Data Protection News Update 08 July 2024

IGS
July 8, 2024

United Kingdom

techUK co-signs a letter urging the next government to modernise the UK’s data protection framework

Several leading business groups, industry leaders and experts have co-signed an open letter calling The Conservative Party, the Labour Party, the Scottish National Party and the Liberal Democrats to modernise the UK’s data protection framework.
They argue the right balance must be struck between encouraging economic and societal growth, and maintaining high standards of personal data protection (especially so that the UK retains its adequacy determination with the EU).
The letter urges several policy changes, including: reforms clarifying the use of data for scientific and technological development; removal of consent requirements for non-intrusive cookies; creating a more flexible international data transfers regime.

Crypto hacking thefts double to $1.4 bln in first half of 2024, researchers say

The amount of cryptocurrency taken in hacks has more than doubled in the first half of 2024 (stealing $1.38bn worth of crypto) compared to the same period last year ($657m worth of crypto).
This was due to a small number of large attacks, and rising crypto prices.
One of the largest losses was $308m worth of crypto stolen from DMM Bitcoin (Japanese crypto exchange).
UN has accused North Korea of using cyber-attacks to help fund nuclear and missile programs. North Korea has previously denied such allegations.

United States

Mississippi law restricting children’s social media use blocked

New law requiring users of social media platforms to verify their ages, restricting access by those under 18 to sites if lacking parental consent, was blocked by a federal judge saying it was likely unconstitutional in violation of users’ free speech rights.
NetChoice (whose members include Facebook, Instagram, Youtube, Snapchat and X) sued after the measure was signed into law, arguing it would stifle users free speech and force online businesses to censor speech.
Mississippi Attorney General Lynn Fitch continued supporting the law, arguing it was necessary for “our children’s mental health, physical security, and innocence”, and this should not “take a back seat to Big Tech profits”.

Europe

Meta’s pay or consent model in crosshairs for breaching EU tech rules

Meta charged by EU antitrust regulators for breaching tech rules. Meta introduced a no-ads subscription service in November for Instagram and Facebook, where users can consent to tracking in exchange for free service (or they can pay for an ad-free version).
The European Commission has said the binary choice breaches the Digital Markets Act (DMA), as it forces users to consent to the combination of their personal data and fails to provide a less personalized but equivalent version of the social networks.
If found guilty of DMA breaches, Meta would have to pay a fine of up to 10% of its global annual turnover.

Lithuania’s Vinted fined €2.4m for consumer data breaches

Vinted, the second-hand clothing online marketplace, has been fined for consumer data protection violations.
It was determined by Lithuania’s state Data Protection Inspectorate that Vinted refused to delete customer data because applicants did not identify “specific grounds” from the GDPR, and Vinted did not specify the purposes for the continuing processing of customer data.
Vinted also processed customer data to shadow ban users (processing personal data to make those who may be in breach of the platform leave Vinted without being aware of such use of their data).

International

Brazil Halts Meta’s AI Data Processing Amid Privacy Concerns

The Autoridade Nacional de Proteção de Dados (ANPD), the Brazilian data protection authority, has banned Meta from processing users’ personal data to train Meta’s AI algorithms.
This follows Meta’s update to its terms allowing it to use public content from its platforms for AI training purposes.
Brazil has one of the largest markets, with 102m active users. The update by Meta was seen by the ANPD to both violate the General Personal Data Protection Law and has an “imminent risk of serious and irreparable or difficult to repair damage to the fundamental rights of the affected data subjects”.
If Meta does not comply within 5 working days of the order, it risks daily fines of 50,000 reais.

China leading generative AI patents race, UN report says

Generative AI produces text, images, computer code and music from existing information.
China has filed 6 times more patents than its closest rival the US, covering a broad area of sectors including autonomous driving, publishing and document management.
South Korea, Japan and India were also ranked highly in the number of patents filed with India growing at the fastest rate.

Data Protection News Update 12 January 2026

United Kingdom UK government launches cyber action plan to strengthen public-sector security and protect digital services Ofcom scrutinises X and Grok over non-consensual AI images United

Data Protection News Update 06 January 2026

United Kingdom EU renews adequacy decision with United Kingdom Update on the November Cyberattacks against London Councils United States Disney to Pay $10M over Alleged

Data and AI Ethics 2025: An IGS Roundup

As 2025 draws to a close, it’s a natural moment to pause and reflect on a year that has been transformative, for the data and AI ethics

Data Protection News Update 22 December 2025

United Kingdom Investigation after data breach affects thousands United States US pauses implementation of $40 billion technology deal with Britain Can law enforcement access Google