CDP Institute

The European Commission announced TikTok and Meta aren’t meeting obligations to the Digital Services Act (DSA). The preliminary findings, which will be followed by investigation, claim serious violations. One is that the companies make it difficult for researchers to view data, inhibiting their ability to judge if there’s illegal, biased, or dangerous content. This violates DSA transparency rules. And, in Meta’s case, Facebook and Instagram were assessed as not allowing users to flag or remove illegal or harmful content, which should be done via a “Notice & Action” mechanism.

Apple, which often tries to lead on behalf of user privacy, may have to pull its App Tracking Transparency (ATT) privacy mechanism away from EU users since lobbyists including in Germany and Italy have been contesting the mechanism in favor of allowing app tracking for ads. This is despite GDPR regulations and in favor of mass data collection and use for sales and commerce.

Bangladesh is about to get its first major privacy law, the Personal Data Protection Ordinance, which has been passed and is expected to be issued as a notification and then would go into effect in eighteen months. This would align Bangladesh with international privacy standards and be in keeping with other privacy laws in Asia, including India’s which was enacted in 2023.

The US BBB Children’s Advertising Review Unit (CARU) has issued guidance on use of AI and particularly generative AI for young people. Concern in this area is growing over children’s exposure and how to assess AI’s impact on them. Young users are at particular risk as they have difficulty distinguishing non-human vs. human interaction, recognizing harmful intent, and guarding against invasion of privacy.

a new area of psychological concern people claim, in complaints to the US Federal Trade Commission, caused by interaction with generative AI.

On the upside, a US district judge just dramatically lowered a $167 million fine (to ~$4 million) they were supposed to pay to Meta for targeting WhatsApp users. On the downside, NSO has been blocked from targeting WhatsApp’s users in the future.

Newly unsealed information in a Maine case indicated the US Department of Homeland Security (DHS) issued a search warrant asking OpenAI for data to build a case against a suspected child exploitation site administrator. While it was not asked for specific identity, OpenAI was ordered to provide information on the individual, their conversations with ChatGPT, and about others they interacted with.

Amazon has made it easier for Ring camera videos to be requested by police and other law enforcement agencies. It announced a partnership with Flock Safety so neighbors (who want to) can share videos in response to police requests. This follows an announcement of integration with Axon for digital evidence collection. Both represent expansion of the Ring Neighbors app’s Community Requests function, in which police, ICE and other law enforcement can request video or images.

Big Tech’s not big on transparency, and judging by new actions by Meta, Google and Microsoft, definitely does not like the European Union’s new transparency guidelines for political advertising. The big three have decided rather than follow the guidelines, which say people should be informed about what groups or individuals are sponsoring specific ads, that they’ll ban political ads there instead.

The streaming company, which provides services to about half of US households, has been accused of violating the state’s privacy law by selling data that includes children’s viewing habits, voice recordings, and geolocation information, which can cause the data to be reidentified.

Teens like talking with AI but doing so has been shown to have potential mental health risks. To address growing concerns, Meta has begun previewing a set of parental controls it plans to release in the US, UK, Canada, and Australia at the beginning of the year.

The UK Competition and Markets Authority (CMA) just took a whole lot of worrisome acronyms off Google’s plate by releasing it from numerous Sandbox commitments for fixes; including those related to API, IP, SDK and PAAPI; the company had been fighting this for more than five years.