|
|
 |
I don’t think the story’s over by any stretch of the imagination.
— Counsel Peter K. Jackson on the Google-CMA wrangle over Privacy Sandbox
|
|
Welcome to Snippets ☕ TikTok continues to feel the heat as the Department of Justice files a lawsuit alleging repeated, "massive-scale" violations of children's privacy.
Plus, Kai Zenner shares an insider's look at the EU AI Act, popular dating apps may have revealed users' precise locations, the Illinois Biometric Information Protection Act gets a significant revision, and more.
|
|
|
|
|
DOJ sues TikTok for invading children’s privacy
|
 |
|
GETTY IMAGES
|
The Department of Justice (DOJ) filed a lawsuit against TikTok alleging the social media platform has repeatedly invaded children's privacy at a "massive-scale."
|
- Officials pointed to several violations including unlawful collection of children’s data, failure to delete children's accounts upon request, and insufficient screening of underage users.
- TikTok denied the allegations—claiming they "relate to past events and practices" that have been addressed and calling attention to new protections like default screen-time limits.
- The DOJ suit comes as TikTok’s Chinese parent company, ByteDance, continues to fight a bill that would potentially ban TikTok in the US.
|
|
|
|
|
|
|
Kai Zenner shares an insider's look at the EU AI Act
|
|
Ron De Jesus, Transcend's Field Chief Privacy Officer, recently sat down with Kai Zenner, Head of Office and Digital Policy Advisor for MEP Axel Voss and a pivotal voice in negotiations for the EU AI Act.
Their conversation explored the intricacies of EU lawmaking, as well as Kai’s innovative ideas for enhancing the AI Office's effectiveness and thoughts on ensuring the Act’s success.
|
|
|
|
|
|
|
|
Study finds dating apps revealed user locations
|
 |
|
Gabby Jones/Bloomberg / Getty Images
|
A new study found that design vulnerabilities in several popular dating apps allowed stalkers to potentially identify their victims’ location within a two-meter radius.
|
- Of the 15 dating apps in the study, Badoo, Bumble, Grindr, happn, Hinge, and Hily were all found to have the same vulnerability surrounding the use of location data in the apps’ filters.
- To find a target’s location, researchers used “oracle trilateration,” a technique that measures distance to the target from points in three different directions.
- The researchers proposed the apps round up the location coordinates by three decimal points, creating a one-kilometer (0.6 miles) buffer—a fix all the apps have since implemented.
|
|
|
|
|
|
|
|
Google’s new cookie plan is good for antitrust, poor for privacy
|
 |
|
Photographer: David Gray/Bloomberg
|
Google’s decision to U-turn on third-party cookie deprecation has reassured antitrust regulators concerned about a digital ads monopoly. But for privacy regulators, the door now seems open for more “opaque” forms of tracking.
|
- Following Google’s announcement that it would not turn off cookies by default in Chrome, the UK Information Commissioner’s Office (ICO) expressed disappointment.
- Google has also butted heads with Austrian privacy non-profit noyb, which claims that ‘Privacy Sandbox’ does not collect valid user consent and contains misleading ad privacy features.
- As Google moves forward with the new plan, which will reportedly prioritize user choice, experts have called on the company to avoid dark patterns and pursue techniques like differential privacy.
|
|
|
|
|
|
|
|
- X’s AI chatbot spread election misinformation.
- NSF announces $23 million award for privacy-preserving tech.
- ICO reprimands the Electoral Commission.
- Ransomware attack cuts hospital blood supply.
- 5 ways users can bolster Amazon Alexa privacy.
|
|
|
|
|
|
Businesses breathe easy after BIPA amendment passes
|
 |
|
REUTERS/Jeenah Moon/File Photo
|
Illinois Governor JB Pritzker signed a new law that will amend the Illinois Biometric Information Protection Act (BIPA)—limiting financial liability for companies found guilty of improper biometric data collection.
|
- With the amendment, companies may only be held accountable for one violation per individual, as opposed to each instance of biometric data misuse.
- David Oberly of law firm Baker Donelson explained the amendment would prevent companies from being hit with damages that are disproportionate to the actual privacy harm suffered by victims.
- Historically, companies have shelled out enormous amounts in BIPA settlements—Facebook paid $650 million for using facial recognition, while BNSF Railway paid $75 million for collecting biometric data from thousands of truck drivers.
|
|
|
|
|
|
|
|
AWS publicly unveils internal security detection tool
|
 |
|
Ron Miller/TechCrunch
|
On Monday, Amazon publicly introduced Mithra, a long-standing internal tool designed to track and eliminate cloud security threats.
|
- The technology, which runs on Amazon’s internal systems, helps detect around 182,000 malicious domains daily by assigning each a reputation score.
- Subject to various degrees of human oversight, depending on the overall threat level, flagged domains are forwarded to the company’s security systems for triage.
- Given Amazon’s scale (the company sees a quarter of global internet traffic daily), Mithra relies on AI assistance to scour the data and identify anomalies.
|
|
|
|
|
|
|
Understanding the key requirements of Delaware's privacy law
|
|
Signed into law on September 11, 2023, the Delaware Personal Data Privacy Act (DPDPA) is set to take effect on January 1, 2025.
Check out our recent guide to learn who’s subject to Delaware’s privacy law, what’s required of businesses under its scope, and how the DPDPA is different from other US state privacy laws.
Read to the end to find a 7 step Delaware privacy law checklist!
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
|
