IT Security & Privacy

In a bold move to protect consumer privacy, the Federal Trade Commission (FTC) has taken action against three data brokers—Gravy Analytics, Venntel, and Mobilewalla—for unlawfully tracking and selling sensitive consumer location data. The charges stem from allegations that these companies sold location information revealing visits to places like health clinics, places of worship, military installations, and labor union offices, without the consent of those affected.

The European Data Protection Board (EDPB) is calling for more coherence between the General Data Protection Regulation (GDPR) and the increasingly complex web of new digital legislation coming out of the EU. In a statement released after its December 2024 plenary session, the EDPB welcomed the European Commission’s second report on the GDPR’s application and emphasized the importance of aligning digital laws with the GDPR to maintain legal certainty.

New York Attorney General Letitia James and Department of Financial Services (DFS) Superintendent Adrienne Harris have secured $11.3 million in penalties from GEICO and Travelers Insurance. The auto insurers were found to have inadequate data protections, leading to breaches that exposed the personal information of over 120,000 New Yorkers, with some of that data later used to commit unemployment fraud during the COVID-19 pandemic.

Southeast Asia is rapidly emerging as a digital powerhouse, with its booming markets and growing data center infrastructure attracting the attention of global tech giants. But as this region strengthens its digital economy, it’s also tightening its grip on data protection. Countries like Vietnam, Malaysia, and Indonesia are overhauling their data protection laws, which could bring both opportunities and challenges for businesses—especially those looking to expand in these fast-growing markets.

In an era when cyber threats have become as routine as morning coffee, the latest breach targeting T-Mobile and other telecom giants is a stark reminder that some attacks still have the power to shake us. This wasn’t a random smash-and-grab operation; it was a meticulously orchestrated cyber-espionage campaign, reportedly tied to a group of elite hackers, that infiltrated the very backbone of communication networks.

Meta Platforms, Inc. is facing a serious financial and regulatory reckoning in South Korea. In a decisive move, the country’s Personal Information Protection Commission (PIPC) has fined Meta $15.6 million for a series of data privacy violations, including unauthorized handling of sensitive personal data, refusal to grant legitimate data access to users, and a failure to implement necessary security safeguards.

The European Data Protection Board (EDPB) released its first inaugural report today on the EU-U.S. Data Privacy Framework (DPF), following a year-long assessment. The report addresses the Framework's effectiveness in safeguarding EU citizens' data when transferred to the United States. Additionally, the EDPB issued a statement on recommendations concerning law enforcement’s access to personal data, stressing the need for privacy protections.