United Kingdom
Reform UK tracked private user information without consent
- Private browsing data was collected by Reform UK through a hidden tracking tool in its website, and shared with Facebook for use in targeted advertising.
- The tracker was triggered automatically, without asking for users’ consent. A package of data was then sent to Meta with the details of which webpages were viewed, when, and what buttons were clicked.
- The data gathered enters Meta’s advertising system, and can be used for Meta’s own purposes (as well as by advertisers such as Reform to re-target audiences with tailored ads).
- The ICO is examining Reform’s use of tracking pixels, as a wider review of “the data protection harms arising from use of online tracking technologies”.
United States
Google says it’s focusing on privacy with Gemini AI on Android
- Google says the integration of AI features on Android devices is being done with privacy in mind, with Google implementing end-to-end protection to secure data in transit, and keeping the most sensitive locally on the device.
- Gemini is a new AI assistant developed by Google to integrate with Android devices, it can summarize news articles; ask questions about items the user sees on their screen; help create documents (like resumes, email responses); generate images based on user descriptions; make plans and itineraries; translate text… Gemini operates both on the Android device and in the cloud.
- As Gemini AI powered features become more widely available to Android devices, Google published a post emphasizing its commitment to provide advanced generative AI capabilities while ensuring user data privacy and security. Key points in achieving this include: no third-party AI providers; on-device AI; secure cloud infrastructure; user control over Gemini AI; innovative privacy technologies (such as sealed computing, which keeps sensitive data private even from Google) and enhanced transparency.
US charges Tennessee man in North Korea IT worker fraud scheme
- The U.S. Justice Department announced charges against a Tennessee man, Matthew Isaac Knoot, of helping North Koreans land IT jobs with American and British companies, to fund Pyongyang’s weapons programs. North Koreans were helped to gain remote access software from companies who thought they were hiring American employees.
- The head of the Justice Department’s National Security Division said, “This indictment should serve as a stark warning to U.S. businesses that employ remote IT workers of the growing threat”, and “need to be vigilant in their hiring processes”.
- The charges faced by Knoot include several charges, including conspiracy to commit computer fraud and money laundering.
Texas sues GM for allegedly violating drivers’ privacy
- Texas is suing General Motors, for installing technology on over 14m vehicles to collect data about drivers to sell on to insurers and other companies, without the drivers’ consent.
- The Texas Attorney General said the data was being used to compile “Driving Scores”, assessing if 1.8m Texas drivers had “bad” habits (such as speeding, breaking to fast, steering too sharply into turns, not using seatbelts and driving late at night). Insurers could then use this data to increase premiums, cancel policies or deny coverage.
- The suit seeks the destruction of improperly collected data, compensation for drivers, civil fines and other remedies for violations of the Texas Deceptive Trade Practices Act.
Europe
Polish billionaire plans to sue Meta over fake advertisements
- Polish billionaire Rafal Brzoska and his wife plan to sue Meta over fake advertisements on Facebook and Instagram featuring his face and false information circulating on the social media platforms.
- A Meta spokesperson has said the company removes false ads from its platforms when it learns about them, working with local authorities to battle scammers. Brzoska has stated Meta was notified of the problem and the start of July, and a solution was not found.
- Brzoska and his wife are seeking that Meta stops benefiting from the promotion of content that violates their rights, and a large compensation donated to a charity (adequate to the level of advertising revenues from spreading this type of disinformation).
AI-Powered CCTV in Paris Olympics Sparks Privacy Concerns
- French authorities strengthened their security during the showpiece event with algorithmic video surveillance (VSA). 200 cameras in Paris and the wider Île-de-France region have been supplemented by AI for the Olympics, with a further 300 cameras using the same system across 46 subway stations.
- VSA is beyond facial recognition, since the algorithm determines the direction of cameras to detect specific predefined movements which sends alerts to operatives. Biometric data forms part of the data collected by the VSA.
- Technology and human rights specialists have outlined how the AI-led CCTV violates international human rights laws, posing a risk to the right to privacy, the freedom of assembly and association, and the right to non-discrimination.
- A leading digital rights advocacy group has expressed concern over the impact of the increased security on privacy rights, especially since with each passing large-scale event, more justification will be given for the long-term introduction of the enhanced technology.
International
Hong Kong urged to fast-track privacy law reforms amid surge in data breaches
- Following a surge in data breaches exposing hundreds of thousands of residents’ personal information, Hong Kong has been urged by a cybersecurity expert and a lawmaker to speed up privacy law reforms to penalise companies over data breaches.
- The City’s privacy watchdog launched an investigation on Wednesday into a possible breach at the local branch of Oxfam, which potentially affected over 470,000 people. There have been several other data breaches in Hong Kong, including: a data breach at the Hong Kong Ballet (that compromised the personal information of 37,840 people); an incident at the Council of Hong Kong Laureate Forum (affecting the names, emails and other information of over 8,000 people) and a cyberattack at ImagineX Management Co Limited (compromising the data of over 127,000 members and employees).
- The Privacy Commissioner, Ada Chung Lai-ling, has previously said she was discussing amending the Personal Data (Privacy) Ordinance with the government, including empowering authorities to impose administrative fines. Additionally, the Office of the Privacy Commissioner for Personal Data is considering making reporting data leak incidents mandatory, and requiring data users to have a data retention policy.
The UN is moving to fight cybercrime but privacy groups say human rights will be violated
- Almost 200 nations approved the United Nations Convention against Cybercrime at a special committee meeting capping months of negotiations. The treaty (expected to win General Assembly approval within months) creates a framework for nations to cooperate against internet-related crimes including the illegal access and interception of computer information; electronic eavesdropping and online child sex abuse. The U.N. convention bars, among other things, electronic eavesdropping or hacking without government permission.
- Critics of the treaty say they can see within it oppression-friendly language (as this process began with a Russian initiative). Private companies, international civil rights groups and electronic freedom advocates have expressed concern that the United Nations label attached to the convention could provide cover for repressive countries that want to go after people who use the internet in ways they dislike.
- A senior U.S. administration official has said “we felt that we got to a balance between authorities for law enforcement and human rights”.
