Privacy & Security / Jun 07 2023

Privacy Recap: May 2023

In our Privacy Recap series, we review the biggest privacy and online security news of the past month.

Here are the biggest online privacy stories for May 2023.

TikTok employees shared user data on internal messaging platform

As reported by The New York Times, employees of the video app company regularly posted user information on an internal messaging and collaboration tool called Lark. According to internal documents, personal information including things like photos, country of residence data, IP addresses, devices and user IDs were being shared on the platform. The documents also revealed that American users' driver's licenses were accessible on Lark, as was some users' potentially illegal content.

TikTok employees were sharing users' personal information in internal chatrooms.

The information was often available in Lark chat rooms with thousands of members, which alarmed some TikTok employees. As the video app faces mounting scrutiny over its potential security risks (and ties to China), the incident report raises more questions over TikTok's data and privacy practices.

Meta slapped by record fine by Ireland's Data Privacy Authority

In a series of sanctions and fines imposed on Meta by various data privacy regulators of EU member states, Ireland has now issued a penalty of €1.2 billion for privacy violations. The company has also been ordered to suspend transfers of user data to the US.

Ireland hits Meta with a record 1€1.2 billion fine.

Ireland's Data Protection Commission, the regulator responsible for holding the Facebook owner to EU data protection law, said that the Dublin-headquartered social media behemoth had violated rules requiring that transfers of personal data from the EU to the US had appropriate safeguards in place. The company is expected to appeal against the decision, during which time a new EU-US data privacy framework, which is currently being negotiated, might come into place.

ChatGPT still under scrutiny despite changes in privacy policy

Back in March 2023, the Italian privacy watchdog banned ChatGPT in the country, as it had found the company was lacking a lawful basis fo the collection of users' personal information. After OpenAI, the creators of ChatGPT, met the authority's privacy demands, the app was reinstated in April.

However, despite these changes, cybersecurity experts warn that potential data privacy flaws persist which they say have not been adequately addressed. The GDPR-mandated form that lets users in the EU opt out of their data being collected to train the AI model is only available in the EU. Critics also say that existing users were not informed of the opt-out, so many will not do so simply because they are unaware of the option. Concerns also remain in the area of age verification and veracity of the generated content, since ChatGPT will often attribute actions, crimes, and even life/death status to the wrong people.

AI regulation is starting to shape up as the technology shows its blind spots and risks.

The regulatory side has also been busy in an effort to keep up with the AI industry. In the aftermath of the ChatGPT ban, Italy is now planning to create an AI advisory board to closely review the data collection practices of all artificial intelligence plaftorms available now and in the future. The European Data Protection Board has also created a task force to keep chatbots like ChatGPT in check. At the same time, a proposal for comprehensive laws regulating AI, known as the AI act, is pushing its way forward in the European Parliament.

Bossware on the rise: Employee monitoring study 2023

A new study on employee monitoring reveals that the number of US employers using invasive digital tracking tools (think activity monitoring and GPS location tracking) to monitor workers is rising at an alarming rate, and the trend is expected to grow further in the coming years.

The study, carried out by UK-based StandoutCV, compares 2023 post-pandemic monitoring trends to data collected by the company in 2021. It looks at the employee monitoring features offered by "bossware", and when tallied up, the numbers show that monitoring software now includes almost 25% more invasive features than two years ago.

Employee monitoring software, also called bossware, is on the rise.

The most common surveillance features include time tracking and taking screenshots of employee's computer screen, followed by video monitoring, keylogging, and GPS location tracking. We found the fact that 38% of monitoring tools are being used in stealth mode without the workers awareness or explicit permission concerning, to put it mildly.

We highly recommend having a look at the study. We're not too crazy about bossware, but here are our tips for privacy protection if you're working remotely.

Want to talk to us? Join us on the Koofr subreddit!

Enjoyed this article? Why not check out what we do.

Related tags