A federal judge has approved a $10 million settlement requiring Disney to resolve allegations that the company enabled the unlawful collection of children’s personal data through kid-directed content on YouTube, marking the latest escalation in U.S. enforcement of children’s online privacy rules.
The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has published new guidance aimed squarely at federal public authorities developing or using AI systems, particularly large language models (LLMs). The guide, “AI in Public Authorities – Considering Data Protection from the Outset,” is intended to help officials spot data protection issues early and take a more structured, practical approach to AI projects.
France’s data protection authority has fined Nexpublica €1.7 million after finding that the company failed to properly secure software used to manage highly sensitive personal data in the social services sector.
South Korean e-commerce giant Coupang has announced a compensation package worth $1.18 billion (SKW 1.69 trillion), according to Reuters, for users affected by one of the country’s largest data breaches, but the plan has quickly become the latest flashpoint in an escalating political and regulatory backlash.
The University of Phoenix has confirmed that a cyberattack linked to a previously unknown software flaw has compromised the personal and financial data of nearly 3.5 million individuals, marking one of the largest education-sector breaches disclosed this year.
Data is a constant subject of discussion in the context of security. Custody of personal data is heavily regulated, and systems are designed to protect anonymity, even though it can never be fully guaranteed. Security breaches are costly, not only because of the breach itself, but because of the scrutiny and liability that follow. As a result, privacy has increasingly become a value proposition for products and services that collect and retain personal information.
France’s data protection authority has fined Mobius Solutions €1 million after finding that the company, acting as a processor for music-streaming platform Deezer, failed to comply with core GDPR obligations tied to subcontracting and data handling.