United Kingdom
Meta’s AI to train using social media posts from Europe
- Meta to train Llama language models using public posts from users Instagram and Facebook pages.
- This move aligns the company’s approach in Europe and the UK their approach elsewhere in the world (despite earlier caution due to the more stringent EU privacy and transparency regulations).
- Meta has said they will begin notifying users on the changes in the UK and EU on how public information will develop and improve AI.
- The NYOB (none of your business) advocacy group has filed complaints challenging this shift, arguing the notifications were insufficient and the changes require opt-in consent from users.
OPC announces investigation into genetic testing company breach
- The U.K. Information Commissioner’s Office (ICO) and Privacy Commissioner of Canada (OPC) are jointly investigating the Oct 2023 data breach of genetic testing company 23andMe.
- 23andMe deals with genetic information that is highly sensitive and could be misused for surveillance or discrimination.
- The aim of the investigation is to determine the extent to which genetic data was stolen, and what safeguards were put in place by the company to prevent the cyberattack.
- This investigation is part of a larger effort by the OPC to pursue “privacy with maximum impact”, by using existing laws to tackle increasing technological challenges.
United States
US lawmakers grill Microsoft president over China ties, hacks
- Microsoft is an important technological and security partner to the federal government.
- Criticism came from Microsoft’s inability to prevent both a Russian hack (where Russia/linked cybercriminals spied on senior staff emails) and an alleged China hack (where hackers spied on federal emails).
- Microsoft’s lack of transparency over the China hack was especially at fault, as some considered it preventable.
- Microsoft’s president accepted responsibility for the hack, and has begun implementing recommendations from the Cyber Security Review Board report.
5th Circuit scraps plans to adopt AI rule after lawyers object
- Federal appeals court in New Orleans did not adopt proposed rule regulating the use of generative AI by lawyers.
- The rule was aimed at regulating the use of generative AI by attorneys and litigants appearing before the court without council.
- The rule required the lawyer to certify the generative AI used had been reviewed for accuracy following several reports of AI “hallucination” where attorneys using AI programs submitted briefs with citations of non-existent cases.
- Members of the bar argued rules already in place where good enough to deal with such inaccuracies caused by using technology in a legal setting.
Europe
Dutch intelligence says Chinese cyber espionage goes wider than it suspected
- Dutch intelligence agency said a Chinese state-backed hacking group was behind a 2023 attack with at least 20,000 victims worldwide (and possibly far more).
- Targets included: dozens of western governments; international organizations; other companies in the defence industry.
- Beijing routinely denies allegations of cyber espionage, opposing all forms of cyberattack.
International
Russian disinformation campaign attempts to disrupt the Paris Olympics
- Disinformation campaign is also targeting France, the French President Macron and the International Olympic Committee.
- During high profile events hackers can take advantage of fans through malicious content causing data breaches.
- The scale and significance of the event has made it a target, and robust cybersecurity measures are needed to ensure the safeguarding and functioning of the Olympics.
- In Vietnam, an updated Cybersecurity Administrative Sanctions Decree condensed regulatory penalties for breaches with personal data (with fines of up to 5% of total revenue or profits of the preceding financial year for businesses).
- In Thailand, a public consultation was concluded on the cybersecurity standard applicable to cloud services finding that personal data on the cloud would be of “medium” impact by default and be subject to higher security standards and obligations.
- Amendment of Singapore’s Cybersecurity Act means it now covers overseas/located critical information infrastructure.
