Category: Compliance Regulation

Last week, Canada’s federal privacy watchdog and its provincial counterparts in British Columbia, Alberta and Quebec announced an investigation to delve into whether the app complies with Canadian privacy legislation. Canadian Treasury Board President Mona Fortier said the federal government will also block the app from being downloaded on official devices in the future.

According to court documents, Jo Ann Macrina, 66, of Daytona Beach, Florida, served as the Commissioner of Atlanta’s Department of Watershed Management from 2011 through May 2016. During Macrina’s tenure, the City of Atlanta awarded millions of dollars in contracts to an architectural, design, and construction management and services firm based in Atlanta. Macrina took multiple steps to steer lucrative contracts toward the firm’s joint venture. Those actions included casting aside prior final scores ranking potential vendors where the joint venture ranked near the bottom, replacing two evaluators who previously represented the Department of Watershed Management with herself and Macrina’s employee, and scoring the joint venture higher than all other evaluators during a reevaluation.

In exchange for providing the firm’s executive vice president with access to confidential information and preferential treatment on City of Atlanta projects, Macrina was offered a job and accepted things of value. For instance, Macrina accepted $10,000 in cash, a diamond ring, a room at a luxury hotel in Dubai, and landscaping work at her home from the firm’s executive vice president either directly or through another employee of the firm. Shortly after Macrina’s employment with the City of Atlanta ended, she began working for the firm. Between June 2016 and September 2016, the firm and its executive vice president paid Macrina $30,000 in four separate payments.

Two Amazon marketplace sellers and four of their companies have pleaded guilty to price fixing DVDs and Blu Ray Discs. On Feb. 10 in U.S. District Court for the Eastern District of Tennessee, Bruce Fish of Hayfield, Minnesota, along with BDF Enterprises, Inc., a corporate entity owned by Fish, admitted to participating in a conspiracy to fix the prices of DVDs and Blu-Ray discs sold on the Amazon marketplace. Victor Btesh of Brooklyn, New York, and three New York corporate…

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies. This is the first enforcement action taken under the FTC’s Health Breach Notification Rule, which was issued in 2009. The FTC’s Health Breach Notification Rule defines a “breach of…

  The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind proposed order, filed by the Department of Justice on behalf of the FTC, GoodRx will be prohibited from sharing user health data with applicable third…

On January 4, 2023, the Irish Data Protection Commission (“DPC”) announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. (“Meta”) with respect to the company’s Instagram and Facebook platforms. As a result of the investigations, the DPC fined Meta a combined €390 million for breaches of the EU General Data Protection Regulation (“GDPR”) and, following consultation with the European Data Protection Board (“EDPB”), notably held that Meta can no longer rely on the GDPR’s…

On January 3, 2023, an Illinois state court entered a preliminary approval order for a settlement of nearly $300,000 in a class action lawsuit against Whole Foods for claims that the company violated the Illinois Biometric Information Privacy Act (“BIPA”). The plaintiffs alleged that Whole Foods unlawfully collected voiceprints from employees who worked at the company’s distribution centers.  In the case in the Circuit Court of Cook County, Illinois, Chancery Division, the plaintiffs alleged that, by requiring them to use…

The U.S. Supreme Court has rejected a bid by NSO Group to block a WhatsApp lawsuit accusing the Israeli tech firm of allowing mass cyberespionage of journalists and human rights activists. The Supreme Court denied NSO’s plea for legal immunity and ruled that the case, which targets the company’s Pegasus software, can continue in a California federal court, a court filing showed. Pegasus gives its government customers — which have allegedly included Mexico, Hungary, Morocco and India — near-complete access…

Ireland’s Data Protection Commission (DPC) announced on January 4, 2023, that it has fined Meta a total of €390 million after finding that the company’s Facebook and Instagram platforms lacked proper legal grounds for processing millions of Europeans’ personal data for targeted advertising. In addition to posing challenges for Meta’s business model, the DPC’s two decisions reflect growing disagreement among European data protection authorities (DPAs) on two fronts.  The first relates to the use of ‘contractual necessity’ as an appropriate…

On December 29, 2022, the French Data Protection Authority (the “CNIL”) announced that it imposed an €8,000,000 fine on Apple for violations of the French rules on targeted advertising and the use of cookies and similar tracking technologies. Background The CNIL received a complaint concerning Apple’s ad personalization practices on the App Store and carried out several investigations between 2021 and 2022. The CNIL’s investigations concluded that Apple was collecting the identifiers of users that visited the App Store using…

As 2022 comes to a close, is it possible to predict a trend for corporate and white-collar enforcement by the U.S. Department of Justice in 2023? Yes: enforcement will increase in 2023, and it will increase yet more in 2024. Understanding the Department as a dispersed, human institution that responds to incentives explains why.

According to the company’s admissions and court documents, between 2010 and 2014, Honeywell UOP conspired to offer an approximately $4 million bribe to a then-high-ranking executive of Petróleo Brasileiro S.A (Petrobras) in Brazil. Specifically, Honeywell UOP offered the bribe to secure improper advantages in order to obtain and retain business from Petrobras in connection with Honeywell UOP’s efforts to win an approximately $425 million contract from Petrobras to design and build an oil refinery called Premium.

On 2 November 2022, the Portuguese Data Protection Authority (“CNPD”) issued a Decision imposing a fine of € 4,300,000 (four million three hundred euros) to the National Institute of Statistics (“INE”) for multiple violations in the processing of data subjects’ sensitive data during the Census 2021 operation. Background On the 27th of April 2021, after launching an investigation into the transfer of personal data from INE to Cloudflare (a U.S. service provider engaged by INE for the operation of the…

Thrower alleged that from January 2008 through April 2017, Academy had an underwriting process that led employees to disregard FHA rules and falsely certify compliance with underwriting requirements. Thrower further alleged that, as a result of Academy’s knowingly deficient mortgage underwriting practices, the government paid insurance claims on loans improperly underwritten by Academy.

“Lenders that knowingly cause the government to guarantee loans that are materially deficient put both homeowners and the public fisc at risk,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “The settlement announced today is a result of the relator’s efforts to develop this case in litigation and complements the department’s actions to prevent abuse of government programs designed to foster home ownership.” 

On November 25, 2022, Ireland’s Data Protection Commission (“DPC”) released a decision fining Meta Platforms, Inc. (“Meta”) €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide. In the decision, the DPC argued that Meta failed to comply with the GDPR’s requirement of providing privacy “by design and default” when it failed to prevent the disclosure of users’ phone numbers, email addresses, full names, dates of birth and other personal information on…

On November 15, 2022, the Italian Supreme Court held that an Italian court or competent data protection authority has jurisdiction to issue a global delisting order. A delisting order requires a search engine to remove certain search results about individuals if the data subject’s privacy interests prevail over the general right to expression and information, and the economic interest of the search engine. The case was brought by an Italian individual, who requested a worldwide delisting order, concerning all versions…