PayPal has appointed Srini Venkatesan as its new Chief Technology Officer (CTO) to lead its artificial intelligence initiatives. Venkatesan will be in charge of areas such as AI and machine learning, information security, and product engineering. In his previous position at Walmart, Venkatesan developed platforms to support the retail giant, including aspects of the Walmart+ subscription service. He has also worked at Yahoo and eBay among others.
Why is this important?
Like others in the finance field, PayPal has sought to embrace AI to improve its services. In January, the company announced new AI-driven tools, including some to make payment checkouts smoother. However, other tools use buying history, instead of browsing history, to target clients.
‘Smart Receipts’ uses buying history to recommend products, cashback and other deals on receipts. Similarly, ‘Advanced Offers Platform’ uses AI to deliver targeted promotions based on the customer’s purchase history with any previous merchant. PayPal says it is shifting from general ads to personalised ‘offers’, improving the customer experience.
In an article in PayPal’s newsroom, the company said it is adding simple privacy controls to let customers choose whether to share their data with merchants for personalised offers. However, given that browsing targeted advertising has already caused privacy concerns, it is likely that buying history will do so too. Venkatesan will be expected to implement the tech and answer to these concerns in his new role.
TikTok will be sued again by the US Department of Justice (DoJ) in a consumer protection lawsuit against ByteDance’s TikTok later this year, focusing on alleged children’s privacy violations. The incentive for the legal move comes on behalf of the Federal Trade Commission (FTC), but the DoJ will not pursue allegations that TikTok misled US consumers about data security, specifically dropping claims that the company failed to inform users that China-based employees could access their personal and financial information.
The decision suggests that the primary focus will now be on how TikTok handles children’s privacy. The FTC had referred to the DoJ a complaint against TikTok and its parent, ByteDance, concerning potential violations of children’s privacy, stating that it investigated TikTok and found evidence suggesting they may be breaking the Children’s Online Privacy Protection Act. The federal act requires apps and websites aimed at kids to get parental consent before collecting personal information from children under 13.
OpenAI, a startup supported by Microsoft, faces a privacy complaint from the European Center for Digital Rights (NOYB), an advocacy group, for allegedly failing to address incorrect information provided by its AI chatbot, ChatGPT, which could violate the EU privacy regulations. ChatGPT, renowned for its ability to mimic human conversation and perform various tasks, including summarising texts and generating ideas, has been scrutinised after reportedly providing inaccurate responses to queries about a public figure’s birthday.
NOYB claims that despite the complainant’s requests, OpenAI refused to rectify or erase the erroneous data, citing technical limitations. Additionally, the group alleges that OpenAI did not disclose crucial information regarding data processing, sources, or recipients, prompting NOYB to file a complaint with the data protection authority in Austria.
According to NOYB’s data protection lawyer, Maartje de Graaf, the incident underscores the challenge of ensuring compliance with the EU law when processing individuals’ data using chatbots like ChatGPT. She emphasised the necessity for technology to adhere to legal requirements rather than vice versa.
OpenAI has previously acknowledged ChatGPT’s tendency to provide plausible yet incorrect responses, citing it as a complex issue. However, NOYB’s complaint highlights the urgency for companies to ensure the accuracy and transparency of personal data processed by large language models like ChatGPT.
A draft report from the UK Information Commissioner’s Office (ICO) raises concerns about Google’s Privacy Sandbox, which is aimed at preserving privacy in online ad targeting and analytics. The report highlights gaps that could be exploited to compromise privacy and track individuals online. This technology seeks to replace current tracking methods with more privacy-conscious alternatives, but its credibility hinges on its ability to deliver privacy assurances.
If Google’s Privacy Sandbox fails to address regulatory, community, and competitive challenges, it could collapse, leaving adtech rivals to continue tracking users through existing or alternative methods. The ICO report represents another setback for Google’s attempts to reconcile ad targeting with privacy laws like GDPR. Google’s strategy involves moving ad auction mechanics to users’ local devices through web APIs, such as the Topics API in Chrome, which aims to convey user interests to advertisers without identifying individuals.
Critics, including the Electronic Frontier Foundation and rival browser maker Vivaldi, have raised concerns about the Privacy Sandbox’s support for behavioural advertising and its reliance on advertisers’ good behaviour rather than technical guarantees for privacy. Given Google’s market dominance and significant revenue tied to online advertising, scepticism persists about rebuilding ad architecture on its platforms. Both regulators and industry groups like the IAB have expressed concerns about the Privacy Sandbox’s potential competitive disadvantages and limitations, suggesting that Google may need to address these issues before proceeding.
Despite challenges and criticism, Google remains committed to Privacy Sandbox technologies, emphasising their aim to enhance privacy while maintaining targeted advertising. The company continues to engage with regulators and stakeholders to address concerns and ensure a solution that benefits users and the entire advertising ecosystem.
Google has settled a lawsuit accusing the tech giant of clandestinely tracking the internet activity of users who believed they were browsing privately. Filed in Oakland, California, federal court, the settlement terms await approval from US District Judge Yvonne Gonzalez Rogers. Though Google is not facing any damages, individual users retain the right to sue the company. According to lawyers representing the plaintiffs, the settlement is estimated to be valued between $5 billion and $7.8 billion.
The class action, initiated in 2020, represents millions of Google users who utilised private browsing settings from 1 June 2016. Allegations against Google include claims that its analytics, cookies, and apps allowed unauthorised tracking, turning the company into a repository of sensitive user information. Under the settlement, Google will update its disclosures regarding data collection during private browsing sessions and enable users to block third-party cookies for five years.
Google has responded by emphasising its commitment to user privacy, asserting that data collected during ‘Incognito’ mode browsing is not associated with individual users. According to Google spokesperson Jose Castaneda, the company is pleased to settle the lawsuit, which it has consistently deemed meritless. Plaintiffs’ lawyer David Boies views the settlement as a significant step towards holding dominant technology companies accountable for their practices, describing it as a ‘historic step requiring honesty and accountability’.
The agreement, which follows a preliminary settlement in December, prevents a scheduled trial in February 2024. Although specific terms of the settlement were not disclosed initially, plaintiffs’ lawyers intend to pursue unspecified legal fees from Google in the future. The lawsuit highlights ongoing debates surrounding online privacy and the responsibilities of tech giants like Google in safeguarding user data.
Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States of America have issued a statement on establishment of the Global Cross-Border Privacy Rules (CBPR) Forum that is aimed at multilateral cooperation in promoting trusted global data flows. The Global CBPR Forum intends to establish the Global Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems, based on APEC CBPR and PRP systems – data privacy certifications that help companies demonstrate compliance with internationally recognized data privacy standards.
