Data Protection News Update 01 October 2024

United Kingdom

UK data watchdog confirms it’s investigating MoneyGram data breach

  • The UK Information Commissioner’s Office (ICO) has launched an investigation into MoneyGram International (a money transfer provider) following a data breach reported by the company. 
  • The extent of the breach is unknown, but MoneyGram provides services to over 50m people in over 200 countries and territories each year.
  • MoneyGram’s website was offline for a week following the incident, and customers were unable to make in-person or online payments. MoneyGram partners, such as the Bank of Jamaica and the UK Post Office, were also affected by the outage.

Microsoft re-launches ‘privacy nightmare’ AI screenshot tool

  • Microsoft is planning on relaunching the AI powered tool, Recall, that takes regular screenshots of users’ activity. The tool’s release was previously postponed due to privacy concerns, but now will be released in November on the new CoPilot+ computers.
  • Some features have been amended, including an opt-in to the tool as the default (rather than the previous opt-out).
  • The Information Commissioner’s Office has said it has been informed that a “series of changes” had been made to the product, and they were “continuing to assess Recall as Microsoft moves towards launch.”

United States

California passes law to ban or restrict smartphones in school

  • The Governor of California, Gavin Newson, signed into law a bill that requires schools limit or ban the use of smartphones. This measure was put in place to target the increased risk of mental illness and impairments to learning smartphones bring.
  • The bill requires school boards and governing bodies to develop a policy to limit or prohibit student use of smartphones by July 1 2026.
  • The governor said “the new law will help students focus on academics, social development, and the world in front of them, not their screens, when they’re in school”.

Europe

Tech giants push to dilute Europe’s AI Act

  • In May, lawmakers agreed the AI act. The law’s codes of practice accompanying the act are yet to be finalised, which will determine how strict the rules around “general purpose” AI systems will be enforced.
  • Companies, academics and other have been invited by the EU to draft the code of practice. The code will provide a checklist for firms so that their compliance can be demonstrated it, and if a company claims to follow the law while ignoring the code they could face a legal challenge.
  • Google, Open AI and Amazon have submitted applications to contribute, as have some non-profit organizations.

Irish Data Protection Commission fines Meta Ireland €91 million

  • The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) €91 million due to several infringements of the GDPR. These include:
    • Failures to notify the DPC and document a personal data breach concerning the storage of user passwords in plaintext; and
    • Not using or implementing appropriate technical or organisational measures to ensure appropriate security of users’ passwords against unauthorized processing.
  • The Deputy Commissioner at the DPC, Graham Doyle, commented “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.
  • This fine follows the final decision of the inquiry by the DPC into MPIL, launched in 2019 after MPIL notified the DPC of their inadvertent storage of social media passwords in plaintext on its internal systems. The decision by the DPC also contains a reprimand (Article 58(2)(b) GDPR), as well as the fines.

International

India’s Star Health sues Telegram after hacker uses app’s chatbots to leak data

  • Star Health, an Indian insurer, has sued Telegram and a self-styled hacker following a report that the hacker was suing chatbots on Telegram to leak personal data and medical reports of policy holders.
  • Star have received a temporary injunction from the court in its home state to ordering both Telegram and the hacker to block any chatbots or websites making the data available online.
  • Cloudflare Inc., a US-listed software firm, has also been sued by Star alleging the leaked data on websites was hosted using its services. The court has issued notices to both Telegram and Cloudflare.

Share:

More Posts

Send Us A Message