Bans, Breaches, and Budding Regulations: May 2023’s Key Stories

Like any fast-developing resource, the advancement of data use is subject to growing pains. As organizations find new and exciting ways to drive initiatives with data, outpaced regulatory bodies lag behind technological advancements and find themselves needing to catch up.

This month, our Immuta Unlocked Newsletter highlights how organizations are achieving their goals using secure data at scale. Our Key Stories, on the other hand, demonstrate the ways in which governments and regulatory bodies are still attempting to wrangle unchecked data use into something more standardized.

Here’s a roundup of the key stories we followed in May:

OpenAI CEO Advocates for Regulations

Article: CEO behind ChatGPT warns Congress AI could cause ‘harm to the world’ (Washington Post)

Following recent testimony from tech leaders at TikTok and Meta, the United States Senate Judiciary Committee invited OpenAI CEO Sam Altman to speak in front of the subcommittee on privacy, technology, and the law earlier this month. Altman’s testimony–and the committee members’ questions–were predictably focused on the potential dangers of fast-growing artificial intelligence (AI) platforms like OpenAI’s ChatGPT. But what came as a surprise to some is Altman’s insistence on the need for regulation in the AI industry.

Altman’s testimony provided insight into his fears of AI gone wrong, including disinformation impacting elections, individuals being emotionally manipulated, and tools being used to target drone strikes. With AI development unchecked, these kinds of risks might become unavoidable. But with regulation around the growth and evolving use of these technologies, uncertainty and danger can be mitigated. Notably, Altman chose to avoid questions around the regulation of training data for AI models. While OpenAI remains close-lipped about the data its products are trained on, regulatory bodies could set the groundwork for these kinds of important data regulations in the future.

First U.S. State Bans TikTok Over Security Concerns

Article: Montana is banning TikTok. But can the state enforce the law and fend off a lawsuit? (Associated Press)

This month, Montana Governor Greg Gianforte passed the first official U.S. state-level law banning residents from using the TikTok platform. The law, set to take effect on January 1, 2024, would fine any entity that allows users to access, download, or have the “ability to access” the platform $10,000 per day per user. This penalty would be enforced on entities like app stores and TikTok itself, rather than on individual users. Even so, multiple lawsuits have already been filed by TikTok and its users to appeal the law–and more are expected to follow.

The basis for this law is rooted in data security concerns shared by members of the U.S. Senate and various intelligence agencies. With TikTok’s parent company ByteDance based in China, there is concern that the Chinese government could use the app to gather user data from U.S. citizens and exploit the information or push propaganda back on their feeds. If legally enforceable, this law would set the standard for similar bans that could propagate across the nation. The lawsuits that follow will provide additional insight into the application of data legislation in the future.

New Record Set for Data Privacy Fines

Article: Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules (The New York Times)

Another month, another data privacy compliance violation resulting in a substantial fine. This time, Facebook’s parent company Meta has been hit with a $1.3 billion USD fine for having transferred European-generated user data to the United States. According to Ireland’s Data Protection Commission, Meta’s actions violated the General Data Protection Regulation (GDPR), as recent rulings deemed data transfers to the United States to not be secure from U.S. intelligence agencies and their surveillance habits.

This fine also highlights the growing importance of data localization policies and the consequences of not adhering to them. Localization refers to the growing practice of enforcing policies that keep data generated within a specific jurisdiction from being transferred, stored, or processed elsewhere. The reasons for these kinds of regulations are myriad, but they boil down to factors like ease of compliance, enhanced surveillance, and the mitigation of potential sanctions. Meta’s appeal of this ruling, however, highlights the potential impact of the most recent U.S.-E.U. data sharing agreement that followed Schrems II and the dissolution of the original “Privacy Shield.” With legal standards set for cross-border data sharing, fines like this could soon become invalid.

Breach Impacts Data of U.S. Federal Employees

Article: Transportation Dept. cyber breach exposes data of federal employees (FedScoop)

While many of the data breaches that make the headlines happen at larger corporations, they can just as likely impact public sector institutions. This month, the U.S. Department of Transportation (DOT) was hit by a breach that impacted its transit benefit program TRANServe and exposed the personally identifiable information (PII) of up to 237,000 federal employees. Exposed PII included employee names, home addresses, their agency of employment, and work email addresses, and phone numbers.

In its response to the breach, the DOT noted that it had immediately isolated the systems that were affected in order to keep the event from spreading to further resources. This immediate containment is crucial for any data breach response, as is the notification of those impacted and the continued evaluation and remediation of any damages. Ideally, the teams that addressed the breach should now have both a better understanding of their response tactics and a more resilient data stack to protect against further breaches. Combining proactive security with post-breach learnings can create a fortified data ecosystem.

Keeping Up with Key Stories

Evaluating the ways in which data practices are still being adjusted and perfected, May’s Key Stories demonstrate the evolving nature of data use and the importance of being prepared to weather the impacts of any regulatory changes or data breaches.

To stay up-to-date on the latest in data security and beyond, subscribe to the Immuta Unlocked Newsletter today. Each month, we include Key Stories in the newsletter to provide you with access to the latest news in data.

We’ll see you next month!

Subscribe Today

Receive fresh insights, invites, and content each month from Immuta Unlocked.


Related stories