Weekly Privacy News - Week #13
Published on 2023-3-28Noyb Targets Microtargeting By German Political Groups
Austrian privacy campaign group noyb has launched a series of complaints against German political parties that have allegedly “microtargeted” users on Facebook.
The complaints allege that political parties violated the GDPR’s rules on “special category data” during the 2021 federal election by displaying campaign ads to users based on their inferred political beliefs.
TikTok CEO Questioned by US Congress
TikTok CEO Shou Zi Chew appeared in front of representatives in the US Congress this week for a five hour-long questioning. US politicians are considering banning the social media app, partly over fears around surveillance by the Chinese Communist Party (CCP).
Chew defended TikTok against allegations of interference by its Chinese parent company, ByteDance, and argued that plans to localise US users’ data in Texas was a viable solution to privacy concerns.
Utah Laws Place Strict Rules on Kids’ Social Media
Utah has passed two new laws that place strict rules on social media use among children. Senate Bill 152 and House Bill 311 seek to regulate the “unhealthy use” of social media by forcing companies to restrict how children use their platforms.
Among other provisions, the laws ban minors under 18 from registering social media accounts without parental consent, prohibit the targeting of ads towards children, and require social media firms to provide parents with their children’s passwords.
Details Emerge of Proposed Regulation to Improve GDPR Enforcement
The European Commission has launched a public consultation calling for views on a new regulation intended to improve cross-border enforcement of the GDPR.
The legislation should “streamline cooperation between national data protection authorities”, tighten up deadlines, and give a greater voice to complainants through the enforcement procedure.
ChatGPT Breach Exposes Payment Data and Chat History
A security issue with the AI tool ChatGPT exposed some users’ personal information, including names, billing addresses, limited credit card details, and private chat topics.
OpenAI said a bug in an open-source library caused the breach. The company said premium users that were active within a nine-hour period on Monday might have had their personal information exposed. The precise number of affected users is unknown.
Enforcement Tracker
Luxembourg
- An anonymous controller was fined €3,000 for Art. 12 and 13 transparency violations.
- An anonymous controller was fined €700 for Art. 12 and 13 transparency violations.
Spain
- Burwebs SL was fined €75,000 for using Google Analytics without consent on pornography websites.