United Kingdom
As ransomware attacks surge, UK privacy regulator investigating fewer incidents than ever
- While ransomware data breaches have reached record high levels across the UK, the number of incidents investigated by the Information Commissioner’s Office (ICO) has declines to record lows.
- Of the 1,253 incidents reported to the ICO last year, only 87 were investigated. Just 19 of the 440 incidents reported in the first half of this year have been investigated.
- ICO has responded to the drop in investigations, stating ““The ICO regulates the whole UK economy, and so we continuously review and make difficult choices about how we prioritise our resources” and it was the ICO’s “duty to ensure we use our powers to have the maximum possible positive impact for the public and provide regulatory certainty to organisations. We have a robust triage process for each and every report we receive to determine which should progress to a formal investigation and those where other courses of action may be more appropriate.”
United States
Texas sues TikTok for violating children’s privacy
- Texas is suing TikTok for violating children’s privacy and state law by sharing children’s personal identifying information, without consent from their parents or legal guardians.
- The Texas Attorney, Ken Paxton, is seeking an injunction and civil penalties of up to $10,000 for each violation of the Securing Children Online Through Parental Empowerment Act.
- A particular issue is the apparent lack of tools provided by TikTok to restrict children’s privacy and account settings, even allowing information to be shared from accounts set to “private” and allowing targeted advertising to children.
Students adapt Meta’s smart glasses to dox strangers in real life
- Two Harvard students used facial recognition technology to prove the privacy risks of smart glasses.
- They used Meta’s smart Ray Bans and streamed its live recordings to a computer, where AI was used to spot when glasses were looking at a face. Once a face was found, the computer then looked up more pictures of the person and scoured voter registration databases, news articles and other publicly available sources.
- Through this search, people’s names, phone numbers, home addresses and relatives’ names could be identified.
- The students did this experiment to “raise awareness of what’s possible today with consumer tech” and will not be releasing the code for the program as it is “too dangerous”.
Europe
EU requests info from YouTube, Snapchat, TikTok on content algorithms
- The EU Commission has requested information from YouTube, Snapchat and TikTok, on the parameters used by their algorithms to recommend content to users, as well as their role in amplifying systemic risks (including risks related to the electoral process, mental health, and the protection of minors).
- The requests were made under the Digital Services Act, and concern the measures of the platforms “to mitigate the potential influence of their recommender systems on the spread of illegal content such as promoting illegal drugs and hate speech” according to the EU Commission.
- Additional information has been requested from TikTok about measures the firm has adopted to keep bad actors from manipulating the application and to reduce risks related to elections and civic discourse.
Meta must limit data for personalised ads – EU court
- The Court of Justice for the European Union (CJEU), the EU’s highest court, has ruled that Meta must minimise the amount of people’s data it uses for personalised advertising.
- This case was brought by Max Shrems, a privacy campaigner, who complained that Facebook misused his personal data about his sexual orientation to target ads at him. Shrems said he was targeted by adverts aimed at gay people (despite never sharing information about his sexuality on the platform.
- The CJEU said “an online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data”. Meta has denied using special category data to personalise adverts.
- The decision will have implications in the UK despite not being binding for EU courts, as a partner at law firm Freeths has said “Meta has suffered a serious challenge to its preferred business model of collecting, aggregating and leveraging substantial data troves in respect of as many individuals as possible, in order to produce rich insights and deep targeting of personalised advertising”.
International
Meta, Australian banks tout progress on taking down ‘celeb bait’ scam ads
- Meta has said it has taken down some 8,000 “celeb bait” scam ads from Facebook and Instagram. These scam ads use images of famous people, which are often generated by AI, to trick consumers into giving money to non-existent investment schemes. Targeting these ads is part of a new effort with Australian banks to curb the practice.
- Meta said it took down the scam ads after receiving 102 reports since April from the Australian Financial Crimes Exchange.
- The Australian Prime Minister’s government is planning to introduce an anti-scam law by the end of the year. The bill proposes $34m fines for social media, financial and telecommunications companies failing to meet their obligations to crack down on the practice.