The German Federal Court of Justice recently clarified online platforms' liability for user-generated content, ruling platforms aren't directly liable without knowledge but must act swiftly upon notification, significantly impacting digital service providers across Europe.
Australia’s eSafety Commissioner ordered Telegram to pay AUD 1 million for ignoring transparency obligations. Officials requested details on terrorist and child sexual content steps, but Telegram delayed months, triggering enforcement under the Online Safety Act.
On 28 February 2025, Japan’s Cabinet announced significant plans to introduce a Bill to promote research, development, and practical application of artificial intelligence technologies. The legislation focuses on transparency, protection of rights, and international cooperation.
The Federal Trade Commission has charged GoDaddy with inadequate cybersecurity practices and deceptive claims about data protection. Allegations include repeated breaches, weak safeguards, and failure to protect millions of users' sensitive information effectively.
The Federal Trade Commission (FTC) has filed a formal complaint against GoDaddy Inc. and its subsidiary GoDaddy.com, LLC, alleging that the website hosting giant failed to implement adequate data security measures, compromising the safety of millions of customers' data.
The complaint outlines a litany of issues, painting a picture of systemic security lapses that have plagued GoDaddy’s operations since at least 2018.
Bureau of Competition
GoDaddy, a leader in domain registration and hosting services, is accused of making misleading claims about its data security practices.
According to the FTC, GoDaddy assured customers that their websites and data were secure, while failing to implement basic safeguards such as multi-factor authentication (MFA), adequate asset tracking, and regular risk assessments.
These shortcomings exposed customers to risks including malware, unauthorised access, and stolen credentials.
The FTC's complaint specifically highlights incidents from 2019 to 2022, during which GoDaddy's systems were repeatedly compromised.
In one case, a threat actor gained access to sensitive customer data by exploiting vulnerabilities in GoDaddy’s hosting environment.
These incidents not only jeopardised website owners but also the visitors to their sites, potentially leading to identity theft, financial fraud, and other harms.
The FTC's filing dives deep into GoDaddy's alleged failures, painting a damning picture of negligence. Key accusations include:
These lapses allowed threat actors to repeatedly infiltrate GoDaddy's systems, with one group reportedly remaining undetected for six months.
The consequences of GoDaddy’s security failures have been far-reaching. Customers using GoDaddy’s shared hosting services suffered losses ranging from stolen payment details to reputational damage caused by malicious redirects.
The FTC noted that the company’s actions—or lack thereof—forced customers to spend considerable time and resources addressing these issues.
One of the most egregious breaches occurred in 2020, when attackers replaced critical server files with malicious versions, stealing credentials for nearly 28,000 accounts.
Even after discovering the breach, GoDaddy struggled to fully remediate the issue, leading to further compromises in subsequent years.
Compounding the issue, GoDaddy marketed itself as a secure and trustworthy hosting provider, claiming to monitor and protect customers around the clock.
The FTC alleges these claims were false and misled consumers into believing their data was safe.
In reality, GoDaddy's own systems were poorly secured, and its assurances of safety were nothing more than empty promises.
The settlement order between the FTC and GoDaddy contains several legally binding provisions designed to address the company's data security failures and prevent future violations.
Key aspects of the settlement include:
GoDaddy and its affiliates are prohibited from making misleading claims about the security, confidentiality, and integrity of their hosting services or the privacy measures protecting customer data.
This provision specifically targets false assurances in advertising or customer communications.
GoDaddy is required to implement a comprehensive, documented information security programme. This programme must:
An independent, qualified third party must conduct biennial assessments of GoDaddy’s compliance with the order's requirements.
These assessments will verify the effectiveness of GoDaddy’s information security measures.
GoDaddy must:
The company is obligated to retain key documents related to their security measures, customer complaints, and advertisements for inspection by the FTC.
The order also grants the FTC authority to monitor GoDaddy’s compliance through interviews, document reviews, and direct investigations.
The settlement order will remain in effect for 20 years unless extended due to future legal violations.
Italy has enforced new rules requiring digital devices to support parental control apps, ensuring parents can monitor children's online activity. The law also prevents companies from using collected data for advertising or profiling, strengthening privacy protections.
The CFPB seeks to categorise certain data brokers as consumer reporting agencies under Regulation V. Doing so would tighten obligations, require more transparency, and ensure consumers can see, correct, and control their own information.
House Bill H.210, introduced in Vermont, outlines new guidelines for digital platforms handling minors’ data. By mandating default high-privacy settings and transparent practices, legislators aim to reduce risks of emotional harm and excessive data harvesting.
Both GDPR and HIPAA are key regulations focused on protecting sensitive data. GDPR applies to personal data of EU residents, while HIPAA governs healthcare data in the U.S. Organisations must comply with both for international operations.
Follow the latest Tech Law news and updates about AI, Digital Assets, Internet Law, Data Protection, LawTech.
