Weekly Privacy News - Week #11Published on 2023-3-14
UK Government Introduces Revised GDPR Reform Bill
The UK has introduced a bill to reform the country’s data protection, privacy, and freedom of information laws. The Data Protection and Digital Information Bill (DPDIB) No. 2 is a revised version of an earlier bill introduced last summer.
The new version of the DPDIB includes amendments in areas such as “legitimate interests”, scientific research, and recordkeeping. The UK government claims that the reforms will save businesses “billions”. Privacy campaigners argue that the proposals would harm people’s data protection rights.
US Federal Trade Commission Investigating Twitter for Suspected Privacy Violations
The US Federal Trade Commission (FTC) is conducting a “wide-ranging” investigation into Twitter’s privacy practices over concerns that CEO Elon Musk might be breaching an agreement with the regulator.
Twitter agreed to an FTC consent order in 2011 that placed strict conditions on the company’s privacy and security practices. Among other questions, the FTC has reportedly asked Musk about the company’s “Twitter Blue” service, recent staffing changes, and the release of internal data to reporters.
FBI Admits Buying Location Data, Circumventing the Need for Warrants
The US Federal Bureau of Investigations (FBI) has acknowledged for the first time that it has purchased location data about people in the US on the open market. The practice is only legal for government agencies where they cannot otherwise obtain the data via a warrant.
The admission came in response to a question from Senator Ron Wyden at a Senate hearing. FBI Director Christopher Wray said that the FBI does not currently purchase location data but that it had done so previously.
WhatsApp Denies Selling User Data In Response to Consumer Rights Investigation
WhatsApp has told the European Commission that it does not derive commercial value from sharing personal data about users in the EU. The statement came as part of an investigation into the company’s revised terms of service in early 2021.
The Commission has said it will not conduct an audit to verify WhatsApp’s claims, stating that such an investigation would fall within the remit of member state data protection authorities (DPAs).
Australian Court Greenlights Facebook Cambridge Analytica Enforcement
The High Court of Australia has approved a case against Facebook by the Office of the Australian Information Commissioner (OAIC). The court’s decision clears the way for the regulator to sue Facebook over alleged violations of Australian privacy law.
The case against Facebook began in March 2020 and relates to the Cambridge Analytica scandal. Facebook had argued that the OAIC lacked jurisdiction over the company. The High Court rejected this argument, meaning that the OAIC can now take its claims to the Federal Court.
A city municipality was ordered to comply with an unanswered subject access request.
A Polish court rejected an appeal from a company that violated ePrivacy Directive breach notification rules, holding that employee error did not discharge the company’s liability for the violation.
Integral Collection SRL received a €3,000 fine relating to security violations. The company failed to protect personal data and was hit by a ransomware attack.
Finopro IFN SA received a €2,250 fine, also for security-related violations.
The UK’s Information Commissioner confirmed that he will appeal a February decision by the Information Rights Tribunal to partly overturn an enforcement notice issued against Experian in 2020.