At a glance.
- Bard launch postponed in the EU.
- Google Play kids apps in violation of COPPA.
- Ransomware gang leaks Australian law firm data.
Bard launch postponed in the EU.
The Irish Data Protection Commission (DPC) announced yesterday that Google will have to delay the launch (set for this week) of its artificial intelligence chatbot Bard in the EU because the tech giant has not provided sufficient evidence that the tool adheres to the General Data Protection Regulation (GDPR). Deputy Commissioner Graham Doyle stated that the DPC "had not had any detailed briefing nor sight of a data protection impact assessment or any supporting documentation at this point." The watchdog added that an examination of Bard is ongoing and that it will share info with other EU privacy regulators as it emerges.
As Politico notes, Bard has already been released in one hundred eighty countries, including the US and the UK, but things are tougher in the EU, where competitor chatbot ChatGPT has already been scrutinized for possible violations of the GDPR. A Google spokesperson stated, “We said in May that we wanted to make Bard more widely available, including in the European Union, and that we would do so responsibly, after engagement with experts, regulators and policymakers. As part of that process, we’ve been talking with privacy regulators to address their questions and hear feedback.”
Google Play kids apps in violation of COPPA.
After analyzing four hundred children’s apps available on Google Play, UK research firm Comparitech has found that over 32% are in conflict with the Children's Online Privacy Protection Rule (COPPA). These findings show a drop in compliance since 2021, when only 20% were found to be noncompliant. What’s more, nearly 5% of the apps investigated denied that their services target children, despite being listed in the “everyone” age category on Google Play, some even using the words “kids” or “toddler” in the app name. A whopping 98% of the apps in question bear Google’s “Teacher Approved” badge, meaning they’ve passed additional review by educational specialists. About 40% of the apps potentially violating COPPA are collecting data without parental consent or other protocols, and 34% have no form of child data collection policy, despite collecting private information.
When contacted for comment, Google responded, “Apps that target children must comply with our Google Play Families Policy, which requires developers to adhere to all relevant laws and all of Play’s Developer Program Policies, plus imposes additional privacy, monetisation, and content restrictions like prohibiting access to precise location data. Developers are responsible for ensuring their apps are compliant with all relevant laws and appropriate for their target audiences, including children.”
Ransomware gang leaks Australian law firm data.
AlphV/Blackcat, the Russian-linked ransomware group, has published on the dark web 1.45 terabytes of data allegedly stolen in a May cyberattack targeting Australian law firm HWL Ebsworth, and the cybercriminals say there’s more where that came from. AlphV says they exfiltrated a total of four terabytes, and while it’s unclear exactly what data were leaked, the hackers say they’re in possession of client documents, financial reports, accounting data, credit card information and employee CVs and IDs. As Law Society Journal notes, the Tasmanian government is one of HWL Ebsworth’s clients, and this would be the second serious data breach impacting the island state of Australia in recent months, as data belonging to the Department of Education, Children and Young People were compromised by a third-party file transfer service earlier this year.
Madeleine Ogilvie, Minister for Science and Technology, said authorities are taking a “nationally coordinated approach” to investigate the attack. A spokesperson for HWL Ebsworth said they will not submit to any ransom demands received from AlphV. “We have learnt that the cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm,” the spokesperson stated. “We are investigating this claim and are seeking to identify what data may have been published. We take our ethical and moral duties to the community very seriously, and we consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people’s data.”