๐ต AT&T has agreed to pay a $13 million fine following a data breach in which customer billing information was shared with a vendor to create personalised videos.
The company failed to ensure that the vendor deleted the data once it was no longer needed. The breach occurred in January 2023, years after the vendor's use, when hackers accessed the vendor's cloud environment, exposing the information of 8.9 million AT&T wireless customers. As part of the settlement with the Federal Communications Commission, AT&T also agreed to implement stricter controls on data sharing with third-party vendors… read more
๐ค The UK's Information Commissioner's Office (ICO) has confirmed that LinkedIn, which is owned by Microsoft, has paused the processing of user data to train AI models in response to privacy concerns. LinkedIn had come under scrutiny after it was revealed that UK users' data was being used for AI training, despite a policy that excluded users in the European Union, European Economic Area (EEA) and Switzerland from the practice. Following the backlash, LinkedIn updated its privacy policy to confirm that it had stopped using UK user data to train its AI models.
The decision came after privacy experts noticed the discrepancy, leading to criticism from groups such as the Open Rights Group (ORG), which filed a complaint with the ICO. ORG also criticised the ICO for not taking stronger action against LinkedIn for processing data without consent.... read more
๐กForum Europe's second European Sovereign Cloud Policy and Industry Day, held in Brussels on 10 September, brought together industry leaders and policymakers to discuss Europe's evolving approach to cloud sovereignty. As the EU enters a new political and legislative phase, the event highlighted the growing emphasis on competitiveness, resilience and strategic autonomy, with cloud sovereignty at the heart of these discussions.
Key topics included Europe's progress in establishing sovereign cloud services, the enforcement of regulations such as the Data Act, and the development of standards for cloud interoperability and portability across Europe. Participants explored cybersecurity challenges and the balance between digital sovereignty and the benefits of global collaboration in cloud innovation… read more
Download the key presentations to gain insight into the future of cloud technology and Europe's roadmap to digital autonomy.
๐ The German Data Protection Conference recently published guidance on asset deals (The Guidelines), which distinguishes between the different stages of a sale process and the relevant personal data that can be shared at each stage, including concerns about the sharing of individual datasets during negotiations, subject to specific exemptions.
The Guidelines replace similar 2019 guidance, and provide more detail for sellers and buyers in asset deals.... read more
๐The recent complaint against a supermarket chain in Greece for non-compliance with the GDPR in its loyalty programme brings the importance of data protection compliance to the forefront.
This case serves as a reminder to retailers of the need to carefully implement and manage loyalty programmes. The article explores key ideas on how supermarkets can ensure that their programs comply with GDPR requirements, thereby avoiding potential penalties and building customer trust, with transparency and clear customer information at the centre… read more (article in Romanian).
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Mike Gattorna on Unsplash