SypherPrivacyTalks - January 2025 - Week 2
by Sypher | Published in News - January 06, 2025
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Volkswagen massive data leak caused by a failure to secure AWS credentials
💥Volkswagen's recent data breach exposed sensitive information from over 15 million vehicles, due to a failure to truncate or encrypt data as required by both company policy and GDPR regulations. The leak highlights serious lapses in data security and compliance, revealing weaknesses in its AWS environment and customer data management practices.
The incident highlights a growing challenge: vehicles, particularly electric vehicles, collect vast amounts of sensitive driver information. While some data retention is mandatory - such as the EU requiring the sharing of crash-related data for emergency response - this obligation does not exempt manufacturers from implementing robust security measures… read more
Italy fines OpenAI €15 Million for ChatGPT GDPR data privacy violations
thehackernews.com • 4 min read
💶 Italy's data protection authority, Garante, has fined OpenAI €15 million for violating the GDPR through ChatGPT's handling of personal data. The fine follows concerns raised in 2023, including unauthorised data processing for AI model training, lack of transparency and insufficient age verification to protect children under 13. OpenAI must also launch a six-month communications campaign to educate the public about how ChatGPT works.
OpenAI plans to appeal, arguing that the fine is disproportionate to the company's revenue in Italy during the relevant period… read more
Read the authority announcement here.
EDPB opinion on AI models: GDPR principles support responsible AI
🏦 The European Data Protection Board (EDPB) has issued an opinion addressing key issues related to the use of personal data in the development and deployment of AI models. The opinion examines:
Anonymisation of AI models: When and how AI models can be considered anonymous, ensuring compliance with data protection laws.
Legitimate interest: The conditions under which legitimate interest can serve as a legal basis for developing or operating AI models.
Unlawful data processing: The implications of developing AI models using personal data that has been processed unlawfully.
It also assesses the use of both first-party and third-party data in these contexts.
The opinion aims to promote consistent rules across Europe. The EDPB is also developing guidelines covering more specific questions, such as web scraping... read more
Netflix in own privacy cliffhanger: EUR 4.75 million fine from Dutch GDPR Watchdog
💶 Netflix, the global streaming giant, has been fined €4.75 million by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) for failing to adequately inform customers about the processing of their personal data. Between 2018 and 2020, the company's privacy practices fell short in several critical areas, exposing gaps in transparency and compliance with the GDPR.
This case highlights important lessons for organisations handling user data in Europe. This article analyses the AP's decision, and provides strategies for companies to strengthen their GDPR compliance and avoid similar penalties.… read more
Billion-dollar airline Ryanair faces $450M fine over alleged GDPR violations
🕵️♂️ NOYB has filed a GDPR complaint against Ryanair for forcing customers to set up accounts and submit 'invasive biometric data' to book flights. According to the privacy group, new customers are forced to set up an account to book a flight, where they provide unnecessary personal information - in breach of the GDPR.
When setting up an account with Ryanair, customers are required to go through a verification process. There are two ways to submit this verification, but the NOYB claims that "Ryanair nudges them towards a pre-selected and highly invasive biometric facial recognition process"… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Erik Mclean on Unsplash
