News Items Topics Internet Law Update

New Regulatory Directive on Assignment of Database Ownership in Israel

The Israeli Privacy Protection Authority (PPA) recently issued a new directive detailing the requirements for transferring ownership of databases of personal data. Directive No. 2/2024 emphasizes the transferor’s obligation to notify data subjects when ownership changes.

According to the directive, any change in ownership warrants notification to data subjects regarding the new owner’s identity and contact information, giving them the ...

Meta Hit with a €251 Million Fine For Compliance Failures Amid Data Breach

The Irish Data Protection Commission (DPC) hit Meta Platforms Ireland Limited (MPIL) with a fine of €251 million following two inquiries into a 2018 data breach. The breach affected approximately 29 million Facebook accounts globally, with about 3 million of those accounts based in the EU/EEA. The personal data exposed included users’ full names, email addresses, phone numbers, locations, places ...

FTC Enforcement Emphasizes Monetization of Geolocation Data

The Federal Trade Commission (FTC) has taken action against Mobilewalla, Inc., a data broker, for collecting and selling sensitive location data without obtaining proper consent from consumers. The FTC’s complaint alleges that Mobilewalla gathered data from real-time online ad bidding exchanges and third-party aggregators, often without consumers’ knowledge. This data included precise locations of individuals, such as visits to health ...

European Privacy Regulators Opine on Personal Data Processing in AI Model Training

The European Data Protection Board (EDPB) issued a detailed opinion on privacy implications for AI models under the GDPR. The opinion outlines key considerations including the application of the GDPR to AI Models trained on personal data, the applicability of the “legitimate interest” legal basis for training AI models on personal data, and the implications for AI models unlawfully trained ...

New Australian Cyber Law Requires Notification of Ransomware Payouts

Australia has enacted a new law designed to improve cyber security for the country. The law addresses several key areas including mandatory security standards for internet-connectable products, ransomware reporting obligations, information sharing for significant cyber incidents, and the establishment of a Cyber Incident Review Board.

The law mandates security standards for relevant internet-connectable products. Manufacturers and suppliers of these products ...

New European Law on Cybersecurity of Digital Products

The European Union’s Cyber Resilience Act entered into force in December. The Act aims to establish horizontal cybersecurity requirements for products with digital elements to ensure they are placed on the market with fewer vulnerabilities, and that manufacturers take security seriously throughout a product’s lifecycle. This regulation intends to improve transparency regarding product support periods, enabling users to consider cybersecurity ...

Israeli Competition Regulator May Block Mergers for Overconcentrated Personal Data

The Israeli Competition Authority recently signaled, in a conference celebrating its 30th anniversary, that the regulatory Merger Directive may soon be updated to weigh the factor of data ownership concentration mergers approval application, even when the merging companies are not in direct competition.

Data ownership concentration was a pivotal concern for the regulator in its decision to deny the merger ...

New European Directive on Liability in Digital Products, Software, and AI Technology

The European Union Directive on liability for defective products came into force in December 2024 and will become effective from December 2026. It establishes common rules for the liability of economic operators for damages caused by defective products. The directive aims to enhance the EU market and ensure high consumer protection by addressing innovative technologies such as AI and global ...

More News Items