IT Security & Privacy

In a landmark decision, the Securities and Exchange Commission (SEC) has voted 3-2 to adopt new regulations that will require publicly traded companies to notify the government in the event of a cybersecurity incident and disclose details about their cybersecurity risk governance in public filings. The rules, initially proposed in 2022, aim to increase transparency around cybersecurity practices and material incidents in the corporate world.

Australia's Federal Court has ruled that Meta Platforms, the owner of Facebook, must pay fines amounting to A$20 million (approximately $14 million US) for collecting user data through a smartphone application marketed as a privacy protection tool without disclosing its true actions. The court also ordered Meta, through its subsidiaries Facebook Israel and the now-defunct app Onavo, to cover A$400,000 in legal costs to the Australian Competition and Consumer Commission (ACCC), which filed the civil lawsuit.

In its annual Cost of a Data Breach Report, IBM Security has unveiled concerning findings that the global average cost of a data breach has reached $4.45 million in 2023. This figure marks an all-time high for the report and reflects a significant 15% increase over the last three years. The report is based on a comprehensive analysis of real-world data breaches experienced by 553 organizations worldwide between March 2022 and March 2023. The research, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, has been published for 18 consecutive years.

Meta Platforms, the parent company of Facebook, faced a setback in its efforts to settle an antitrust investigation by EU regulators. The company offered to limit the use of competitors' advertising data for its Facebook Marketplace service, but the proposal was not accepted, according to sources close to Reuters.

The European Commission's adequacy decision on the EU-US Data Privacy Framework (EU-US DPF) marks a significant step forward for data transfers between the European Union and the United States. With the adequacy finding, certified US entities can now receive personal data from EU counterparts without the need for additional safeguards like the EU Standard Contractual Clauses. While this is undoubtedly positive news for cross-border data flows, businesses must carefully assess the practical implications and challenges associated with compliance under the new framework.

France's antitrust watchdog has issued a statement of objection against Apple, expressing concerns about the tech giant's use of "discriminatory and non-transparent conditions" for advertising purposes on iPhones. The watchdog's move follows an antitrust complaint filed by four French online advertising industry groups in 2020, challenging Apple's changes to privacy features that affected the gathering of user data for targeted ads.

Tech billionaire Elon Musk is seeking to put an end to the Federal Trade Commission's (FTC) privacy settlement imposed on Twitter since May of last year. Musk contends that the FTC's investigations have been biased and riddled with misconduct, prompting him to take legal action against the agency. The ongoing compliance order, which grants the FTC broad investigative powers, has become a contentious battleground, with Musk claiming that the agency is pursuing a personal and political vendetta against him.