Proposed EU Cyber Resilience Act includes a vulnerability disclosure requirement that would have all manufacturers report to the government within 24 hours of first discovered exploitation. In most cases, this would mean disclosing before the vulnerability has been mitigated.
Already under investigation by the data protection authorities (DPAs) of several EU nations, OpenAI is now facing scrutiny in Poland in response to an August GDPR complaint.
Fine imposed by the Norwegian data protection authority in August could be expanded to the entirety of the EU, subjecting Meta to extensive daily penalties until it makes big changes to tracking ads. Decision could potentially spark an EU ban.
A children's privacy complaint that dates back to 2021 has resulted in a major GDPR fine for TikTok. The issue largely centers on the "Family Pairing" feature introduced in 2020 which had no real verification process ensuring that the linked parent account actually belonged to a parent.
A complaint in Poland alleges GDPR violations by ChatGPT in the areas of lawful basis for data processing, data access, fairness, transparency and personal privacy.
Since the GDPR went into effect in 2018, Meta has done nearly everything possible to claim legitimate interest to avoid user consent for collecting personal information for targeted ads. The company appears to have finally reached the end of its rope in this area, though a recently announced changeover to a consent basis.
After being informed of the planned launch of the AI chatbot in the EU, the DPC instructed Google to file a data protection impact assessment. The launch is waiting on Google to address privacy concerns.
The central objection raised is a predictable one, and one that some analysts believe will inevitably cause the EU-US data transfer proposal to fail yet another court challenge if it makes it to implementation: the lack of a federal-level data privacy law in the US.
With a total of €2.92 billion levied throughout the bloc in 2022, GDPR fines are up in spite of a small drop in the overall data breach count as the bloc eyes stronger regulation for AI.
The European Commission has released its proposal for a comprehensive framework of cybersecurity requirements for products with digital elements in the EU – the EU Cyber Resilience Act. This is an important step towards a more robust harmonized set of cybersecurity rules.