France's data protection authority, the Commission nationale de l'informatique et des libertés, fined Apple 8 million euros over alleged nonconsensual advertisement tracking. Investigations carried out in 2021 and 2022 found iPhone IOS 14.6 users had identifiers attached to their devices for the purpose of serving personalized ads without consent as they entered Apple's App Store.
There's overwhelming evidence that 2022 was a banner year for privacy and data protection. As the privacy community shifts attention to 2023, it's worth wondering whether this year will prove as busy and unprecedented as the last. Goodwin Procter Partner and IAPP Westin Emeritus Fellow Omer Tene expects the new year to "call and raise" the privacy activity of 2022. Tene offers his predictions on U.S. state and federal privacy matters as well as the international outlook.Full Story
The Office of the Attorney General for the District of Columbia announced a $9.5 million settlement with Google over use of "dark patterns" that led to user location data collection.
Wired reports the 2020 hack of the encrypted phone network EncroChat by police across Europe, led by French and Dutch law enforcement authorities, resulted in legal challenges. Access to the system revealed 100 million messages and led to the arrest of thousands of EncroChat users. Lawyers are disputing the legality of the data access and say hacked messages should not be used as evidence in court.Full Story
The Washington Post reports hackers disclosed records and email addresses from 235 million Twitter accounts on a public forum. The information was reportedly collected using a flaw in Twitter’s system that allowed outsiders to gain access to an unlimited list of email addresses and phone numbers. The exposure comes as the U.S.
E-commerce company Shopify launched "Audiences," a marketing tool that enables retailers to pool customer data and target ads through Meta and Google's advertising platforms, the Financial Times reports. Marketers can then target ads to customers who purchased similar items from another retailer. The tool is designed to bypass Apple's privacy settings.
In an op-ed for The Wall Street Journal, lawyer Sanford Young said electronic court filings mean sensitive data is "forever accessible to anyone with access to the internet." Searches on court websites can lead to downloadable, and typically unencrypted, case dockets and papers revealing sensitive personal information — including medical, psychiatric and financial records. "Court-system websites are becoming treasure troves of confidential information.
Join members of the IAPP Research and Insights Team Jan. 18 as they share their top three areas of focus for privacy program management, privacy law and privacy technology as 2023 begins.
Ireland's Data Protection Commission adopted final decisions on two inquiries into Meta's Facebook and Instagram, fining the company a total of 390 million euros and potentially leading to an upheaval of its personalized advertising model in the EU. The DPC announced Meta's basis for seeking user permission to collect data for personalized advertising is invalid and gave the company three months to bring its data processing operations into compliance with the EU General Data Protection Regulation.
Life Hope Labs reached a $16,500 settlement with the Office for Civil Rights at the U.S. Department of Health and Human Services over a potential violation of the Health Insurance Portability and Accountability Act Privacy Rule's right of access provision. The Georgia-based diagnostic laboratory will also implement a corrective action plan, including two years of OCR monitoring.