CDP Institute

Asian e-commerce site Coupang, which is often compared with Amazon, announced a breach possibly impacting 34 million customer accounts in South Korea, a country of ~52 million people. The cause is under investigation and follows leaks at other major firms in the country, including SK Telecom.

Tyler Technologies, which operates websites used by courts in multiple US states to manage data of potential jurors, was found by TechCrunch researchers to have a security flaw that gave access to information about potential jurors and those selected for service. Accessible Information included personal identifiers; questionnaire responses on gender and ethnicity; and possible health data.

Indiana’s Consumer Data Protection Bill of Rights privacy law goes into effect in January to protect citizens beyond what federal legislation currently provides. It applies to organizations that handle data for more than 100,000 residents or which process information for 25,000 or more residents and which derive more than half revenue from data sales.

The EU Council, which wrestled for years over whether to require message services to protect children from online predators via mandatory scanning of messages, has decided instead to propose that Parliament make chat scanning voluntary. This is prompting concern on multiple fronts, including from child advocates who fear it won’t provide child sex abuse protection and from privacy advocates worried about the risk of leaving decisions on what data to share with police and other authorities without clear guidelines.

This follows World suspensions in Kenya and Indonesia.

The newly enacted law intends to keep business from using AI to personalize (and possibly raise) prices for consumers based on what they think they might pay. This has pitted business groups, including the National Retail Federation, which tried to stop its passage, against consumer and privacy advocates who believe it protects consumers from price gouging and privacy violation.

A team of researchers from the University of Vienna in Austria discovered they could easily harvest the WhatsApp data of more than 3.5 billion account holders, including nearly 750 million in India alone, to find phone numbers, and in many cases photos and business account information. No reports so far that anyone has actually exploited the gap.

The biggest US banks, including JPMorgan Chase, Citigroup, and Morgan Stanley, learned they had their data hacked last week when a breach was discovered by SitusAMC, a financial technology company that serves the industry and also manages pension fund and state government data. It’s believed data stolen includes corporate data, accounting records and legal agreements.

Malaysia plans a ban on social media for children under age 16, joining Australia and Denmark, which have strict age limits. More countries are considering age-limit legislation, including France, Greece, Indonesia, Spain and New Zealand.

Flexing its muscles once again, tech industry bulldog NetChoice is challenging Virginia’s Consumer Data Protection privacy law, which designed to limit social media use by users under age 16. But NetChoice claims, as it has in other states including California, Florida, Georgia, Mississippi, Texas, and Utah, this violates the First Amendment.

The rules include specifics on how data should be collected, processed and secured and the time frame for mandatory compliance.

This looks to bypass India’s new DPDP privacy rules.