Lithuanian AdTech Firm Linked to US Military Location Data Sale

A media investigation found that Datastream Group, a Florida-based data broker, sourced sensitive US military satellite location data from Lithuanian AdTech companies, including Eskimi. The data included 3.6 billion location points from up to 11 million devices in Germany. US Senator Ron Wyden’s office sought answers from Datastream Group, Eskimi, and Lithuania’s Data Protection Authority. Eskimi denies being a data broker or having ties to Datastream Group. Google was also informed, as Eskimi is part of its Authorized Buyer program. The Lithuanian DPA is gathering information and may investigate potential GDPR violations. Read more

Lawmakers Propose Ban on DeepSeek for Federal Devices

U.S. Representatives Josh Gottheimer and Darin LaHood introduced the bipartisan “No DeepSeek on Government Devices Act,” aiming to prohibit federal employees from using the Chinese AI app DeepSeek on government-issued devices. The proposed legislation cites concerns over potential data sharing with the Chinese government. This move parallels previous actions taken against TikTok due to similar security issues with TikTok. Several countries, including South Korea, Australia, and Taiwan, have already implemented bans on DeepSeek.Read more

Grubhub Reports Data Breach Affecting Customers and Drivers

Grubhub announced a data breach after detecting unauthorised access through a third-party service provider’s account. Exposed data includes names, email addresses, phone numbers, and partial card details for some campus diners. Hashed passwords from certain legacy systems were also accessed, prompting a password reset. Grubhub stated that no full payment card details, social security numbers leaked, or merchant logins were compromised. The company has updated security measures and advises users to use unique passwords. Read more

New York Lawmakers Push Health Data Privacy Bill 

New York lawmakers passed the Health Information Privacy Act to limit tech companies’ access to consumer health data. The bill prohibits the sale of health data from apps without user consent, covering reproductive health searches, fitness tracking, and location data. Supporters cite concerns over law enforcement using such data to prosecute individuals seeking reproductive care. Governor Kathy Hochul has yet to decide on the bill, which faces opposition from health tech companies. The bill grants enforcement authority to the state attorney general rather than allowing private lawsuits. Read more 

Amazon Faces Lawsuit Over Alleged Location Data Tracking

Amazon is accused of violating federal wiretap laws and Washington’s My Health My Data Act by collecting location data without user consent. A lawsuit claims Amazon’s software tools embedded in apps harvested user data for advertising. The complaint alleges Amazon obtained biometric and health-related location data without permission. The case is the first under Washington’s new health data privacy law, which allows lawsuits for unauthorised data collection. Plaintiffs seek an injunction, damages, and the return of Amazon’s profits from the alleged violations. Amazon denies the claims and plans to defend itself in court. Read more