Dan Cooper, Benjamin Haley, Deon Govender, Ahmed Mokdad, and Mosa Mkhize of Covington and Burling write: On April 7, 2025, South Africa’s Information Regulator announced a new requirement for organizations to report data breaches—referred to under local law as “security compromises”—via an online eServices Portal. The announcement marks a significant procedural shift in how companies must comply with…
Privacy on the Map: How States Are Fighting Location Surveillance
Rindala Alajaji of EFF writes: Your location data isn’t just a pin on a map—it’s a powerful tool that reveals far more than most people realize. It can expose where you work, where you pray, who you spend time with, and, sometimes dangerously, where you seek healthcare. In today’s world, your most private movements are…
Data Protection Commission Announces commencement of inquiry into X Internet Unlimited Company (XIUC)
11th April 2025 — The Data Protection Commission (DPC) has today announced the commencement of an inquiry into the processing of personal data comprised in publicly-accessible posts posted on the ‘X’ social media platform by EU/EEA users, for the purposes of training generative artificial intelligence models, in particular the Grok Large Language Models (LLMs). The…
Our Privacy Act Lawsuit Against DOGE and OPM: Why a Judge Let It Move Forward
On April 9, Adam Schwartz of EFF wrote: Last week, a federal judge rejected the government’s motion to dismiss our Privacy Act lawsuit against the U.S. Office of Personnel Management (OPM) and Elon Musk’s “Department of Government Efficiency” (DOGE). OPM is disclosing to DOGE agents the highly sensitive personal information of tens of millions of federal employees, retirees, and…