Data Protection News Update 24 June 2024

United Kingdom

Post Office accidentally leaks names and addresses of wrongfully convicted operators

  • The Post Office has referred itself to the Information Commissioner’s Office (ICO) after it accidentally published the names and addresses of 555 people involved in suing the Post Office in the Horizon IT lawsuit.
  • The document with the personal details has since been removed from the website, and an investigation has begun into how it was published.
  • In 2021, the ICO issued a £500,000 fine to the Cabinet Office in a similar situation, where the addresses of the 2020 new year’s honours recipients were disclosed online. In serious cases of data breaches in the public sector, the ICO can issue fines, warnings, reprimands and enforcement notices.

AI is coming for our anger

  • An AI-powered system to protect workers in call centres from verbal abuse is being developed by a separately listed arm of Masayoshi Son’s Softbank.
  • The technology, which is still in its R&D phase, would change the rant of an angry human caller in real time, so those working in call centres only hear a softer version. Commercialisation and installation of this software is expected sometime before March 2026.
  • The EmotionCancelling engine was trained using actors performing angry phrases, providing the AI with pitches and inflections to detect and replace.
  • Removing emotion from callers’ voices based upon what is threatening has wider implications, as more emotional reactions could potentially be removed, and regional accents may also be targeted and removed without users knowing.

United States

The Vermont veto is a step backward for privacy

  • The Vermont Legislatures privacy bill was vetoed by its governor, declaring it “created an unnecessary and avoidable level of risk” due to its “narrow” right of action.
  • The Vermont bill was more committed to other recent privacy laws, as it incorporated a private right to action (allowing people to sue companies who violated the law).
  • State privacy laws- other than those introduced in Colorado, California and Illinois- do not generally go beyond the “notice and choice” framework. Whilst they offer “rights”, these do not give people the right to sue when violated and instead create the illusion that the state legislature has solved the problem.
  • The Vermont Bill went beyond this traditional approach by having a private right of action and recognizing consumer rights. Whilst the private cause of action was weak, it was a political compromise, and would have been a significant improvement from the established norm.

Biden to ban US sales of Kaspersky software over ties to Russia, source says

  • Biden administration to ban sale of Kaspersky Lab’s antivirus software in US, as company’s close ties with Russia pose a risk and the access the software has could allow it to steal sensitive information from American computers.
  • The ban would exercise powers created by the Trump administration, allowing the ban or restriction of transactions between U.S. firms and the internet, telecom and tech companies from “foreign adversary” nations (like Russia and China).
  • Trump attempted to use this power to ban TikTok and WeChat, but federal courts prevented him.

Europe

EU cybersecurity label should not discriminate against Big Tech, European groups say

  • 26 industry groups across Europe warned proposed cybersecurity certification scheme (EUCS) should not discriminate against Big Tech.
  • The aim of the scheme to help companies and governments pick vendors for their cloud computing business.
  • The group is pushing for the removal of ownership controls and protection against unlawful access and immunity to non-EU law requirements.
  • Following the removal of sovereignty requirements (requiring US tech giants to set up a joint venture or cooperate with an EU-based company for storing and processing customer data to qualify for the highest cybersecurity label), other EU cloud vendors have expressed fears that non-EU governments may bet unlawful access to EU data based on their own laws.

International

Global audiences suspicious of AI-powered newsrooms, report finds

  • A report based on 100,000 people across 47 countries has found consumers are suspicious about the use of AI to create news content (especially concerning politics).
  • Additionally, 59% of respondents were worried about false news content online, an increase of 3 percentage points.
  • Increased popularity of news influences on TikTok compared to mainstream media means newsrooms need to build a direct relationship with their audiences to compete.

‘Alarm bells should be going off’ as mental health counselling app expands into Australia, critics say

  • BetterHelp, a mental health counselling app also known as the “Uber of therapy” is expanding in Australia and consumer advocates are concerned following a US ruling the company shared customers’ sensitive data to 3rd parties.
  • The US Federal Trade Commission required BetterHelp to pay $7.8m to customers as it had shared their email addresses, IP addresses and answers to personal health questions with social media platforms despite promising to keep such data private.
  • Choice, a consumer advocacy group in Australia, has said overseas wrongdoing by the company means the Australian information commissioner should investigate whether the company had breached any local privacy laws.
  • BetterHelp now acknowledges (in its lengthy privacy policy) that it shares an encrypted version of client’s email addresses with advertising partners. This means if a customer users the same email address in a social media account, the social media account knows whether the user has accessed the service (allowing BetterHelp to better target its advertising on social media platforms).

Share:

More Posts

Send Us A Message