All news with #privacy engineering tag

🛈 OpenAI is rolling out a full-screen onboarding experience for ads in ChatGPT on Android, assuring users that sponsored content will be clearly labeled and separated from model answers. The company says ads will not change responses and that it will not sell personal data to advertisers, though current chats may influence which sponsored message appears. Users can hide or report ads, ask ChatGPT about an ad, and manage ad-related data via a new Ads controls setting; paid tiers are exempt.

🤖 This Kaspersky article evaluates safety and privacy risks in consumer AI toys by testing four products—Grok, Kumma, Miko 3, and Robot MINI—using a simulated five‑year‑old. It emphasizes that these devices run on general-purpose LLMs (for example, OpenAI, Anthropic, Google) with inconsistent vendor guardrails. Tests show toys sometimes disclosed locations of dangerous household items, engaged on adult topics, and transmitted or stored voice and biometric data. The piece warns current toys lack reliable safety boundaries and calls for stronger guardrails and clearer data practices.

⚖️ The U.S. Supreme Court is weighing the constitutionality of geofence warrants in the appeal of Okello Chatrie, convicted after a 2019 Richmond-area robbery. Police obtained anonymized location records from Google for devices near the crime scene, which led investigators to Chatrie and evidence seized during a subsequent search. Chatrie’s appeal contends such warrants violate the Fourth Amendment. The Court’s decision could recalibrate the balance between investigative tools and individual location privacy.

🔐 Microsoft complied with a US search warrant in early 2025 and provided BitLocker recovery keys stored on its servers to investigators probing alleged COVID unemployment fraud in Guam. Because many Windows installations back up recovery keys by default to Microsoft cloud services, those keys were retrievable when legally compelled. Experts stress this is a custody and governance issue rather than a cryptographic failure of BitLocker, and recommend restricting default cloud backups, enforcing strict admin controls, and redirecting keys to on‑premises or enterprise key vaults where possible.

🕵️ The Irish government proposes new powers to allow police to intercept communications, including encrypted messages, and to authorize targeted, warrant-backed use of spyware. The draft measures would expand legal authority for interception, compel assistance from service providers and device makers, and define covert access procedures along with oversight obligations. Civil liberties groups and security experts warn the reforms risk weakening encryption, increasing misuse, and eroding privacy without robust independent safeguards.

🧭 OpenAI’s launches of ChatGPT Search and the ChatGPT Atlas browser mark a pivot toward monetizing user attention through advertising. The essay warns this trajectory risks reproducing the ad-driven incentives of search incumbents like Google, enabling conversational AI to influence purchases, opinions, and online behavior more subtly and effectively than traditional ads. Schneier urges caution, greater consumer data control, and public-policy responses to protect trust.

🚨 Inside Beverly Hills High School, an array of AI-driven surveillance tools is being used to monitor students and campus activity. Video cameras run facial recognition and behavior-analysis models, a smoke-detector-shaped device captures audio for distress sounds, drones stand ready for aerial intel, and license-plate readers from Flock Safety track vehicles. The deployment raises questions about privacy, oversight, and the normalization of commercial surveillance in schools.

🔒Most people underestimate how much personal data is publicly available online. Exposed details — names, past addresses, phone numbers, family ties, and old usernames — make individuals easy targets for doxxing, scams, and stalking. The article advises removing data from people-search sites and directories, either manually or by using a data removal service such as Incogni, which automates searches and sends deletion requests. An Unlimited plan lets you submit custom removal links for broader coverage.

📉 ISACA's State of Privacy 2026 report reveals privacy teams are shrinking and underfunded despite mounting regulatory and technological pressures. The median privacy staff size fell to five from eight year-over-year, and technical privacy roles are notably understaffed while demand for those skills rises. Respondents report increased stress—35% say their role is 'significantly more stressful' and 30% 'slightly more stressful'—attributed to rapid tech evolution, compliance complexity and resource shortages. To close skill gaps, organizations are training interested non-privacy staff and increasing reliance on contractors, consultants and planned AI tools for privacy tasks.

📍 The Federal Trade Commission has finalized an order prohibiting General Motors and its OnStar unit from collecting, using, or sharing consumers' precise geolocation and driving-behavior data without express consent. The FTC said GM harvested location data every three seconds through the discontinued Smart Driver feature and sold it to third parties, including consumer reporting agencies, which could affect insurance outcomes. Under the order GM is barred from sharing such data with consumer reporting agencies for five years, must obtain express consent for collection and sharing for 20 years, and must give U.S. customers access, deletion rights, and the ability to disable precise location tracking.

🔐 Australia's 2026 law banning under-16s from social media has reignited debate over whether internet services should require identity verification. Tony Anscombe argues that distinguishing verified and unverified users could reduce abuse, targeted fraud and underage exposure while letting people filter unwanted content. He warns verification methods (biometrics, government ID) carry privacy and data-retention risks and that bans may drive minors to circumvent restrictions, so a balanced regulatory approach is needed.

🔐 In a Deputy CISO post, Terrell Cox explains how Microsoft aligns privacy and security as complementary priorities, treating privacy as a human right across products from Microsoft 365 to Azure. The company enforces rigorous internal compliance—audits, cross‑functional reviews, and executive oversight—and limits data access through controls like Customer Lockbox and zero‑trust access. Microsoft highlights solutions such as Microsoft Entra, Entra ID, and Microsoft Purview to support data residency, classification, protection, and regulatory compliance.

🟢 Apple and Google confirmed a multi-year collaboration that will bring Google's Gemini models and Google Cloud hosting to future versions of Siri and Apple Foundation Models. The move aims to address performance gaps after Apple’s in-house Siri models lagged behind rivals. Apple says Apple Intelligence will run on-device and on its Private Cloud Compute while foundation models are hosted on Google Cloud, and that user privacy remains a priority.

⚖️California privacy regulators have taken enforcement action under the Delete Act, penalizing a marketing firm and a global analytics provider for trading in sensitive consumer profiles without proper registration. The agency fined Rickenbacher Data LLC (operating as Datamasters) $45,000 and ordered it to stop selling and delete California data. Separately, S&P Global was fined $62,600 for failing to register as a data broker. Officials highlighted risks from lists linked to medical conditions, race, age, political views and spending.

🛑 The California Privacy Protection Agency ordered Rickenbacher Data LLC, operating as Datamasters, to stop selling Californians' health and personal information and fined the firm $45,000 for failing to register as a data broker under the California Delete Act. Regulators found Datamasters bought and resold hundreds of millions of records—names, emails, addresses and phone numbers—targeting people by medical conditions, age, perceived race, political views and purchases. The agency ordered deletion of previously acquired California records by the end of December, requires any newly received Californian data to be purged within 24 hours, and imposed five years of compliance measures; CalPrivacy also fined S&P Global $62,600 for an administrative registration lapse.

🛑 A Texas district court briefly issued a temporary restraining order barring Samsung from collecting audio and visual data from Texas smart TVs under its Automated Content Recognition (ACR) program, citing deceptive enrollment practices and allegations that the Chinese Communist Party could access the information. The TRO, signed Jan. 5, said users were subjected to confusing disclosures and 'dark patterns' that defeat meaningful opt-out and claimed screenshots could be captured roughly every 500 milliseconds. The order initially blocked ACR activity relating to Texas consumers until Jan. 19, but the judge vacated the TRO the next day; the underlying lawsuit remains pending and a hearing is scheduled for Jan. 9.

⚖️ The State of Texas secured a temporary restraining order against Samsung, barring it from collecting audio and visual data about what Texas consumers watch on Samsung smart TVs using Automated Content Recognition (ACR). The court found the enrollment process deceptive and opaque, relying on 'dark patterns' that make informed consent impractical. The order halts ACR use, sale, transfer, and data collection for Texas-based TVs pending further proceedings.

🩺 OpenAI announced ChatGPT Health, a sandboxed space that lets users discuss health topics and optionally connect medical records and popular wellness apps (Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, Peloton) for tailored responses, lab-test insights, nutrition advice, meal ideas and suggested workouts. The feature is rolling out to Free, Go, Plus and Pro users outside the EEA, Switzerland and the U.K., and OpenAI says it is designed to support medical care, not replace diagnosis or treatment. Health operates in a silo with purpose-built encryption and isolation; conversations are not used to train OpenAI's foundation models, and connected apps require explicit permission and additional security review.

🔎 The New York City Wegmans is reportedly collecting biometric information about customers through in-store cameras and analytics systems. Bruce Schneier highlights that this appears to amount to facial recognition or at least biometric profiling without clear customer notice or consent. The piece raises concerns about transparency, retention policies, and potential misuse of sensitive data. It calls attention to gaps in oversight and urges better disclosure and regulation.

⚖️ Italy's antitrust authority has fined Apple €98.6 million after finding that its App Tracking Transparency (ATT) framework restricted App Store competition by imposing a burdensome double-consent process on third-party developers. The AGCM said Apple used its dominant distribution position to unilaterally set consent rules without consulting developers. Regulators noted they are not contesting Apple's privacy goals but found the ATT consent requirements disproportionate and harmful to ad-supported developers. Apple said it will appeal and defended its privacy protections.