Hello Friends,
Facebook owner Meta Platforms is facing a potentially large fine for violating children’s privacy on its Instagram service, months after the company set aside hundreds of millions of euros to cover the cost of regulatory inquiries.
In another part of the world, the Personal Data Protection Commission of Singapore has launched a data anonymization tool. The tool is free and is intended to assist organizations to transform data sets through anonymization techniques.
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
Privacy Enforcement
Meta Faces Large Fine For Breaching Children’s Privacy On Instagram Service
Facebook owner Meta Platforms is facing a potentially large fine for violating children’s privacy on its Instagram service, months after the company set aside hundreds of millions of euros to cover the cost of regulatory inquiries.
The proposed fine from Irish data regulator Helen Dixon is the first relating to breaches of children’s data rights in a cross-border investigation since she took on pan-European powers in 2018 to enforce the EU’s new privacy regime.
Italy's DPA Fines Uber 4.2M Euros For Data Processing Violations
Italy's data protection authority, the Garante, fined ridesharing platform Uber 4.2 million euros for alleged data processing violations. The Garante found a subsidiary of Uber processed users’ personal data without consent and without notifying supervisory agencies. Approximately 57 million users worldwide were affected.
FTC Fines Twitter $150M For Deceptive Data Collection
The Federal Trade Commission alleged Twitter deceptively used Twitter users’ phone numbers and email addresses, which were collected for security purposes, for other purposes from 2014 to 2019. Users provided phone numbers or email addresses to Twitter for a variety of security purposes, such as for two-factor authentication or to unlock an account where Twitter detected suspicious or malicious activity.
Twitter would then use this contact information to allow advertisers to target specific groups of Twitter users by matching the telephone numbers and email addresses that Twitter collected to the advertisers’ lists of telephone numbers and email addresses, or to import marketing lists from data brokers for matching purposes
Data Breach
US Car Giant General Motors Hit By Cyber-Attack Exposing Car Owners' Personal Info
US automobile manufacturer General Motors (GM) announced that it was hit by a credential stuffing attack in April’22 that exposed customer information and allowed hackers to redeem rewards points for gift cards. GM said that they detected the malicious login activity between April 11-29 2022.
Privacy Regulations
Brazil ANPD Issues Recommendations For The Adequacy Of The Brazil Government Portal's Cookie Collection Practice
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, suggested recommendations to the Brazilian government regarding its use of third-party cookies.
The regulator suggested modifications to the government's cookie banner, including updating to an opt-in consent-based mechanism, and other general cookie policy updates.
Andorra's LQPD Takes Force
The Andorran Data Protection Agency announced the Qualified Personal Data Protection law entered into force on 17 May. The agency said the LQPD "includes new obligations for data controllers and new rights for those concerned," as well as a data protection officer requirement, and aims to "adapt to the new paradigms and equate our regulatory framework with the standards of protection guaranteed at European level."
Privacy In Spotlight
Singapore's PDPC Creates Data Anonymization Tool
The Personal Data Protection Commission of Singapore launched a data anonymization tool. The tool is free and is intended to assist organizations to transform data sets through anonymization techniques. The tool also features an infographic that instructs users on how to use it.
Singapore Launches First Of Its Kind AI Governance Testing Framework
Singapore launches A.I. Verify - the world’s first AI Governance Testing Framework and Toolkit for companies who want to demonstrate responsible AI in an objective and verifiable manner. This was announced by Singapore’s Minister for Communications and Information at the World Economic Forum Annual Meeting in Davos.
A.I. Verify – currently a Minimum Viable Product (MVP), aims to promote transparency between companies and their stakeholders through a combination of technical tests and process checks.
European Commission Publishes Q&A On SCCs For Data Transfers
The European Commission published a Q&A on standard contractual clauses for data transfers under the EU General Data Protection Regulation. On Dec. 27, a new set of SCCs for international data transfers will replace existing SCCs. The Q&A offers practical guidance on the use of SCCs and assists stakeholders in compliance efforts. This document is intended to be a ‘dynamic’ source of information and will be updated as new questions arise.
UK ICO Creates Children’s Best Interests Self-Assessment
The U.K. Information Commissioner’s Office created tools, templates, and guidance to help online services assess whether they are considering the best interests of children in design and development as required by the U.K. Children’s Code. The self-assessment includes steps to understand children’s best interests under the United Nations Convention on the Rights of the Child, outlined in the code’s standard, support in identifying how common uses of data can impact children’s rights, and guidance on creating an action plan to address risks.
DuckDuckGo Browser Allows Microsoft Trackers, Per Agreement
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.
While DuckDuckGo does not store any personal identifiers, Microsoft advertising may track a user’s IP address and other information when clicking on an ad link.