Spotify fined over $5 million for violating the GDPR
The Swedish Authority for Privacy Protection fined Spotify SEK 58 million ($5.4 million) for failure to adequately inform users on how their data is processed. This violation breaches the transparency principle of the GDPR. Spotify’s lack of transparency has brought into question the lawfulness of how the company processes data. Previously in 2019, NOYB found that the popular music streaming company failed to give users all of their data upon request and did not specify why user data is collected. As a result of the fine, Spotify is actively resolving the transparency issues highlighted.
Apple increases privacy settings on Safari
Apple has updated the web browser ‘Safari’ by increasing its privacy settings. The new updates include tracking protection which stops websites from tracking user online activity. Users will now have to opt-in to access webpage extensions under the Enhanced Extension Control update. When private browsing, user IP address locations will be more general, consisting of country and time zone. In addition, Safari’s private browsing boost will automatically lock webpages when they are not being used, to protect potentially sensitive information.
Denmark aims to decrease the collection of data from children
Denmark seeks to reduce the large amounts of children’s data being collected by big tech companies such as Snapchat and Meta. This will be achieved by increasing the age of consent for collection of personal data from 13 to 16 years old. The future legislation will require big tech companies to obtain parental consent before processing the data of children younger than 16 years old. Germany has already set the age limit for data collection consent to 16 and many other European countries are looking to implement similar laws.
Dutch privacy watchdog requests information from ChatGPT on how user data is processed
The Dutch data protection watchdog (AP) has requested more information from OpenAI on how ChatGPT processes the data of over its 1.5 million Dutch users. Like many other countries, the AP is concerned with how and why ChatGPT collects user information. The data protection authority wants to know what information and questions are used to train the chatbot, how the platform generates answers and if the answers are accurate, and if OpenAI can rectify or delete inaccurate data. Privacy regulators across Europe have joined their efforts to create a ChatGPT task force, to address the multitude of privacy concerns.
Thames Valley Police released personal witness information to suspected criminals
The ICO has issued a reprimand to Thames Valley Police for failure to protect witness data. The police service released the address of the witness to the criminal suspects as a result of inadequate police training on disclosure and redaction. Due to this data breach, the witness had to move house for their safety. In the reprimand, the ICO stated the importance of handling sensitive data with the utmost care and emphasized the importance of protecting crime-related data due to the impact that data breaches have on the victim. The data watchdog recommended that all staff should be properly trained in redactions and disclosures.
FTC fines Amazon $25 million for violating child privacy laws
The U.S. Federal Trade Commission has fined Amazon $25 million for violating the Child Online Privacy Protection Act (COPPA). The FTC has stated that Amazon’s ‘Alexa’ unlawfully stored data, such as children’s voices, on the device. In addition, parents were misled to believe that Alexa had deleted their children’s data upon request when in reality, it was found that the data was not completely deleted. The FTC has also ordered Amazon to employ more stringent privacy practices. Amazon has denied accusations of unlawful practices, stating that its products are built with privacy in mind.