A 2018 Facebook privacy breach incident that first drew complaints just after the GDPR went into force has finally resulted in the issuance of a penalty. The €251 million GDPR fine stems from a flaw in the platform's "View All" feature.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
Italy was one of the first EU nations to take OpenAI and ChatGPT to task over data privacy violations, even banning the app from the country briefly, and it has now issued the bloc's first GDPR fine of this nature to the company.
The Cambridge Analytica scandal of 2018 is still not quite out of the news yet, as investigations around the world continue to wrap up. Australia's Information Commissioner has agreed to a $50 million AUD privacy settlement over the violations.
While the fine will hardly break either of the two tech titans, the ruling could provide a precedent on data collection that could prove much more costly in the future if applied to everything else made available on app stores.
Data governance is to business leaders and IT decision-makers as losing weight is to New Year’s resolution enthusiasts. If your organization is aiming to achieve improved data governance as its New Year’s resolution, here are five healthy habits to adopt in 2025.
China has not received an adequacy decision for international data transfers due to known and expected access by the government. The six apps that the noyb privacy complaints are targeting are TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi.
Just about all of the big names in tech have now faced issues with EU regulations, but Meta has been unique in its insistence in not being subject to GDPR user consent requirements. Its ad-free service model is under fire once again.
The Italian data protection authority has announced that DeepSeek was formally blocked for failure to provide sufficient information in response to the request. The Chinese company appears to have taken a combative tone.
The AI software has reportedly been used to search federal data about agency spending on payroll and programs, something that could potentially violate federal privacy or security regulations if personal information is involved.
Colorado's AI regulations are still a work in progress, and the battle over how to regulate AI – without stifling innovation – has only just begun. As Colorado stands at the forefront of AI regulation, this process isn't just about one state's laws – it's a test case for how AI will be governed across the country.










