Yazılar

Italy’s Data Regulator Blocks DeepSeek AI Chatbot Over Privacy Concerns

/in /tarafından

Italy’s data protection authority, the Garante, has ordered Chinese AI startup DeepSeek to block its chatbot in the country after the company failed to address concerns over its privacy practices. The regulator had questioned DeepSeek about its handling of personal data, including details on what data is collected, its sources, the purposes for which it is used, its legal basis, and whether it is stored in China.

The Garante’s decision came after the company provided what was deemed “totally insufficient” information, prompting the watchdog to take immediate action to protect Italian users’ privacy. DeepSeek has yet to comment on the ruling.

The Chinese startup, which recently claimed that its AI models rival or outperform industry-leading U.S. models at a fraction of the cost, has made headlines for surpassing ChatGPT as the top-rated free app on Apple’s App Store in the U.S. However, its swift rise has drawn increasing scrutiny over data protection.

The Garante’s order, which took effect immediately, also includes an investigation into DeepSeek’s data handling practices. Meanwhile, other European regulators, including those in France and Ireland, are investigating the chatbot’s privacy policy.

In response to Italy’s concerns, DeepSeek stated that it had removed its AI assistant from Italian app stores after facing scrutiny. However, Agostino Ghiglia, a member of the Garante board, revealed that the company’s stance—which claimed it was not subject to Italian regulation—further aggravated the situation, prompting the block. Ghiglia emphasized that DeepSeek’s lack of cooperation had made the situation worse.

As of Friday, some Italian users who had previously downloaded the app reported that the chatbot was still functional on their devices, and the web version of the service remained operational. The Garante emphasized that citizens must have the right to consent based on how their data is handled, especially when servers in countries outside the EU, such as China, may not provide the same privacy guarantees as European standards.

The Garante has been at the forefront of data protection in Europe, with a history of taking action against companies, including a brief ban on Microsoft-backed ChatGPT two years ago over potential privacy rule violations.

 

Lawsuit Accuses Amazon of Secretly Tracking Consumers Through Cellphones

/in /tarafından

Key Points:

  • Amazon is facing a class action lawsuit filed in San Francisco federal court, accusing the company of secretly tracking consumers’ movements and selling the collected data.
  • The lawsuit claims Amazon used its Amazon Ads SDK code to allow app developers to collect geolocation data from users’ phones without their consent, revealing sensitive information such as religious affiliations, sexual orientations, and health concerns.
  • The complaint is led by Felix Kolotinsky, a California resident, who alleges that Amazon collected his personal data through the Speedtest by Ookla app.
  • The plaintiffs seek unspecified damages for millions of affected California consumers. The lawsuit cites violations of California state law related to unauthorized computer access and penal law.

Broader Implications:

  • The case highlights growing concerns about companies profiting from user data without proper consent, a trend that has sparked multiple lawsuits and regulatory inquiries in recent years.
  • The lawsuit comes amid other similar cases, such as a recent suit filed by Texas against Allstate for tracking drivers through cellphones.

EU Court Imposes Fine on EU for Breaching Own Data Protection Law

/in /tarafından

In a landmark decision, the EU General Court ruled on Wednesday that the European Commission must pay compensation to a German citizen for breaching its own data protection laws. The court found that the Commission transferred the citizen’s personal data to the United States without adequate safeguards, in violation of the EU’s General Data Protection Regulation (GDPR).

The case stemmed from the individual using the “Sign in with Facebook” option to register for a conference via the EU login page. The court concluded that the Commission’s transfer of the user’s IP address to Meta Platforms in the U.S. was unlawful, as it did not meet the required data protection standards set out by the GDPR. As a result, the Commission was ordered to pay the citizen 400 euros ($412) in damages.

A spokesperson for the European Commission acknowledged the ruling and stated that it would carefully assess the judgment and its implications. This decision marks a significant development in the enforcement of GDPR, a regulation widely considered to be among the most robust data privacy laws globally. Many major companies, including Meta, LinkedIn, and Klarna, have faced heavy fines from the EU for failing to comply with these regulations.