Category: Compliance Regulation

On 2 November 2022, the Portuguese Data Protection Authority (“CNPD”) issued a Decision imposing a fine of € 4,300,000 (four million three hundred euros) to the National Institute of Statistics (“INE”) for multiple violations in the processing of data subjects’ sensitive data during the Census 2021 operation. Background On the 27th of April 2021, after launching an investigation into the transfer of personal data from INE to Cloudflare (a U.S. service provider engaged by INE for the operation of the…

Thrower alleged that from January 2008 through April 2017, Academy had an underwriting process that led employees to disregard FHA rules and falsely certify compliance with underwriting requirements. Thrower further alleged that, as a result of Academy’s knowingly deficient mortgage underwriting practices, the government paid insurance claims on loans improperly underwritten by Academy.

“Lenders that knowingly cause the government to guarantee loans that are materially deficient put both homeowners and the public fisc at risk,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “The settlement announced today is a result of the relator’s efforts to develop this case in litigation and complements the department’s actions to prevent abuse of government programs designed to foster home ownership.” 

On November 25, 2022, Ireland’s Data Protection Commission (“DPC”) released a decision fining Meta Platforms, Inc. (“Meta”) €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide. In the decision, the DPC argued that Meta failed to comply with the GDPR’s requirement of providing privacy “by design and default” when it failed to prevent the disclosure of users’ phone numbers, email addresses, full names, dates of birth and other personal information on…

On November 15, 2022, the Italian Supreme Court held that an Italian court or competent data protection authority has jurisdiction to issue a global delisting order. A delisting order requires a search engine to remove certain search results about individuals if the data subject’s privacy interests prevail over the general right to expression and information, and the economic interest of the search engine. The case was brought by an Italian individual, who requested a worldwide delisting order, concerning all versions…

May 31, 2022. The Department of Justice, together with the Federal Trade Commission (FTC), announced a settlement that, if approved by a federal court, will require Twitter Inc. to pay $150 million in civil penalties and implement robust compliance measures to protect users’ data privacy. The settlement will resolve allegations that Twitter violated the FTC Act and an administrative order issued by the FTC in March 2011 by misrepresenting how it would make use of users’ nonpublic contact information. In…

May 10, 2022. The Centers for Disease Control and Prevention (CDC) bought access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation, according to CDC documents obtained by Motherboard. The documents also show that although the CDC used COVID-19 as a reason to buy access to the data more quickly,…

May 9, 2022. Facial recognition company Clearview AI has agreed to stop its sales to private companies in the United States as part of a landmark settlement reining in a technology criticized as threatening Americans’ privacy rights. The settlement, filed Monday in federal court in Illinois, marks the most significant court action yet against Clearview AI, a company known for downloading billions of people’s photos from social networks and other websites to build a face-search database sold to law enforcement….

Video

The ACLU published thousands of pages of previously unreleased records showing that the Department of Homeland Security (DHS) are sidestepping the constitutional right against unreasonable government search and seizure.  DHS has been buying access to and using large volumes of cell phone location information that has been “quietly extracted from smartphone apps” of U.S. citizens and others — using their own tax dollars. In 2018, the Supreme Court ruled in Carpenter v. United States that the government needs a warrant…