?

Since adopting end-to-end encryption in 2016, WhatsApp has prioritised privacy and security. In India, where it is the leading messaging app with over 900 million users, it has become a key tool for government communications. Over the years, WhatsApp has expanded its reach to include various government bodies that use it to disseminate vital information. With such a vast user base and an important role in public communication, the outcome of this situation could have dramatic consequences for India’s informational ecosystem.

ByteDance weighs options as TikTok faces US ban threat

ByteDance, the owner of TikTok, faces a crucial decision amidst looming legislation threatening to ban the app from US app stores. Sources close to ByteDance revealed that the company may opt to shut down TikTok rather than sell it, should legal avenues be exhausted. Central to this decision is the significance of TikTok’s algorithms, which are considered vital to ByteDance’s operations. Despite TikTok’s contribution being a small fraction of ByteDance’s total revenue and user base, the parent company hesitates to part with its core algorithm.

TikTok’s fate hinges on US legislation, with President Biden signing a bill that could force its sale by 19 January. However, Biden may extend this deadline by three months if ByteDance shows progress. Yet, ByteDance remains tight-lipped about its plans. It merely reiterates its lack of intention to sell TikTok as its CEO expresses confidence in overcoming legal challenges, underlining the app’s importance to its 170 million American users.

The intertwined nature of TikTok with ByteDance’s core algorithms poses a significant hurdle to any potential sale. TikTok’s algorithms align closely with ByteDance’s domestic apps, making it challenging to divest without relinquishing crucial intellectual property. Moreover, ByteDance is adamant about safeguarding its ‘secret source’ – the TikTok algorithm – from falling into the hands of competitors. This stance reflects a broader concern over data security and technological sovereignty.

Why does it matter?

Tensions surrounding TikTok highlight broader geopolitical and technological concerns, with China indicating resistance to any forced divestment of the app. The situation underscores the intricate web of international relations, trade regulations, and corporate strategies shaping the fate of digital platforms like TikTok. As ByteDance navigates this complex landscape, the future of TikTok hangs in the balance, with profound implications for both the company and its millions of users worldwide.

Kenya government advises against TikTok ban, proposes oversight

Kenya’s government has advised against banning TikTok amidst concerns over content shared on the platform, suggesting stricter oversight instead. The recommendation comes in response to a parliamentary panel considering a citizen’s petition to ban the Chinese-owned app. The interior ministry alleges TikTok has been used for spreading propaganda, fraud, and distributing sexual content.

The information and communication ministry proposed a co-regulation model, urging TikTok to screen content for compliance with laws in Kenya and submit quarterly reports on removed material. TikTok, owned by Chinese company ByteDance, has yet to comment on the recommendation since it has faced global criticism but defended its user privacy record.

Regulatory scrutiny of TikTok is not unique to Kenya. Italy recently fined three TikTok units for inadequate content checks, especially concerning children’s safety. Meanwhile, in the US, the Senate approved legislation threatening a TikTok ban unless ByteDance divests within the next nine to twelve months. Concerns centre around fears that China could exploit the app for data access or surveillance of American users.

Google postpones elimination of third-party cookies in Chrome to 2025

Google has announced another postponement of its plan to phase out third-party cookies in its Chrome browser, with the new target set for 2025. This adjustment marks another delay in a series of postponements that began with the initial announcement in January 2020.

Third-party cookies, which are small data files stored on users’ devices, have been a fundamental component of digital advertising, enabling companies to track users across multiple websites and target them with specific advertisements. However, since 2013, these cookies have raised significant privacy concerns, leading major tech companies, such as Apple, Mozilla, and Microsoft, to reconsider their use

Google attributes the latest delay to significant feedback from various stakeholders, including industry experts, regulators, and developers, which has highlighted the complexities of removing third-party cookies without disrupting the digital advertising ecosystem. The tech giant has emphasized its commitment to working closely with the entire ecosystem to address these challenges while enhancing consumer privacy protections through its Privacy Sandbox initiative.

The Privacy Sandbox project is Google’s response to the need for a balanced approach that respects user privacy while allowing advertisers to effectively reach their audiences. It is a collection of technologies aimed at creating a more private web browsing experience. Despite its progress, Google acknowledges the necessity of additional time to ensure that all parties can adapt to the changes without significant disruptions.

This decision comes in the context of ongoing scrutiny and regulatory review, particularly from bodies like the UK’s Competition and Markets Authority (CMA), which has emphasized the importance of ensuring that new technologies do not stifle competition.

The extended timeline is intended to allow public discussion and engagement with regulatory authorities and publishers and the advertising industry to migrate their services responsibly. Google’s approach aims to preserve the vitality of the web ecosystem while phasing out technologies that compromise user privacy.

Spain reopens probe into Israeli NSO Group’s Pegasus software

Spain’s High Court has reignited an investigation into the use of NSO Group’s Pegasus software to spy on Prime Minister Pedro Sanchez and other Spanish politicians. The legal move comes after a previous probe was shelved due to a lack of cooperation from Israeli authorities. Investigators plan to collaborate with France, where similar surveillance targeted politicians and public figures.

The investigation aims to uncover the perpetrators behind the spying activities, which triggered a political crisis in Spain in 2022 and resulted in the resignation of the country’s spy chief. However, no individuals or groups have been formally accused yet. The Spanish government has not disclosed whether foreign or domestic entities are suspected of orchestrating the espionage.

Judge Jose Luis Calama decided to reopen the case following revelations from France regarding the use of Pegasus software to surveil journalists, lawyers, and government officials. French President Emmanuel Macron even changed his mobile phone and number due to security concerns arising from the Pegasus spyware case. Calama emphasised the importance of analysing technical data from both countries’ investigations to identify the culprits behind the cyber attacks.

The judge has ordered expert analysis to compare technical elements gathered by Spanish and French authorities, expecting closer collaboration once this analysis is complete. Calama envisions joint efforts between French and Spanish judicial authorities to determine the origin of the Pegasus spy program’s infiltration in both countries. This renewed investigation signals a concerted effort to address concerns surrounding digital surveillance and protect the privacy of politicians and citizens alike.

US Senate passes bill mandating TikTok sale or US ban

The Senate has passed a foreign aid package that includes a bill mandating China-based company ByteDance to sell TikTok within a year or face a US ban on the platform. Having cleared both chambers of Congress, the legislation is now headed to President Joe Biden, who has committed to signing it into law. ByteDance will have an initial nine months to finalise a sale, with a possible three-month extension based on progress, though legal challenges could delay enforcement.

The bill’s successful passage through the Senate was achieved through strategic manoeuvring in the House, where it was included in a high-priority foreign aid package. This move compelled the Senate to address the TikTok issue earlier than anticipated. By extending the divestment timeline, more support was garnered in the Senate, resulting in a vote of 79-18 in favour of the bill.

Lawmakers and intelligence officials have voiced concerns over TikTok’s ownership by a China-based company. They cite potential data security risks due to China’s national security law and fear that the Chinese government’s influence could impact US user experiences.

Senate Commerce Committee Chair Maria Cantwell stressed that the legislation aims to prevent foreign adversaries from conducting espionage and harming vulnerable Americans, not to punish specific companies.

Senate Intelligence Committee Chair Mark Warner highlighted worries about Chinese companies owing allegiance to the Chinese government and potential covert manipulation of social media platforms. He dismissed TikTok’s proposed data governance solution, Project Texas, as inadequate. Despite concerns among TikTok users, Warner assured that the legislation is not about silencing voices but addressing critical national security issues.

President Biden has expressed intent to promptly sign the bill into law to facilitate aid to Ukraine, while TikTok has signalled readiness to challenge the law in court if passed.

Border chaos looms as app delayed for UK-EU entry system

Concerns are mounting over potential border chaos between the UK and the EU as an app designed to streamline passport checks will not be ready to implement the European Union’s Entry-Exit System (EES). Eurostar CEO Gwendoline Cazenave disclosed the delay, indicating that the railway service intends to install additional kiosks at London’s St Pancras station to manage passport checks effectively. The EES scheme, set to commence on 6 October, requires non-EU passport holders to register fingerprint and facial biometrics with a mobile application to ease pre-registration and avoid lengthy border queues.

While Eurostar aims to reassure passengers about the app’s impending deployment, other border crossings, including the Channel Tunnel operated by Getlink, are preparing for potential disruptions. New processing areas will be constructed at Folkestone and Calais to accommodate the scheme’s requirements. However, the Port of Dover faces significant challenges due to high traffic volumes and limited space, with concerns raised by Kent County Council leader Roger Gough and Port of Dover CEO Doug Bannister regarding potential supply chain disruptions in the UK.

Why does it matter?

In addition to managing the EES rollout, the Port of Dover is grappling with the arrival of migrants in the UK, prompting discussions about implementing live facial recognition technology at migrant processing facilities in Kent. With record numbers of migrants crossing the English Channel, the situation has become politically charged, exacerbating the strain on Dover port. Despite efforts to enhance processing capabilities and implement new technologies, concerns persist about the ability of border staff to manage surges in migrant arrivals effectively, raising questions about security and operational efficiency.

UK’s Data Protection Bill sparks controversy

Critics are voicing strong opposition to the UK’s proposed Data Protection and Digital Information Bill (DPDI), particularly its provisions regarding bank account monitoring for benefit recipients and changes to biometric data oversight. A cross-party group of parliamentarians has raised concerns over a proposal to grant the Department for Work and Pensions (DWP) access to individuals’ bank accounts, arguing that such powers could lead to wrongful benefits suspension and intrusive scrutiny.

The DPDI, currently under scrutiny in the House of Lords, faces criticism from various quarters. Last month, the Information Commissioner and numerous charities and campaign organisations criticised the bill for its lack of clarity on data collection and processing safeguards. The controversial provision to monitor benefit seekers’ bank accounts has drawn particular ire, with concerns raised about the scope and potential consequences of such surveillance.

In addition to scrutinising bank account monitoring, the DPDI also seeks to alter the oversight of biometric identification and surveillance technologies. This move has been criticised by former biometrics commissioners, civil society organisations, and the Equality and Human Rights Commission, who warn of significant gaps in existing surveillance oversight. Furthermore, concerns have been raised about the DPDI’s implications for data-sharing agreements between the UK and the European Union, with the European Parliament’s Civil Liberties, Justice, and Home Affairs Committee cautioning that it could jeopardise data-sharing adequacy agreements.