Andreea Lisievici

Irish DPC to investigate X’s Grok AI training on user data without consent

AI, Enforcement |

The Irish Data Protection Commission is investigating X’s practice of sharing user data with Elon Musk’s AI startup, xAI, without explicit consent. X implemented a feature that opts users into data sharing by default, without prior notice. Users can change this setting only on the desktop version, with a mobile app option in development. The DPC had been questioning X for months and expressed surprise at the sudden rollout, which may lead to a GDPR investigation and possible fines. This situation mirrors Meta’s recent GDPR-related halt on similar AI data usage in Europe.

Irish DPC to investigate X’s Grok AI training on user data without consent Read More »

FCC and TracFone Settle $16 Million Fine Over Data Breaches

Enforcement |

The Federal Communications Commission (FCC) has announced a settlement with TracFone Wireless Inc., resolving investigations into three significant data breaches. The breaches, occurring between January 2021 and January 2023, exposed customers’ personal information due to vulnerabilities in application programming interfaces (APIs). The settlement includes a $16 million penalty and mandates comprehensive security measures, such as improved API security, SIM change and port-out protections, and regular security assessments.

FCC and TracFone Settle $16 Million Fine Over Data Breaches Read More »

Korean PIPC Fines AliExpress $1.43M for Data Protection Violations

Enforcement |

The Korean Personal Information Protection Commission (PIPC) has fined AliExpress, operated by Alibaba.com Singapore E-Commerce Private Limited, 1.978 billion KRW ($1.43 million) and imposed a 7.8 million KRW ($5,631) administrative fine for violations of the Korean Personal Information Protection Act (PIPA). These penalties follow investigations triggered by privacy concerns over data transferred to Chinese sellers. The PIPC also issued corrective orders to AliExpress to improve data protection measures and enhance transparency for Korean users.

Korean PIPC Fines AliExpress $1.43M for Data Protection Violations Read More »

TikTok Fined £1.875 Million by UK’s Ofcom for Data Inaccuracies

Enforcement, TikTok |

Ofcom has fined TikTok £1.875 million for providing inaccurate information regarding its parental controls feature, Family Pairing. TikTok failed to deliver precise data by the requested deadline, disrupting Ofcom’s efforts to publish a child safety transparency report. Despite being aware of the inaccuracies, TikTok delayed informing Ofcom, leading to significant regulatory and operational setbacks. The fine reflects TikTok’s responsibility to ensure data accuracy and timely cooperation with regulatory demands. This is TikTok’s first penalty under the Communications Act 2003, reduced by 25% due to their cooperation in settling the case.

TikTok Fined £1.875 Million by UK’s Ofcom for Data Inaccuracies Read More »

Texas $1.4 Bil­lion Set­tle­ment with Meta Over Its Unau­tho­rized Cap­ture of Per­son­al Bio­met­ric Data

Enforcement, Meta |

Texas Attorney General Ken Paxton has achieved a massive $1.4 billion settlement with Meta for unauthorized capture and use of biometric data from millions of Texans. This is the largest settlement obtained by a single US state, surpassing the $390 million Google settlement in 2022. The case was brought under Texas’s “Capture or Use of Biometric Identifier” Act (CUBI), marking its first successful lawsuit and settlement. Paxton’s office sued Meta in February 2022 for using facial recognition software without proper consent, violating CUBI and the Deceptive Trade Practices Act. The settlement will be paid over five years.

Texas $1.4 Bil­lion Set­tle­ment with Meta Over Its Unau­tho­rized Cap­ture of Per­son­al Bio­met­ric Data Read More »

Scroll to Top