Security News

Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission charges over Children's Online Privacy Protection Act violations. COPPA is a U.S. federal law designed to protect the privacy of children under the age of 13 on the internet by requiring parental consent, the ability to review and ask for the deletion of the child's personal information, the ability to refuse data collection, implement security protections for the collected information, and more when registering online accounts.

Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. One of the notable general privacy enhancements is the implementation of a data subject access requests tool.

The intersection of LLMs with corporate security and privacy warrants a deeper dive. Techniques like differential privacy can ensure that LLMs learn from data without exposing individual information.

The U.S. Federal Trade Commission has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. Amazon has also agreed to fork out an additional $5.8 million in consumer refunds for breaching users' privacy by permitting any employee or contractor to gain broad and unfettered access to private videos recorded using Ring cameras.

Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. According to a proposed order, Ring will have to pay $5.8 million in refunds to consumers and will be barred from profiting from unlawfully obtained consumer videos.

Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it's up to the states to enforce the laws.

Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024.

A new-ish messaging service that claims to put users' privacy first has changed its tune - and the end-to-end encryption claims on its website - as well as pulling its app from both the Apple and Google app stores after being called out online. Converso - a comms app launched in September 2022 - billed itself as a "Next-generation messaging app that keeps your conversations completely private." This, according to the developer's website, included "Proprietary state-of-the-art end-to-end encryption technology," no storage of messages on servers, and "Absolutely no use of user data." It claimed it could stand up to the likes of Signal and WhatsApp in the security stakes.

Apple's App Store team prevented more than $2 billion in transactions tagged as potentially fraudulent and blocked almost 1.7 million app submissions for privacy, security, and content policy violations in 2022. The App Store team also protected Apple users from hundreds of thousands of unsafe apps last year, rejecting almost 400,000 apps for privacy violations such as trying to harvest the user's personal data without their consent or knowledge.

In brief Japanese automaker Toyota has admitted yet again to mishandling customer data - this time saying it exposed information on more than two million Japanese customers for the past decade, thanks to a misconfigured cloud environment. The exposed data belongs to almost the entire Japanese customer base that had signed up for Toyota's T-Connect driver assist product, and users of the G-Link service - a similar product for Toyota's luxury subsidiary Lexus.