Get £100 OFF OFF all Instructor-Led Courses: CIPP/E | CIPM | CIPT - Use code HELLO100 at checkout.

Privacy In Focus | January

|

by Rhema Sijuwade

We bring you a round up of articles and updates in the data sphere

 

 

26 Jan.

$25 million lawsuit filed against Foot Locker

Foot Locker has been found to violate consumer privacy law by wiretapping the chat feature on their website and eavesdropping on customer conversations without their consent. This allowed third party companies to monitor these conversations and harvest data for their use. The complainant argued that this practice violates the California Invasion of Privacy Act which bans wiretapping and eavesdropping without the consent of affected parties.

 

Read more

 

 

25 Jan.

Luxembourg Bill: Storing personal data as an exception and not the rule

A bill presented in Luxembourg is proposing that the collection of personal data will be limited in quantity and substance, making the storage of personal data an exception and not the rule. The goal is to protect citizen rights whilst also allowing authorities access to data for safeguarding and national security. The exceptions will be IP addresses and ‘personal data linked to civic identity’ however, this data will only be stored for 6 months.

 

Read more

 

 

24 Jan.

The Federal Trade Commission focus efforts on limiting corporate surveillance

The FTC’s Division of Consumer Protection seek to safeguard consumers from companies that track their online behavior’s and target them with personalised adverts. The Trade Commission aim to offer these protections through creating clear rules on how companies can keep consumer data private and safe. The FTC are also monitoring companies who use dark patterns and have already imposed a hefty $100 million fine on Vonage Holdings Corp for use of dark patterns in November 2022.

 

Read more

 

 

23 Jan.

UK ICO offers data protection guidance to SMEs

The ICO stated that incorporating good data protection practices from the outset will save businesses time and money whilst also increasing customer confidence. Lack of trust toward businesses is evident, with an ICO survey showing 91% of people worry about their personal information being sold to third party companies. The Commissioner’s Office have provided some tips for beginners in business; ranging from listing the information that needs to be collected to, having a data breach action plan in place.

 

Read more

 

 

20 Jan.

WhatsApp fined more than €5 million by the Irish DPC

The Irish Data Protection Commission have issued a relatively low fine of € 5.5 million to WhatsApp for breaching the EU’S GDPR. The popular messaging app was found to breach transparency regulations by only allowing users to access the app if they agreed to the terms of service. Initially, the DPC did not want to impose this sum as, they had previously fined WhatsApp € 225 million for similar transparency breaches. However, upon the European Data Protection Board’s findings, the Irish data watchdog has been directed to impose this penalty.

 

Read more

 

 

19 Jan.

ICO shifts away from big fines to focus on preventative measures

It appears that the Information Commissioner’s Office have adopted a different approach than European data protection authorities. The UK’s data watchdog seeks to implement a preventative approach to data breaches instead of issuing big fines.  John Edwards, head of the ICO, has expressed that hitting companies with big fines is inefficient and could be more harmful in the long run. Instead, Edwards believes the more effective approach is to prevent data protection breaches through ‘providing clarity and certainty to data protection laws’.

 

Read more

 

 

18 Jan.

Apple launches new security updates

— 

Apple has begun their increased data protection role out with the introduction of major security updates. These data protection tools have been introduced to combat user data stored in the cloud from being stolen. ‘Advanced Data Protection’ is a new feature that secures iCloud backups with end-to-end encryption, meaning only people who have access to the trusted device can see this data. Apple have also introduced iMessage Contact Key Verification, specifically for journalists, human rights activists and members of government who may experience cloud server breaches resulting in tapped telephone calls. These updates will be available in the iOS 16.3 update.

 

Read more

 

 

17 Jan.

European data protection authorities issue €2.92 billion in GDPR fines

 —

A GDPR and Data Breach survey carried out by DLA Piper has shown that fines issued by European data protection authorities have increased by 168% since 2021. The biggest fine being €405 million issued against Meta for allegedly failing to protect children’s personal data. It appears that the increase in fines is due to greater focus toward artificial intelligence. The growing use of AI has presented more threats to the protection of personal data. These fines indicate that data protection authorities are growing in confidence, showing they are willing to punish any company who violate data protection laws.

 

Read more

 

 

16 Jan.

TikTok announce transparency plan to avoid complete ban in the U.S.

 —

TikTok has revealed a transparency plan to quell U.S. government concerns over the app’s link to the Chinese government. The Wall Street Journal reported that TikTok has announced a $1.5 billion plan to change it’s U.S. operations. An independent monitor will be reviewing TikTok’s data protection practices and algorithms. A spokesperson has stated that they have already made progress and aim to complete implementing these changes in order to address concerns. However, U.S. government officials doubt that this ‘new plan’ is substantial enough to pacify lawmakers.

 

Read more

 

 

13 Jan.

Meta sues ‘data scraping for hire’ service

 —

Meta sues Voyager Labs for collecting information from 600,000 users in an effort to ‘crack down on data scraping for hire’. Many social media platforms such as Facebook, YouTube, Instagram, LinkedIn and Telegram have been targeted in data scraping campaigns. Meta alleged that Voyager used 38,000 fake accounts to collect data from Facebook user accounts through posts, group membership and friend lists. Voyager has been found to assist law enforcement in acquiring information on potential suspects through use of their investigative software. Meta have stated that they seek to protect their users from campaigns such as these.

 

Read more

 

 

12 Jan.

Twitter disputes that leaked data was hacked from its systems

 —

Earlier this week, it was reported that the email addresses of over 200 million Twitter users were obtained due to a hack. The emails linked to these accounts could be downloaded by anyone who paid a small fee.  Twitter have refuted this claim, stating that there is no evidence the data was harvested due to ‘flaws in their systems’. Security researchers reported that the data was a compilation of previous leaks.

 

Read more

 

 

11 Jan.

France fines TikTok 5 million euros for online tracking failures

 —

The CNIL found that it was harder for users to reject online tracking on TikTok than it was to accept. They also found that users were not provided with enough information surrounding TikTok’s use of cookies. Representatives of the popular app have stated that these issues have since been addressed, making it easier for users to reject non-essential cookies. They also highlighted their cooperation throughout the investigation.

 

Read more

 

 

10 Jan.

5 easy ways to protect your data in 2023

— 

Incorporating data protection practices into our lives should be prioritized. With the increase in scams, data breaches and hacks, it is important that we remain vigilant and knowledgeable on how to protect ourselves on the internet. The linked article provides tips ranging from using unique passwords to regularly updating your apps.

 

Read more

 

 

09 Jan.

Algorithmic Transparency Recording Standard

 —

The Central Digital and Data Office and Centre for Data Ethics and Innovation are working alongside public sector organizations, helping them provide information regarding the algorithmic tools they use. The government aims to promote greater algorithmic transparency as part of the National Data Strategy. Greater transparency means that organizations are required to be open about how algorithmic tools support decisions.

 

Read more

 

 

06 Jan.

Meta fined €390 million by the Irish DPC

 — 

The Irish Data Protection Commissioner alleged that Meta breached GDPR rules by unlawfully processing data for advertising purposes. Meta relied on the legal basis of consent to process user data. However, if users did not consent to how their data would be used, they could not use the social media platform. Privacy campaigners have applauded this decision, it gives users the ability to decide if their data is used for targeted online advertisements. Meta plan to appeal the fine.

 

Read more