The US Supreme Court ruled in Trump v. Slaughter that the FTC can no longer be independent, effectively dismantling the legal foundation of the EU-US Data Privacy Framework. Since 2000, the EU has relied on the FTC's independence as the privacy enforcement mechanism for EU-US data transfers, citing it 259 times in the current adequacy decision. Privacy advocacy group noyb, led by Max Schrems, is calling on the European Commission to formally repeal the EU-US adequacy decision and begin an orderly exit from US cloud services. Companies using SCCs and BCRs are also affected, as their transfer impact assessments typically rely on the same now-compromised US executive bodies. While the current Commission decision remains formally in force until repealed or annulled, noyb plans to file a lawsuit to bring the matter before the CJEU, a process expected to take 2-3 years.
Nguồn: https://noyb.eu/en/us-supreme-court-just-blew-eu-us-data-transfers. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
Offen Fair Web Analytics is an open source, self hosted and free web analytics tool that ensures data privacy and compliance with GDPR. Users have full access to their data and can opt in or out of data collection.
NetBox Validation has added a HIPAA Security Rule compliance pack as its ninth framework pack. The pack includes 20 network checks mapped to specific CFR citations, covering network architecture, segmentation, documentation, and resilience. It runs entirely offline against NetBox data before deployment — no SSH or device credentials required. The timing is driven by the proposed 2026 HIPAA Security Rule overhaul, which eliminates the 'addressable' loophole and for the first time mandates explicit network segmentation and a current network map. Organizations will have roughly 240 days to comply once the rule is finalized. The pack is available now in NetBox Cloud Premium tier as part of the public preview.
A philosophical and legal analysis of 'spontaneous data' — human-generated content like Instagram photos and TikTok videos — and its use in training AI systems to produce sexually explicit content. The piece covers the Software 2.0 paradigm where data rather than code is central, explains why existing intellectual property frameworks (Lockean labor theory and utilitarian incentive theory) fail to protect spontaneous data creators, and examines why consent alone is insufficient protection. Three counterarguments are explored: private use, anonymized transformation, and a utilitarian case for AI-generated explicit content as a harm-reduction mechanism. The article also touches on deepfakes, the interpretability problem in AI, and the philosophical distinction between human-level and metaphysically-aligned cognition.
Tòa án tối cao Ireland giữ nguyên phạt 530 triệu euro cho TikTok vì chuyển dữ liệu người dùng châu Âu sang Trung Quốc vi phạm GDPR, nhưng yêu cầu cơ quan quản lý xem xét lại lệnh cấm chuyển dữ liệu trong tương lai để tạo điều kiện hoạt động cho TikTok. Vụ việc làm nổi bật căng thẳng giữa vai trò "thiên đường công nghệ" và trách nhiệm quản lý của Ireland trong bối cảnh nhiệm kỳ Chủ tịch Hội đồng EU mới.
Một lập trình viên cần đọc bài này để hiểu rõ cách GDPR và các quy định bảo mật dữ liệu ảnh hưởng đến thiết kế hệ thống xử lý dữ liệu quốc tế, đặc biệt khi phải đối mặt với các vấn đề về chuyển dữ liệu sang nước ngoài như trong trường hợp TikTok.
Tinybird is launching a beta for lightweight deletes on Data Sources via a new API endpoint (POST /v1/datasources/{name}/delete). Unlike the old heavy mutation approach that rewrites disk parts, the new method uses ClickHouse's native lightweight DELETE, which materializes a hidden _row_exists mask instead of copying data. This makes deletes complete in milliseconds to seconds rather than minutes or hours. The endpoint supports both synchronous and asynchronous modes, an optional partition-scoping parameter, and is useful for GDPR right-to-be-forgotten requests, removing bad ingest data, and partition-scoped cleanups.
Researchers at LayerX have disclosed a prompt injection attack called 'BioShocking' that manipulates AI-powered browsers by embedding malicious instructions inside a fictional game scenario. By teaching the browser agent that 'wrong' actions are acceptable within the game context, the attack bypasses safety guardrails and can cause the agent to exfiltrate sensitive data such as credentials. The PoC was tested against six agentic browsers including ChatGPT Atlas, Comet, Fellou, Genspark, Sigma, and the Claude Chrome plugin — all six failed to detect the malicious final step. Only OpenAI implemented a working fix; Anthropic's patch was ineffective, and Perplexity closed the report without action. Recommended mitigations include explicit user confirmation for sensitive actions, stronger context checks, and scope limits for agentic sessions.
NIH's All of Us research program has released the world's largest integrated genomics and health database, covering 747,000 participants with 535,000 whole genome sequences linked to nearly 482,000 electronic health records and over 1.3 billion genetic variants. Notably, more than 86% of participants come from groups historically underrepresented in medical research, addressing a major gap compared to datasets like the UK Biobank. The database has already contributed to 1,400+ peer-reviewed papers and is positioned as foundational raw material for AI-driven drug discovery and diagnostics. However, the program faces a 72% budget cut since 2023 and a key funding stream set to expire, raising serious concerns about its future despite its scientific value.

Papa Johns partnered with NBCUniversal, Instacart, and media agency Carat to build a surveillance-based ad targeting system that predicts when consumers are running low on groceries. By analyzing Instacart purchase patterns for staples like eggs, milk, and produce, the system estimates which days specific consumers are likely to have an empty fridge and serves them targeted ads on NBCU streaming. Bruce Schneier draws a parallel to Target's 2012 pregnancy-detection campaign, noting that the strategy for avoiding the 'creepy' label is to deliberately introduce some wrong predictions to obscure the depth of surveillance.