$20M fine on Meta's Companies for misleading data usage in Australia

The Federal Court of Australia ordered Meta's subsidiaries, Facebook Israel and Onavo Inc, to pay $10M each for failing to adequately disclose their data collection practices and breaching the Australian Consumer Law. The Australian Competition and Consumer Commission brought the case, stating that the companies used anonymized and aggregated data for market research, including the users' app and internet data. Read more

U.S. Senators' new tech regulator pitch

U.S. senators Elizabeth Warren and Lindsey Graham proposed a bipartisan bill to regulate online platforms. The bill would create the Digital Consumer Protection Commission, an agency to go after tech giant companies failing to protect consumer privacy. The commission would also ban tech companies like Google, Amazon, and Meta from favoring their products to those of their competitors on their platforms. Read more

Norwegian government ministries compromised due to a data breach

A statement from the Security and Service Organization (DSS) of Norway read that 12 of the government ministries were compromised due to a data attack, while several offices, including the Prime Minister's Office and the Ministry of Defense, remained unaffected. The DSS also stated that a software vulnerability of Ivanti Endpoint Manager Mobile was exploited by hackers and led to the breach. Read more

NOYB files a complaint against Irish airline's facial recognition usage

Privacy rights group NOYB submitted a complaint to Spain's Data Protection Authority against Ryanair, an airline in Ireland, alleging that the company used facial recognition to identify its customers booking through online travel agents. The complaint also stated that the company is violating the customers' data protection rights by using such techniques. Read more

SEC adopts new rules for cybersecurity risk management, governance, and incident reporting

The Securities and Exchange Commission (SEC) of the U.S. adopted new rules that require public companies to disclose cybersecurity incidents and information related to their risk management, strategies, and governance on an annual basis. Some of the new rules adopted by the commission require foreign private issuers to provide comparable disclosures. Read more