Posts Tagged: "privacy"

On September 6, OpenAI faced its second invasion of privacy lawsuit filed in the U.S. District Court for the District of Northern California, for allegedly stealing private information from millions of internet users. While the Plaintiffs acknowledge in their complaint that Artificial Intelligence (AI) has the potential to create life-saving technologies and herald discoveries that could improve our daily lives, they claim OpenAI crossed the line of using altruistic means of reaching its objective when it abruptly restructured itself into a for-profit business. Following this restructuring, the Plaintiffs allege OpenAI scraped private information from millions of users to train their Large Language Models. Here are five key allegations from the privacy suit against OpenAI.

Privacy and data security issues can scuttle a deal or at least cost the parties a lot of money. For example, in the due diligence process involving the 2017 acquisition of Yahoo by Verizon, Yahoo disclosed two serious data breaches that compromised over a billion accounts. Yahoo had previously attempted to cover this up. The deal went ahead for nearly $4.5 billion but not before Verizon knocked $350 million off the transaction price and Yahoo paid over $100 million to settle SEC fraud charges and class action lawsuits.

International cosmetics retailer Sephora has agreed to pay $1.2 million to settle allegations that the company failed to cure violations of the California Consumer Privacy Act (CCPA). The settlement is the first CCPA enforcement action resulting in financial penalties from the California Attorney General’s office and elucidates the Attorney General’s view of how the use of website analytics and advertising trackers involve “sales” of personal information.

High-stakes artificial intelligence (AI) is becoming even higher risk in the European Union, where AI regulation efforts are underway that could cost your company up to 6% of its total worldwide revenues—more than the potential penalties for privacy violations under the EU’s General Data Protection Regulation (GDPR). On April 21, 2021, the European Commission proposed rules for regulating AI (the “AI Act” or “Act”), to which the European Parliament recently released proposed amendments on April 20, 2022. The Act may undergo a series of additional amendments, but a final text is nearing completion and European countries are starting to act in anticipation of the regulation. Companies should plan for the comprehensive act to become law and begin implementing best practices now to ensure a competitive advantage. Below is an overview of the AI Act’s key provisions that takes into account the Parliament’s recent changes.

The actor Meghan Markle gained fame playing a paralegal in the TV show Suits. Now, as Her Royal Highness, The Duchess of Sussex, she is starring in her own legal drama in London’s High Court. On February 11, Mr. Justice Warby granted summary judgment in favor of the Duchess on most of the issues in her privacy and copyright case brought against Associated Publishers, which publishes the tabloid Mail on Sunday newspaper and MailOnline website in the U.K. The Duchess brought the action over the publication in February 2019 of five articles that included 88 quotations from a letter she had sent to her father, in which she discussed their relationship. She claimed that the publication of the articles involved (1) a misuse of her private information, (2) a breach of the defendants’ duties under data protection law and (3) an infringement of her copyright in the letter.

News coverage abounds about the latest breakthroughs in facial recognition technology. But, while this technology is an amazing technical achievement, it is not without potential drawbacks to privacy for those unwittingly subject to facial recognition in public. This includes the recent emergence of facial recognition technology paired with the large amounts of data available on the internet and social media through the scraping of images from numerous internet sources to provide an unusually powerful tool for uncovering the identity – including name, address and interests – of an individual through the use of just a single photograph. In response to these burgeoning technological advances in the field, cities and states have begun developing an array of legal approaches to regulate facial recognition technology, some scrambling to limit or prohibit its use, others enthusiastically embracing it. In this patchwork legal landscape, it can be challenging to know where and when the technology can be used – and for what purposes.

Imagine the following scenario: You have an idea for a new mobile application. As adoption of the app picks up, so does your business, and you hire more employees to provide sales and support assistance. You are on your way to transforming your startup into a successful business. Needing additional capital to scale the business more quickly, you identify a strategic partner interested in investing in your business. Before you can close on the funding, several employees report that they did not receive their paychecks through the direct deposit system. The investigation reveals that several months ago, your organization received a series of spear phishing emails. You learn that multiple employees opened the email and its attachment giving the cybercriminals access to your systems. Not only are you out the payroll money, but you also learn that in addition to your employees’ banking information, the criminals had access to your customer contact information and the source code for your app. A cyberattack is an unwelcome event for any company, but the effects can be especially detrimental to a startup, with 60% or more of small businesses that experience a data breach going out of business within a year of the breach. It is impossible for any size business to guarantee a system that is fully secure. However, not all companies have millions of dollars to invest in cybersecurity and by allocating even limited funds to assessing your data privacy risks, implementing a protection plan and creating an incident response plan, a startup can significantly improve its chances of surviving a cyberattack.

This week on Capitol Hill, the heated drug pricing debate is back in the spotlight, with a Senate Judiciary Committee hearing on intellectual property and the price of prescription drugs on Tuesday. In the House of Representatives, oversight hearings will examine both the activities of the U.S. Patent and Trademark Office and data security efforts made by the Federal Trade Commission. Off the Hill, The Cato Institute looks at U.S. cyber defense capabilities, and the week closes with a Brookings Institution event on China’s actions towards global tech dominance.

This week in Other Barks & Bites: the Federal Circuit affirms a Section 101 invalidation of patent claims in favor of Mayo Collaborative Services; Apple wins an order to limit damages in Qualcomm patent case; Google frets over proposed European Union copyright rules; India proposes jail time for film piracy; patent validity challenges drag down the stock of a major pharmaceutical firm; and a snag in the U.S.-China trade talks throws Wall Street for a loop.

The bill would create a new title within California Civil Code named Security of Connected Devices. The first part of this title would require a manufacturer of a connected device, defined as any object capable of connecting to the Internet and assigned either an Internet protocol address or a Bluetooth address, to equip the device with reasonable security features appropriate to the nature and function of the device, appropriate to the information it may collect or transmit and designed to protect both the device and the information it contains from unauthorized access.

Facebook users continue to be shocked at the amount and kind of data being collected by the social media platform, including recent reports about call and SMS text messaging data which Facebook has been collecting from Android mobile users. Along with the political heat Zuckerberg continues to take, Facebook itself could be on the hook for a record fine from the Federal Trade Commission if it’s found that the company’s data practices violate terms of a 2011 consent decree between Facebook and the FTC. With all of this focus on Facebook’s data collection practices, we decided to take a look at some of the social media technologies patented by Facebook at the U.S. Patent and Trademark Office, which may give readers a better idea of just how this American social media giant leverages user data.

It has been a long time coming, but the General Data Protection Regulation (GDPR) is almost here. This new privacy regulation requires substantial changes to the collection and storage of data and will affect multiple disciplines, including the brand protection industry. One of the ‘victims’ of the new law is the WHOIS database. How will these changes affect its records?

Chinese toymaker VTech recently settled charges with the FTC in the first-ever case involving internet-connected toys. VTech became a victim of cyber attackers back in 2015, when hackers got access to the company’s online database and compromised accounts of over 11 million, which included data for about 6.37 million children… Today, the key to compliance when dealing with IoT is to “know thyself,” Bahar explained. In other words, take the time to understand what truly is in these smart components, not only from a technical perspective but a legal one. In addition, make sure to make good on your promises. If you tell consumers that you are protecting their data or their privacy in certain ways, make sure you are making good on that commitment.

FCC Chairman Ajit Pai has moved to block broadband privacy rules drafted by the previous administration and set to go into effect in early March… FCC commissioners voted 3-2 last October to adopt broadband privacy rules which limit the amount of data which can be collected by ISPs from their consumers. The rules created an opt-in/opt-out model in which broadband customers must intentionally opt-in to any data collection programs developed by ISPs to collect data considered by the FCC to be sensitive, including geo-location, family size, browsing history or app usage history. Pai was one of two dissenting votes in last October’s decision on the broadband privacy rules, and his dissent reflected his views on harmonizing the FCC’s privacy regime with the FTC.