Simple prompt injections can trick LLM agents into exposing sensitive personal data. Even with safeguards, attackers extract details like balances, transactions, or identifiers. Such attacks succeed in ~20% of cases and degrade agent performance by 15–50%. Defensive measures exist but remain incomplete, leaving users exposed. Bottom line: data sovereignty requires stronger guardrails. Trusting LLMs “as […]
The Austrian Federal Administrative Court confirmed that DerStandard’s “Pay or Okay” model breaches the GDPR. Users had to either accept tracking by hundreds of third parties or pay a subscription. Authorities ruled that this coercive model invalidates consent, which must be free and specific. Real consent rates drop to 1–7% when asked transparently, but the […]
Researchers found millions of passports, credit cards, résumés, and faces in DataComp CommonPool, a massive AI training dataset scraped from the web. Auditing just 0.1% revealed hundreds of millions of likely PII (personally identifiable information) items, including sensitive job and health details. Despite face-blurring tools, researchers estimate 102 million faces were missed, and metadata/captions still […]
The U.S. Federal Trade Commission (FTC) is emailing 3.7 million Avast customers, informing them they may be eligible for compensation due to Avast’s deceptive privacy practices. Avast collected and sold users’ browsing data without proper consent while falsely claiming its software protected privacy. The FTC ruled that this practice violated U.S. law. Avast’s data was […]
Apple has stopped offering end-to-end encrypted iCloud backups in the UK due to government demands. UK authorities issued a Capability Notice requiring Apple to provide access to encrypted backups. As a result, the ‘Advanced Data Protection’ feature, which enables full encryption, will no longer be available to new UK users. Existing UK users who already […]
Wiz Research uncovered a publicly accessible ClickHouse database belonging to DeepSeek, a Chinese AI startup. The database exposed over a million sensitive log entries, including chat history, API keys, and backend details. The database was entirely open, allowing full control without authentication. This posed severe security risks, making it vulnerable to unauthorized access and potential […]
Italy’s Privacy Guarantor has requested information from DeepSeek AI providers in China about their data collection practices. Authorities are concerned about potential risks to the personal data of millions of Italians. Key inquiries include data sources, the legal basis for collection, storage locations, and the use of web scraping. Regulators want to understand how DeepSeek […]
Bunnings, Australia’s largest hardware chain, has been accused of violating the privacy of hundreds of thousands of customers by using facial recognition technology in over 60 stores. According to the OAIC, Australia’s privacy regulator, the system was overly intrusive and operated without obtaining proper customer consent. The OAIC found that Bunnings failed to meet transparency […]
The FTC revealed that major social media and streaming platforms, like Facebook, YouTube, and TikTok, engage in large-scale user surveillance for profit. The investigation found that these companies collect and monetize vast amounts of personal data. This raises serious privacy concerns, especially for children. The report highlights how these companies’ reliance on targeted ads drives […]
The Dutch Data Protection Authority (AP) has fined Clearview AI over €30 million for illegally scraping facial images from the internet. Despite previous fines from other European regulators, Clearview continued its violations, amassing a database of 30 billion facial images for use in law enforcement. The AP emphasized that Clearview violated the GDPR by creating […]