Grindr is allegedly in violation of FTC Act and Health Breach Notification Rule

Public Interest Research Center, Electronic Privacy Information Center (EPIC) has called on the Federal Trade Commission (FTC) to investigate the dating app Grindr for its violations of users' privacy. EPIC alleges that the data of users was retained and disclosed by Grindr even after the users deleted their accounts on the app. In addition to retaining and disclosing data like users' account information, messages, and photos, Grindr also retained and disclosed sensitive information, including the HIV status of users, vaccination status, and last tested date. EPIC claims that Grindr is in violation of Section 5 of the FTC Act and in violation of the Health Breach Notification Rule. Read more

Lawfully monitoring workers; guidelines published by ICO

UK's national data protection authority, the Information Commissioner's Office, published its guidelines on monitoring workers in a lawful manner. The guidance helps employers comply with the UK GDPR and the Data Protection Act 2018. The guidance was published with the intention of providing regulatory certainty, protecting the data protection rights of workers, and helping employees build trust with workers. This guidance can be applied by employers across the public and the private sector. It includes guidance on lawful and fair monitoring, legal requirements, and good practices. Read more

Distribution of explicit deep fake content banned in New York

A new bill banning the distribution of intimate images created by Artificial Intelligence was signed into law by New York Governor Kathy Hochul. New York is the third state to prohibit such images, joining California and Virginia. With this legislation, victims have a private right of action to sue in civil court, and violators face up to a year of jail time. This bill is aimed at protecting young women. Read more

Cisco routers modified by Chinese Hackers

A new joint cybersecurity advisory published by CISA and U.S. and Japanese law enforcement agencies states that "BlackTech," one of China's state-backed advanced threat teams, can install custom firmware on Cisco's routers, which allows persistent access. This modification of the routers is done with detection. The advisory mentions that custom firmware is likely to be more successful with older legacy devices. Read more

ChatGPT faces heat in Poland

Security and privacy researcher Lukasz Olejnik filed a complaint against ChatGPT for violating the GDPR; the alleged violations include inadequate transparency and improper legal basis for processing data. Polish data protection authority, the Polish Office for Personal Data Protection (UODO) made a public statement, remarking that the investigation will likely be "difficult" because of the newness of the technology. Read more