Category: Surveillance & Privacy

Ireland’s Data Protection Commission (DPC) announced on January 4, 2023, that it has fined Meta a total of €390 million after finding that the company’s Facebook and Instagram platforms lacked proper legal grounds for processing millions of Europeans’ personal data for targeted advertising. In addition to posing challenges for Meta’s business model, the DPC’s two decisions reflect growing disagreement among European data protection authorities (DPAs) on two fronts.  The first relates to the use of ‘contractual necessity’ as an appropriate…

On December 29, 2022, the French Data Protection Authority (the “CNIL”) announced that it imposed an €8,000,000 fine on Apple for violations of the French rules on targeted advertising and the use of cookies and similar tracking technologies. Background The CNIL received a complaint concerning Apple’s ad personalization practices on the App Store and carried out several investigations between 2021 and 2022. The CNIL’s investigations concluded that Apple was collecting the identifiers of users that visited the App Store using…

An internal investigation by parent company ByteDance confirms that employees obtained personal data from reporters who were probing Beijing’s influence on the app’s activities ByteDance, the Chinese technology giant that owns TikTok, admitted Thursday that several employees of the social network spied on journalists from Forbes magazine who were investigating the link between the company’s US branch and China. The information first came to light in October but was confirmed on December 23 by Forbes, which had access to an…

German authorities said on Thursday they had arrested an employee of its foreign intelligence service (BND) on suspicion of sharing state secrets with Russia this year and thereby committing treason. Police arrested the suspect, a German citizen identified as Carsten L, on Wednesday in Berlin, the federal prosecutors office said. It said police also raided his flat and workplace as well as those of another person. “The accused is suspected of state treason,” federal prosecutors said in a statement. “In…

Meta Platforms Inc CEO Mark Zuckerberg’s Chan-Zuckerberg Initiative-backed Byju’s —​​India’s largest online education firm — has been accused of bullying parents to buy courses. What Happened: India’s National Commission for Protection of Child Rights, or NCPCR, said the edtech company is targeting first-generation learners and forcing parents to buy courses after purchasing their phone numbers, ANI reported. Priyank Kanoongo, the chairperson of NCPCR, said that the body has initiated action and will send a report to the government. “We came…

The Department of Justice, together with the Federal Trade Commission (FTC), today announced a settlement that, if approved by a federal court, will require Epic Games Inc. (Epic Games) to pay $275 million in civil penalties as part of a settlement to resolve alleged violations of the Children’s Online Privacy Protection Act (COPPA), the Children’s Online Privacy Protection Rule (COPPA Rule), and the Federal Trade Commission Act. Epic Games will also be subject to a permanent injunction regarding children’s personal…

On 2 November 2022, the Portuguese Data Protection Authority (“CNPD”) issued a Decision imposing a fine of € 4,300,000 (four million three hundred euros) to the National Institute of Statistics (“INE”) for multiple violations in the processing of data subjects’ sensitive data during the Census 2021 operation. Background On the 27th of April 2021, after launching an investigation into the transfer of personal data from INE to Cloudflare (a U.S. service provider engaged by INE for the operation of the…

Ocenture LLC, a privately held company headquartered in Jacksonville, Florida, and its subsidiary, Carelumina LLC (collectively, “Ocenture”), have agreed to pay $3 million to resolve allegations that they caused the submission of false claims to Medicare by paying and receiving kickbacks in connection with genetic testing samples. The United States alleged that Ocenture participated in a genetic testing fraud scheme with other marketers and clinical laboratories. As part of the alleged scheme, Ocenture solicited genetic testing samples from Medicare beneficiaries…

On November 25, 2022, Ireland’s Data Protection Commission (“DPC”) released a decision fining Meta Platforms, Inc. (“Meta”) €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide. In the decision, the DPC argued that Meta failed to comply with the GDPR’s requirement of providing privacy “by design and default” when it failed to prevent the disclosure of users’ phone numbers, email addresses, full names, dates of birth and other personal information on…

Listen to this post

As reported in the the Retail Industry Law Resource blog:
Plaintiff’s firms continue to file variations of state law wiretapping lawsuits over “session replay” software and “live chat” or “chatbot” applications in various jurisdictions. These filings typically allege that companies use such software tools to record users’ interactions with a website without first obtaining users’ consent, thereby violating the wiretapping, eavesdropping, or interception provisions of various state laws. Session replay software allows companies to record and play back user’s interactions on its websites. The “live chat” or “chatbot” feature allows a website user to engage in text conversations with an assistant, to which chat the company has access. These wiretapping claims threaten substantial penalties. Companies that use these web-tracking tools, however, can take steps to protect themselves from these lawsuits by a careful examination of the software being used and by evaluating what disclosures or consent may be warranted.

Plaintiffs’ claims arise from the wiretapping or interception provisions of various state laws that prohibit the recording of confidential communications without the consent of all parties to the communication. California courts, for example, have experienced a surge of class action filings pursuant to the California Invasion of Privacy Act (“CIPA”). Specifically, section 631 of CIPA prohibits (1) intentional wiretapping of any telegraph or telephone wire, line, or cable; (2) willfully and without the consent of all parties attempting to learn the contents of a communication in transit; and (3) attempting to use or communicate information obtained as a result of engaging in either activity. CIPA entitles plaintiffs to $5,000 per violation. A violation arguably occurs each time a user visits a website. Thus, these penalties can grow quickly.
Further, recent case law has encouraged the Plaintiffs’ bar with favorable interpretations of these state statutes. For example, the Third Circuit recently took a narrow view of the direct-party exception defense under Pennsylvania’s Wiretapping and Electronic Surveillance Control Act, resulting in the initiation of several class actions. The direct-party exception works to exempt a party from liability pertaining to communications directly with another party. In Popa v. Harriet Carter Gifts, Inc., however, the Third Circuit held that the legislature “codified only a law-enforcement exception, thus limiting any direct-party exception to that context” and remanded the case for further consideration by the District Court, which had not reached the issue of consent. Thus, companies facing claims under the Pennsylvania statute cannot avoid liability merely by showing that plaintiff and the company were the direct parties to the communication. If successful, the Pennsylvania statute entitles plaintiffs to $100 a day for each day of violation, or $1,000, whichever is higher.
Accordingly, it is important for companies to be aware of how their website software is being utilized, what information they and their vendors are collecting from website users, and what disclosures or consents may be warranted in light of the above. User consent is consistently a defense under state wiretapping statutes. Therefore, companies should evaluate their website terms of service and privacy policies to confirm that they include sufficient and clear disclosures and/or obtain user consent depending on the type of activity taking place on company websites by the company and its service providers.

June 26, 2022. Are Twitter, TikTok, Facebook and other social media platforms hiring from the FBI, military, NATO, CIA and U.S. State Department? It seems they are. This hiring tendency has not been widely reported in mainstream news because the revelation seems to have originated in an investigation by Russian media sources. Much of the evidence for the claim, however, is publicly verifiable. Here are some examples you can verify for yourself.

June 17, 2022. In a blow to press freedom, the United Kingdom has approved the extradition of WikiLeaks founder Julian Assange to the United States to face espionage charges related to the publication of classified documents exposing U.S. war crimes. Home Secretary Priti Patel signed off on the transfer after the U.K. Supreme Court denied Assange’s appeals earlier this year, part of a years-long legal battle that rights groups have decried as an attack on journalism and free speech. Assange…

June 15, 2022. Eva K Bartlett: RT had me on yesterday to discuss Ukraine’s kill list & my entry on it. I highlighted Canada’s cozy relationship with Ukraine, including with the Nazi battalions, Chrystia Freeland’s Nazi-collaborating grandpa , and why I feel safer living in Russia than I would were I back in Canada where Ukrainian nationalists & Nazi supporters run rampant and could easily harm or kill me. I also spoke of how while independent Canadian media reached out…

June 1, 2022. Public inquiry into the federal government’s unprecedented use of the Emergencies Act seeks access to cabinet secrets. The public inquiry into the federal government’s unprecedented use of the Emergencies Act wants access to cabinet secrets as it warns it will be hard to complete its work by next February, as required under a legally-mandated timeline. In its first substantial move since Ontario judge Paul Rouleau was appointed in April to lead the inquiry, the Public Order Emergency…

May 31, 2022. The Department of Justice, together with the Federal Trade Commission (FTC), announced a settlement that, if approved by a federal court, will require Twitter Inc. to pay $150 million in civil penalties and implement robust compliance measures to protect users’ data privacy. The settlement will resolve allegations that Twitter violated the FTC Act and an administrative order issued by the FTC in March 2011 by misrepresenting how it would make use of users’ nonpublic contact information. In…