United Kingdom
Pioneering new mathematical model could help protect privacy and ensure safer use of AI
- The findings of a study at the University of Oxford to develop a new mathematical model which could help people better understand the risks posed by AI and assist regulators in protecting peoples’ privacy have been published. The method provides a robust scientific framework for evaluating identification techniques, especially when dealing with large-scale data.
- The method is able to assess how different data identification techniques will perform at scale, in different applications and behavioural settings, and may explain why some AI identification techniques fail to scale in real-world conditions. As AI tools are used to identify humans in online banking, humanitarian aid delivery and law enforcement, the accuracy of these tools is crucial. This testing method allows for the identification of potential weaknesses and areas for improvement before full-scale implementation, which is essential for maintaining safety and accuracy.
- Co-author Associate Professor Yves-Alexandre de Montjoye said, “understanding the scalability of identification is essential to evaluate the risks posed by these re-identification techniques, including to ensure compliance with modern data protection legislations worldwide.”
United States
Is your car spying on you? What it means that Tesla shared data in the Las Vegas explosion
- As cars now resemble computers on wheels, there is a lack of clarity over the information they collect on their users. Many cars collect location data, and also have access to contacts, call logs, texts and other sensitive information (due to mobile phone syncing).
- The data collected on Musk’s Cybertruck was used by police to track the driver’s movements; and included data collected by Tesla from charging stations and onboard software.
- There are no U.S. federal laws regulating car data similar to those that restrict information collection and sharing by banks and health care providers. State laws are a grab-bag of various rules, mostly focused on data privacy in general.
- The executive director of the CEO of privacy consulting firm Red Clover Advisors has said they “think law enforcement should have access to data that can help them solve things quickly, but we have a right to privacy.”
Meta ends fact-checking. Here’s how to find the truth on social media.
- Meta is removing warnings on posts on its social media apps (Facebook, Instagram and Threads) to show they are untrue. This will be outsourced to users by letting them leave “Community Notes” under debated posts, similar to what X has done.
- The change was announced by CEO Mark Zuckerberg, who acknowledged this would mean the company caught “less bad stuff”, but that this was preferable as it allowed users to post freely without fear of having posts or accounts removed.
- If a post elicits a strong emotional reaction, this is a sign it may be untrue. “Another good sign is that you want to believe it,” says Abbie Richards, a misinformation researcher and content creator. “When you encounter misinformation, the biggest factor in whether you fall for it is when you want it to be true.”
- For news sources, use tools that are designed for getting real news from their original sources (like Apple News and Google News) and try to trace stories to their original source. Additionally, use fact-checking sites like FactCheck.org, Check Your Fact, Reuters Fact Check and PolitiFact.
Europe
European Commission faces first-ever fine for violating its own privacy laws
- The European Commission has been ordered to pay £335 in damages for violating EU data protection laws in connection with the Conference of the Future of Europe website.
- The incident came to light when an individual registered for an event using the Commission’s EU Login service, signing in through Facebook. In doing so, the individual’s IP address was transferred to Meta Platforms in the US. At the time of transfer, March 2022, there was no agreement to ensure an adequate level of data protection for EU citizens in the US.
- The General Court found the Commission failed to demonstrate the existence of appropriate safeguards, such as standard contractual clauses, to justify the transfer. The General court said “The individual concerned suffered non-material damage, in that he found himself in a position of some uncertainty as regards the processing of his personal data, in particular of his IP address”.
International
B.C. court approves class-action lawsuit about privacy over Home Depot receipts
- The lawsuit alleges Home Depot gathered information when British Columbia customers opted for emailed receipts, including the purchase price, brands bought, and data related to the customer’s email address, then shared it without consent with technology giant Meta.
- A British Columbia Supreme Court judge said a class-action can go ahead for the alleged breach of privacy, but dismissed claims that Home Depot violated other duties and contractual obligations.
- The decision says the claim involves more than six million emails and corresponding data shared with Meta over several years. The judge said the alternative to a class-action lawsuit would be hundreds of thousands of individual claims, “which are simply not feasible” and prohibitive in terms of cost.
Decoding India’s draft DPDPA rules for the world
- India’s Ministry of Electronics and Information Technology released the draft Digital Personal Data Protection (Act) Rules (DPDPA), 2025 for public consultation, marking a significant milestone in the evolving data protection landscape of the world’s largest democracy.
- Notable features include: a unique consent management framework; verifiable parental consent and verification of lawful guardianship accountability in algorithmic decision-making; and possible restrictions against international data transfer.
- The draft rules require increased transparency through granular details of processing activities. One such detail is that entities determining the means and purposes of processing personal data are now required to provide a comprehensive notice that goes beyond traditional privacy policies. The notice is required to be a standalone document and directly accessible to individuals identifiable by their personal data.
