Category: Surveillance & Privacy

Last week, Canada’s federal privacy watchdog and its provincial counterparts in British Columbia, Alberta and Quebec announced an investigation to delve into whether the app complies with Canadian privacy legislation. Canadian Treasury Board President Mona Fortier said the federal government will also block the app from being downloaded on official devices in the future.

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies. This is the first enforcement action taken under the FTC’s Health Breach Notification Rule, which was issued in 2009. The FTC’s Health Breach Notification Rule defines a “breach of…

“Spanish authorities must conduct a full, fair, and effective investigation into these allegations, publish the findings and stop any unlawful interference into the fundamental rights of the Catalan minority activists in Spain,” they said in a statement. Top leaders arrested Following the October 2017 independence referendum, Spain arrested leaders of the Catalonian independence movement on charges of sedition. The alleged spying occurred between that year and 2020, with most incidents taking place soon after the vote. Mobile phones of at least…

  The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind proposed order, filed by the Department of Justice on behalf of the FTC, GoodRx will be prohibited from sharing user health data with applicable third…

On January 4, 2023, the Irish Data Protection Commission (“DPC”) announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. (“Meta”) with respect to the company’s Instagram and Facebook platforms. As a result of the investigations, the DPC fined Meta a combined €390 million for breaches of the EU General Data Protection Regulation (“GDPR”) and, following consultation with the European Data Protection Board (“EDPB”), notably held that Meta can no longer rely on the GDPR’s…

On January 3, 2023, an Illinois state court entered a preliminary approval order for a settlement of nearly $300,000 in a class action lawsuit against Whole Foods for claims that the company violated the Illinois Biometric Information Privacy Act (“BIPA”). The plaintiffs alleged that Whole Foods unlawfully collected voiceprints from employees who worked at the company’s distribution centers.  In the case in the Circuit Court of Cook County, Illinois, Chancery Division, the plaintiffs alleged that, by requiring them to use…

The U.S. Supreme Court has rejected a bid by NSO Group to block a WhatsApp lawsuit accusing the Israeli tech firm of allowing mass cyberespionage of journalists and human rights activists. The Supreme Court denied NSO’s plea for legal immunity and ruled that the case, which targets the company’s Pegasus software, can continue in a California federal court, a court filing showed. Pegasus gives its government customers — which have allegedly included Mexico, Hungary, Morocco and India — near-complete access…

Ireland’s Data Protection Commission (DPC) announced on January 4, 2023, that it has fined Meta a total of €390 million after finding that the company’s Facebook and Instagram platforms lacked proper legal grounds for processing millions of Europeans’ personal data for targeted advertising. In addition to posing challenges for Meta’s business model, the DPC’s two decisions reflect growing disagreement among European data protection authorities (DPAs) on two fronts.  The first relates to the use of ‘contractual necessity’ as an appropriate…

On December 29, 2022, the French Data Protection Authority (the “CNIL”) announced that it imposed an €8,000,000 fine on Apple for violations of the French rules on targeted advertising and the use of cookies and similar tracking technologies. Background The CNIL received a complaint concerning Apple’s ad personalization practices on the App Store and carried out several investigations between 2021 and 2022. The CNIL’s investigations concluded that Apple was collecting the identifiers of users that visited the App Store using…

An internal investigation by parent company ByteDance confirms that employees obtained personal data from reporters who were probing Beijing’s influence on the app’s activities ByteDance, the Chinese technology giant that owns TikTok, admitted Thursday that several employees of the social network spied on journalists from Forbes magazine who were investigating the link between the company’s US branch and China. The information first came to light in October but was confirmed on December 23 by Forbes, which had access to an…

German authorities said on Thursday they had arrested an employee of its foreign intelligence service (BND) on suspicion of sharing state secrets with Russia this year and thereby committing treason. Police arrested the suspect, a German citizen identified as Carsten L, on Wednesday in Berlin, the federal prosecutors office said. It said police also raided his flat and workplace as well as those of another person. “The accused is suspected of state treason,” federal prosecutors said in a statement. “In…

Meta Platforms Inc CEO Mark Zuckerberg’s Chan-Zuckerberg Initiative-backed Byju’s —​​India’s largest online education firm — has been accused of bullying parents to buy courses. What Happened: India’s National Commission for Protection of Child Rights, or NCPCR, said the edtech company is targeting first-generation learners and forcing parents to buy courses after purchasing their phone numbers, ANI reported. Priyank Kanoongo, the chairperson of NCPCR, said that the body has initiated action and will send a report to the government. “We came…

The Department of Justice, together with the Federal Trade Commission (FTC), today announced a settlement that, if approved by a federal court, will require Epic Games Inc. (Epic Games) to pay $275 million in civil penalties as part of a settlement to resolve alleged violations of the Children’s Online Privacy Protection Act (COPPA), the Children’s Online Privacy Protection Rule (COPPA Rule), and the Federal Trade Commission Act. Epic Games will also be subject to a permanent injunction regarding children’s personal…