Enforcement Archives

FTC Investigates Surveillance Pricing Practices

Enforcement, FTC | August 5, 2024

The Federal Trade Commission (FTC) issued orders to eight companies to gather detailed information on surveillance pricing practices. These companies, including Mastercard and JPMorgan Chase, use personal data such as browsing history and credit scores to set individualized prices for goods and services. The FTC aims to understand the impact of these practices on privacy, competition, and consumer protection. Chair Lina M. Khan emphasized the risks to consumer privacy and potential price exploitation. The investigation uses the FTC’s 6(b) authority to conduct comprehensive studies without specific law enforcement purposes.

FTC Investigates Surveillance Pricing Practices Read More »

DOJ Accuses TikTok of Data Misuse on Sensitive Topics

Enforcement, TikTok | August 5, 2024

The U.S. Department of Justice accused TikTok of gathering and sharing U.S. user data on contentious issues like abortion and gun control with its Chinese parent company, ByteDance. Court documents reveal that TikTok used an internal system called Lark to communicate and transfer sensitive data to ByteDance employees in China. The DOJ argues that TikTok’s data handling practices pose significant national security risks and could allow for covert content manipulation by the Chinese government. TikTok disputes these claims, asserting that the potential ban would violate the First Amendment. This case is part of a broader legal battle over TikTok’s future in the U.S.

DOJ Accuses TikTok of Data Misuse on Sensitive Topics Read More »

Irish DPC to investigate X’s Grok AI training on user data without consent

AI, Enforcement | August 5, 2024

The Irish Data Protection Commission is investigating X’s practice of sharing user data with Elon Musk’s AI startup, xAI, without explicit consent. X implemented a feature that opts users into data sharing by default, without prior notice. Users can change this setting only on the desktop version, with a mobile app option in development. The DPC had been questioning X for months and expressed surprise at the sudden rollout, which may lead to a GDPR investigation and possible fines. This situation mirrors Meta’s recent GDPR-related halt on similar AI data usage in Europe.

Irish DPC to investigate X’s Grok AI training on user data without consent Read More »

FCC and TracFone Settle $16 Million Fine Over Data Breaches

Enforcement | August 5, 2024

The Federal Communications Commission (FCC) has announced a settlement with TracFone Wireless Inc., resolving investigations into three significant data breaches. The breaches, occurring between January 2021 and January 2023, exposed customers’ personal information due to vulnerabilities in application programming interfaces (APIs). The settlement includes a $16 million penalty and mandates comprehensive security measures, such as improved API security, SIM change and port-out protections, and regular security assessments.

FCC and TracFone Settle $16 Million Fine Over Data Breaches Read More »

Korean PIPC Fines AliExpress $1.43M for Data Protection Violations

Enforcement | August 5, 2024

The Korean Personal Information Protection Commission (PIPC) has fined AliExpress, operated by Alibaba.com Singapore E-Commerce Private Limited, 1.978 billion KRW ($1.43 million) and imposed a 7.8 million KRW ($5,631) administrative fine for violations of the Korean Personal Information Protection Act (PIPA). These penalties follow investigations triggered by privacy concerns over data transferred to Chinese sellers. The PIPC also issued corrective orders to AliExpress to improve data protection measures and enhance transparency for Korean users.

Korean PIPC Fines AliExpress $1.43M for Data Protection Violations Read More »