European Commissioner for Internal Market and Services Thierry Breton announced his resignation in a letter accusing Commission President Ursula von der Leyen of an attempted ousting, Politico reports. Meanwhile, Finland's European Commissioner Henna Virkkunen could soon be appointed to head the Commission's tech regulation and innovation post, Politico also reports.
The Office of the Australian Information Commissioner's latest notifiable data breach report indicated the first half of 2024 had more reported breaches than the previous three and a half years. It is a 9% increase from the second half of 2023 and driven by malicious and criminal attacks, according to the OAIC.
MediaPost reports Google added encryption to its trusted execution environments, a move the company said will protect personal data when it is being used to serve custom advertisements. The technology is a default setting on Google's ad product.Full story
Israel's Privacy Protection Agency's report on information security systems in hospitals and daycares found the health care sector requires improved data security efforts to ensure patient information is safeguarded. The PPA's inspection claimed "7% of the hospitals had a high level of compliance, while 30% of the hospitals complied with the provisions of the law at only a low level."Full story
Colorado's attorney general released new draft rules under the Colorado Privacy Act. Among the proposed regulations are the establishment of a process for attorney general opinion letters and interpretive guidance as well as clarifications around children's and biometric privacy provisions following 2024 legislative action. There will be a public consultation beginning 25 Sept.
Reuters reports genetic testing company 23andMe agreed to pay USD30 million to settle claims of insufficient protection of customers' personal information. The tentative settlement includes three years of security monitoring for 6.9 million customers and must be approved by a U.S. judge.Full story
The U.S. National Institute of Standards and Technology released guidance for building and maintaining a cybersecurity and privacy learning program throughout federal agencies. The recommendations say programs should encourage behavior changes to minimize risk and create a culture around security.Full story
Italy's data protection authority, the Garante, announced it fined electric company Hera Comm 5 million euros after the company allegedly violated personal data processing standards. Hera Comm's door-to-door employees allegedly misused more than 2,300 customers' personal data by activating contracts without consumers' consent and maintaining outdated consumer data without enlisting data retention policies.Full story
Large language model use among individuals is only growing. Do those inputs and outputs constitute data controllership? Morrison & Foerster Senior of Counsel Lokke Moerel and Data Protection and Privacy Lawyer Marijn Storm explain how such an interpretation could be a violation of the EU General Data Protection Regulation's fairness principle. Full story
The EU AI Act will be important and consequential to the governance of AI in the EU and worldwide. Covered entities must begin to understand the potential impacts of the act as provisions are phased in and implemented over the coming months.