Tag Archives: fined

Porn Company Fined £1 Million by Ofcom for Inadequate Age Verification

Posted on by
Reply

A pornography company managing 18 adult websites has incurred a £1 million fine from the regulatory body Ofcom for inadequate age verification measures, marking the largest penalty issued thus far under the UK’s Online Safety Act.

The Belize-based AVS Group has also faced an additional fine of £50,000 for not adhering to information request protocols.

This incident represents the third time the communications regulator has enforced fines on a company regarding the UK’s Online Safety Act, which implemented stringent age verification rules in July.

AVS has implemented what it describes as an age verification system; however, regulatory assessments have deemed it to be ineffective.

The company finds itself facing a £1,000 penalty for each day Ofcom considers the circumstance valid within a 72-hour window of the age check being introduced. This leads to a cumulative fine of £300 daily until they comply with the information request or for as much as 60 days.

Since the implementation of the new regulations, Ofcom has initiated investigations into 92 online services, giving priority to sites attracting millions of monthly visitors, considering the potential harm these sites pose.

Oliver Griffiths, Ofcom’s group director for online safety, shared with BBC Radio 4’s Today program that the fines are part of a “broader shift” focused on platform accountability, which includes the “large scale” rollout of age verification on adult sites to combat child sexual abuse material.

Mr. Griffiths noted that more than 90 websites, inclusive of 83 adult sites, are still under scrutiny for possible infringements of the law, and further penalties are expected.

Ofcom also indicated that a significant social media platform, unnamed, could face formal repercussions should it fail to enhance its compliance measures. This platform has reportedly provided insufficient risk assessments needed to evaluate the potential appearance of illegal content, such as scams and unlawful pornography, to its users.

“We reached back out to inform them a re-evaluation was necessary,” Griffiths stated. “Should they fail to treat this matter with due seriousness again, we will promptly escalate to enforcement.”

Furthermore, Ofcom disclosed its review of major anonymous platforms’ capabilities to eliminate illegal terrorist and hate-driven content, including anti-Semitic and anti-Muslim material, with possible enforcement actions on the horizon.

The Online Safety Act brings forth several new regulations designed to shield children and adults from harmful content, with violations potentially costing up to £18 million or 10% of annual UK revenue, or even business closures.

More than half of the UK’s 100 most frequented adult services have instituted age verification since the rule changes in July, alongside social media sites like X, TikTok, and Reddit, according to the regulator. Mr. Griffiths acknowledged a rapid increase in the usage of virtual private networks (VPNs), which enable users to bypass regional restrictions on certain sites, noting that this number had peaked at between 600,000 to over 1 million users when the age verification was assessed but has since declined “significantly” below 1 million.

“There has been a slight uptick in VPN usage; however, several elements were not sold wholesale. Interesting research …indicates that children do not seem to constitute a large proportion,” he noted.

Technology Secretary Liz Kendall stated: “Since the Online Safety Act was enacted, platforms are indeed beginning to accept responsibility for safeguarding children and eradicating illegal and hateful content.”

“Ofcom has the full backing of the Government and is leveraging every authority at its disposal to ensure a service prioritizing user safety. Ensuring the online safety of children remains a top priority for this Government and for me personally.”

Source: www.theguardian.com

Man Fined $340,000 for Creating Deepfake Porn of a Prominent Australian Woman in Landmark Case

Posted on by
Reply

The individual who shared deepfake pornographic images of a well-known Australian figure has been heavily fined in the initial legal case for sending a “strong message.”

On Friday, a federal court mandated that Anthony Rotondo, also known as Antonio, pay a penalty of $343,500 along with legal costs after the online regulator, Esafiti Commissioner, filed a lawsuit against him nearly two years ago.

Rotondo was responsible for posting the images on a website named Mrdeepfakes.com.

Sign up: AU Breaking NewsEmail

Regulators maintained that substantial civil penalties were essential to underscore the severity of violations against online safety laws and the harm inflicted upon women who are victims of image-based abuse.

“This action sends a strong message regarding the repercussions for individuals who engage in image-based abuse through deepfakes,” the watchdog stated late Friday.

“Esafety is profoundly concerned about the creation and distribution of non-consensual explicit deepfake images, as these can lead to significant psychological and emotional distress.”

Commissioner Julie Inman Grant filed a case against Rotondo in federal court in 2023 due to his non-compliance with a deletion notice, which was ineffective as he is not an Australian resident.

“If you believe you’re in the right, I’ll secure an arrest warrant,” he said.

Following the court’s order for Rotondo to remove the images and refrain from sharing them, he sent them via email to 50 addresses, including the Esafety Commissioner and various media outlets.

Commissioners initiated federal court proceedings shortly after police ascertained that Rotondo had traveled from the Philippines to the Gold Coast.

Skip past newsletter promotions

He eventually acknowledged his actions as trivial.

The images were removed after Rotondo voluntarily provided passwords and necessary details to the Commissioner’s officers.




Source: www.theguardian.com

23AndMe Fined £2.3 Million by UK Regulators Over 2023 Data Breach | Technology News

Posted on by
Reply

The genetic testing firm 23AndMe has been penalized with a fine exceeding £2.3 million following a significant cyberattack in 2023, which compromised the personal information of over 150,000 UK residents.

Sensitive data, including family tree details, health reports, names, and postal codes, were among the information breached from the California-based company. The UK Intelligence Commission’s office confirmed the breach after employees discovered that stolen data was being offered for sale on the social media platform Reddit.

Intelligence Commissioner John Edwards referred to the incidents during the summer of 2023 as “a deeply damaging violation.” The data breach affecting the UK was just a fraction of a larger security incident that compromised data from 7 million individuals.

23AndMe offers DNA screening for £89 through a saliva-based kit, allowing users to trace their ancestry in terms of ethnicity and geographical origin. However, many customers sought bankruptcy protection in the US in March, requesting the removal of their DNA data from the company’s records following the hack.

The penalty coincided with a $355 million acquisition bid for the company led by former CEO Anne Wassicki.

Edwards noted that the data breaches included sensitive personal information, family histories, and even health conditions of numerous individuals in the UK.

“As one affected individual remarked, once this information is out there, it cannot be altered or replaced like a password or credit card number,” he added.

UK data protection regulators found that 23AndMe did not take fundamental steps to safeguard user information, revealing inadequacies in its security system, including a failure to implement stricter user authentication measures.

Hackers exploited a widespread weakness due to the reuse of passwords compromised in unrelated data breaches. They employed automated tools in a method called “credential stuffing.”

Edwards remarked, “The warning signs were evident, and the company’s response was sluggish. This has made individuals’ most sensitive data vulnerable to exploitation and harm.”

Skip past newsletter promotions

A company spokesperson stated that 23AndMe has taken various measures to enhance security for individual accounts and data. They have made a firm commitment to improving the protection of customer data and privacy in connection with an initiative that will benefit 23AndMe, a nonprofit associated with Wojcicki, the TTAM Research Institute.

Fines are part of the substantial penalties imposed on various organizations by ICOs in recent years due to their inability to secure data from hacking and ransomware incidents. In 2022, a fine levied against construction firms exceeded £4.4 million when staff data was compromised, including contact information, bank details, sexual orientation, and health data.

In March of this year, NHS IT supplier Advanced Computer Software Group faced a fine of nearly £3.1 million for endangering the personal information of approximately 80,000 individuals.

Source: www.theguardian.com

TikTok Fined €530 Million by Irish Regulators for Failing to Ensure User Data Protection from China

Posted on by
Reply

TikTok has been penalized €530 million (£452 million) by the Irish regulator for failing to ensure that European user data transmitted to China would be safeguarded from access by the Chinese government.

The Irish Data Protection Commission (DPC) oversees TikTok’s operations across the European Economic Area (EEA), which includes all 27 EU member states along with Iceland, Liechtenstein, and Norway.

It was determined that the Chinese-owned video-sharing platform breached the General Data Protection Regulation (GDPR) by not adequately addressing whether EEA user data sent to China is shielded from the authorities there.

The DPC remarked: “TikTok did not consider the potential access by Chinese authorities to EEA personal data. China’s national security and anti-terrorism laws have been noted as diverging from EU standards by TikTok.”

According to the DPC, TikTok did not “verify, assure, or demonstrate” that the European user data sent to China was afforded a level of protection comparable to that guaranteed within the EU.

TikTok stated that it would not “certify” that the DPC transfers European user data to Chinese authorities. The company claimed it has never received such a request from Chinese officials nor provided user data to them.

Moreover, TikTok has been directed to cease data transfers to China unless compliant processing measures are implemented within six months.

For instance, the National Intelligence Act of 2017 in China mandates that all organizations and citizens “support, assist, and cooperate” with national intelligence efforts.

The DPC noted that the data was “remotely accessed by TikTok’s Chinese staff.”

The watchdog also reported that TikTok provided “false information” during the investigation, initially claiming it had not stored user data from the EEA, but later acknowledging the possibility of storing “limited” European user data in China.

The Dublin-based regulator expressed that it takes “inaccurate” submissions very seriously and is evaluating whether additional regulatory actions are necessary.

Skip past newsletter promotions

The security of TikTok user data has been a longstanding concern among politicians regarding its Chinese ownership. The app still faces the threat of a ban in the US, with legislators on both sides of the Atlantic cautioning that the Chinese state may have access to user data. TikTok is managed by an organization based in Beijing.

In response to the ruling, TikTok announced its intent to appeal and mentioned that safeguards have been put in place under the Project Clover Data Security Scheme, introduced in March 2023. The DPC investigation covered the period from September 2021 to May 2023.

The DPC’s decision also included a finding from 2021 that a privacy statement provided to users did not disclose that data could be accessed in China when personal user data was transferred to a third country. The Privacy Policy was subsequently revised in 2022 to clarify that data is accessible in China.

Following the changes in 2022, TikTok acknowledged that it could access European user data in countries like China to perform checks on platform functionalities, including the effectiveness of algorithms that recommend content to users and identify problematic automated accounts.

Source: www.theguardian.com

TikTok Fined $600 Million for Transferring European User Data to China

Posted on by
Reply

On Friday, Tiktok was fined 530 million euros ($600 million) for breaching the European Union’s data privacy regulations after regulators found that personal data of users was wrongly transferred to China.

Ireland’s Data Protection Commission announced the penalty, stating that Tiktok did not adequately safeguard data from its European users, including some accessible to staff in China, violating the EU’s General Data Protection Regulation (GDPR).

This fine ranks among the largest under the GDPR and adds to the difficulties faced by Bitedan, Tiktok’s Chinese parent company, especially amidst U.S. pressures on non-Chinese companies to divest or face bans in the U.S. The Irish authorities noted that if Tiktok fails to fulfill specific requirements, it may be ordered to cease data transfers to China within six months.

European regulators indicated that Tiktok’s insufficient protections risked user information across the 27-nation bloc. Irish authorities further stated that the Chinese government could potentially access data from users under its anti-terrorism and espionage laws.

With approximately 175 million users in Europe, Tiktok stated it complies with EU laws, asserting that it “has never received requests for European user data from Chinese authorities and has never provided them with such data.”

Tiktok plans to contest the ruling, which could lead to a protracted court battle with the Irish government, Tiktok’s primary regulator in Europe. The company’s European headquarters is situated in Ireland, which is responsible for enforcing GDPR.

Tiktok mentioned that the Irish Data Protection Commission did not take into account its 2023 initiative to invest 12 billion euros in data protections for users within the EU, including the development of a data center in Finland.

The company cautioned that “this ruling may establish precedents that could have widespread repercussions for European companies and industries operating globally.”

Last month, Ireland’s regulators announced that Tiktok had uncovered a “limited” amount of user data stored on servers in China, following a series of denials.

Graham Doyle, vice-chairman of Ireland’s Data Protection Commission, commented on the situation in a statement.

Source: www.nytimes.com

Apple fined 500 million euros by EU for music streaming practices

Posted on by
Reply

Apple faces a €500m (£427m) fine for unfairly influencing competitors in the music streaming market, according to the Financial Times. The European Commission, the EU’s executive arm, will impose the penalty following an extensive investigation.

Why is Apple facing the prospect of fines?

After Spotify filed complaints in 2019, the EU began examining Apple’s position in the music streaming app market. The focus was narrowed down to specific restrictions placed by Apple on app developers, preventing them from informing iPhone and iPad users about more affordable music subscriptions outside of the App Store. Spotify claims this favors Apple Music, the company’s rival app.

This case is the latest in a series of legal disputes involving Apple’s App Store, which has been criticized by the companies utilizing it for its rules and charges. Apple recently announced that it would allow EU customers to download apps without going through its own store, a concession made under pressure from the EU’s Digital Markets Act (DMA).

What does the EU think about Apple’s actions?

The EU did not comment directly, but when Apple issued a new statement of objection in February of the previous year, it suggested that the company would be penalized for unfair trading conditions violating Article 102 of the Treaty on the Functioning of the European Union. The Commission expressed concerns that the restrictions can prevent developers from informing consumers about affordable streaming service subscriptions.

What happens next?

The Financial Times reported that the Commission will announce the fine in the early part of the next month. The maximum fine for anti-competitive behavior is 10% of global turnover, which, in Apple’s case, could be up to $30bn (£24bn), although the final amount is expected to be lower. Apple may appeal the Commission’s decision.

What are Apple and Spotify saying?

Apple and Spotify declined to comment on Monday. However, Apple has previously defended its App Store, stating that it has aided Spotify in becoming Europe’s top music streaming service.

Spotify, on the other hand, has emphasized its complaint against Apple’s aim to establish a “level playing field,” arguing that the App Store restrictions give preference to Apple Music, the company’s own streaming service.

What do the experts say?

Ann Witt, a professor of antitrust law at France’s EDHEC Business School, remarked that Apple is already confronting a stringent regulatory environment with the introduction of the DMA. The Open Market Institute opined that the size of the reported fine will not have a significant impact on Apple’s behavior.

Source: www.theguardian.com