In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.
Five years after the effective date of the General Data Protection Regulation, the European Union privacy law - hailed as a way to protect the privacy of citizens in an increasingly digital world - continues to be marred by criticism over its lack of effectiveness and uneven implementation.
Breach notifications from British outsourcing giant Capita mount amid signs the multibillion-pound company doesn't have a firm grip on how much data it exposed. For a company that trumpets its ability to "achieve better outcomes," Capita's inability to grasp the impact of its breaches is ironic.
European Union lawmakers have criticized the British government's updated privacy bill over concerns that it fails to adequately protect European citizens' fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry.
European privacy regulators gave Facebook five months to stop transferring data into the United States and assessed the social media giant a record 1.2-billion-euro fine in a decision that puts pressure on the European Commission to finalize a legal agreement enabling trans-Atlantic data flows.
The French data protection authority on Tuesday signaled increased concerns over the privacy impacts of generative artificial intelligence and said issues such as data scraping raise data protection questions. Data scraping by AI companies is a flashpoint in the technology's rollout.
The European Parliament called on the European Commission to reject a draft legal framework facilitating trans-Atlantic commercial data flows in a nonbinding vote. A majority said the EU-U.S. Data Privacy Framework fails to protect European citizens from American bulk online surveillance.
Members of the U.K. Parliament considering modifications to national privacy law heard assurances Wednesday that the European Union will go along with them. "U.K. GDPR retains all the rights of the European citizens," said John Edwards, U.K. Information Commissioner said Wednesday.
A civil society group accused the Irish data protection agency of soft peddling enforcement of European privacy law in a complaint filed with the European Commission ombudsman. The Irish Council for Civil Liberties says the Irish Data Protection Commission leaves systemic problems unaddressed.
The French and Spanish data privacy watchdogs have launched separate probes into ChatGPT over potential data privacy violations. European scrutiny of the chatbot mounted after the Italian data protection agency announced a temporary ban on ChatGPT in March.
Current risk management approaches face huge operational challenges. While it’s imperative to implement effective risk management and compliance, the reality is that many enterprises continue to struggle with antiquated processes that don’t deliver the visibility, speed, and agility that today’s risk landscape...
A British government agency added to TikTok's reputational woes by finding it failed to protect children's privacy. TikTok is playing defense in multiple Western countries against concerns it collects massive amounts of data it could use for surveillance or information operations.
Italian regulators announced Friday an effective ban on ChatGPT after determining that artificial intelligence firm OpenAI likely engaged in a massive illegal collection of personal data. The agency gave OpenAI until April 19 to address its concerns or potentially face fines.
Facebook is asking Ireland's High Court to quash a 265-million-euro fine levied by the country's data watchdog after the phone numbers of more than half a billion users appeared online. A user of the now-shuttered BreachForums in April 2021 posted data scraped from 533 million profiles.