#SypherPrivacyTalks - September 2023 - Week 38
by Sypher | Published in News - September 22, 2023
Microsoft AI researchers accidentally exposed terabytes of internal sensitive data
🚨 A GitHub repository belonging to Microsoft’s AI research division inadvertently spilled the beans on some really confidential stuff. 👇
The repository offered open source code and AI models for image recognition, but here's the twist. 🔄 The Azure Storage URL meant for downloading these models was, well, too open. It granted permissions to the whole storage account, revealing 38 terabytes of sensitive info! 😮 This included personal backups, passwords, secret keys, and even 30,000 internal Microsoft Teams messages.
In a blog post shared with TechCrunch before publication, Microsoft’s Security Response Center said that “no customer data was exposed, and no other internal services were put at risk because of this issue.”
The other thing to note is that the data wasn’t directly exposed. The slip-up happened because of an overly permissive shared access signature (SAS) token in the URL. SAS tokens are supposed to be secure, but in this case, they were a little too friendly… read more
TikTok fined €345m by Ireland’s data regulator for violating children’s privacy
🚫 Ireland's DPC has dropped the hammer on TikTok with a hefty €345M fine! This move comes after multiple GDPR breaches were discovered, particularly concerning teenagers' and preteens' privacy. 👇
One major concern raised was that adults could enable direct messages for certain teenagers without family connections. 📩 Additionally, the "family pairing" feature had the potential to link children's accounts to "unverified" adults who weren't their guardians.
📹 This investigation highlighted significant risks to TikTok's young users. Notably, the default account settings made child users' content public, leaving them exposed to the wider TikTok community.
🤔 While TikTok has stated they've made changes to address these issues, the DPC's decision stands. TikTok is now evaluating its next steps, including a possible appeal… read more
Two major Dutch consumer groups bring privacy lawsuit against Google
🕵️♂️ Google is facing a major legal battle in the Netherlands over alleged breaches of European privacy laws. 👇
📝 The Foundation for the Protection of Privacy Interests (FPPI) and the Dutch Consumers’ Association are leading a class-action-style lawsuit with over 82,000 consumers joining in since May.
☝️ The claim accuses Google of tracking and profiling users without proper consent, sharing sensitive personal data, and violating Dutch and European privacy legislation.
💰 The demand? Google must halt these privacy violations, pay damages, and make structural changes to protect user privacy… read more
18 Countries with GDPR-like data privacy laws
finance.yahoo.com • 10 min read
🌐 In the digital age, data is gold! 📈 But with great data comes great responsibility. The GDPR paved the way for data protection in 2018. 👇
However, the journey hasn't been all smooth sailing. 💨 Companies like Meta, Google, and Apple faced fines and challenges. The EU is working on improving enforcement and navigating the AI landscape. 🤖
Now, many countries outside the EU are adopting GDPR-like laws. 🌍 These include Kenya, Chile, India, Japan, New Zealand, China, Israel, Turkey, South Africa, Egypt, Switzerland, South Korea, Australia… read more
The UK plans to liberalise automated decision-making
technologyquotient.freshfields.com • 3 min read
🚀 The UK is paving the way for more automated decision-making (ADM) with the Data Protection and Digital Information (No.2) Bill. 👇
Previously, ADM was limited by data protection laws, requiring meaningful human involvement. But the Bill is set to revolutionise this landscape, by proposing that:
🌟 The prohibition on ADM for most business purposes is lifted, except for "special category" personal data.
🤝 "Legitimate interests" become a flexible lawful basis for processing personal data for ADM.
🛡️ Mandatory safeguards are in place, including rights for individuals to contest decisions.
Keep in mind, these reforms would apply only under UK law, not EU data protection laws. UK businesses may gain more regulatory freedom, but ethical use of ADM remains crucial… read more
___
Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
