enforcement

FTC Sues TikTok for Violating US Children’s Privacy Law (COPPA)

FTC, TikTok, United States |

The FTC has filed a lawsuit against TikTok and its parent company ByteDance for violating the US Children’s Online Privacy Protection Act (COPPA). The lawsuit claims TikTok knowingly collected data from millions of children under 13 without parental consent, in breach of a 2019 FTC order. Despite internal concerns, TikTok allegedly continued collecting and sharing children’s data, failed to delete accounts upon parental request, and allowed children to bypass age verification. The suit seeks civil penalties and a permanent injunction to prevent further violations.

FTC Sues TikTok for Violating US Children’s Privacy Law (COPPA) Read More »

Meta is sued in Argentina for using data from WhatsApp to train its AI

AI, Argentina, Meta |

Two data protection lawyers filed a complaint against Meta, accusing the company of misusing personal data from WhatsApp and other platforms to train AI systems without user consent. The complaint was filed with the Argetine data protection authority and calls for detailed explanations on Meta’s data practices, privacy policy updates, and compliance with local laws. The case underscores Argentina’s outdated data protection laws and reflects growing global scrutiny of AI practices, similar to recent actions taken in Brazil and Europe.

Meta is sued in Argentina for using data from WhatsApp to train its AI Read More »

Irish DPC to investigate X’s Grok AI training on user data without consent

AI, Enforcement |

The Irish Data Protection Commission is investigating X’s practice of sharing user data with Elon Musk’s AI startup, xAI, without explicit consent. X implemented a feature that opts users into data sharing by default, without prior notice. Users can change this setting only on the desktop version, with a mobile app option in development. The DPC had been questioning X for months and expressed surprise at the sudden rollout, which may lead to a GDPR investigation and possible fines. This situation mirrors Meta’s recent GDPR-related halt on similar AI data usage in Europe.

Irish DPC to investigate X’s Grok AI training on user data without consent Read More »

Korean PIPC Fines AliExpress $1.43M for Data Protection Violations

Enforcement |

The Korean Personal Information Protection Commission (PIPC) has fined AliExpress, operated by Alibaba.com Singapore E-Commerce Private Limited, 1.978 billion KRW ($1.43 million) and imposed a 7.8 million KRW ($5,631) administrative fine for violations of the Korean Personal Information Protection Act (PIPA). These penalties follow investigations triggered by privacy concerns over data transferred to Chinese sellers. The PIPC also issued corrective orders to AliExpress to improve data protection measures and enhance transparency for Korean users.

Korean PIPC Fines AliExpress $1.43M for Data Protection Violations Read More »

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case

Datatilsynet, Denmark, Enforcement, EU law, GDPR, Google |

The Danish Data Protection Authority (Datatilsynet) reports that municipalities are taking steps to comply with the orders issued in January 2024. KL (Local Government Denmark), representing 52 municipalities, announced that from August 1, 2024, municipalities will stop sharing personal data with Google for purposes deemed unlawful by the Authority. Datatilsynet noted contract adjustments ensuring data processing strictly follows municipal instructions, except as required by EU law. Allan Frank, IT security specialist at Datatilsynet, highlighted remaining issues. The Authority awaits an opinion from the European Data Protection Board on documentation of subprocessors to make a final assessment.

Danish DPA Reports Municipalities’ Steps Toward Compliance in the Google Chromebook Case Read More »

Scroll to Top