‘Tis the season for giving, family, and data/privacy violations by corporations, apparently.
In addition to all the privacy drama, we also interviewed young privacy professional Landon McKinney on Privacy Lawls, where we discussed privacy education in law schools, the formation of a student association that deals with privacy, and more. Listen to the episode here.
We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field!
Table of Contents
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- CPPA board approves data broker regulations. The California Privacy Protection Board unanimously approved new regulations for data brokers, aiming to bring more clarity to the Delete Act, which requires data broker registration with the State of California and additional transparency requirements. Learn more here.
- A real estate agent violates privacy law by doxxing tenant. A real estate agent violated privacy laws by disclosing an individual’s full name, occupation and financial circumstances after the individual left a one star review for the real estate agent. Australia’s Information Commission ordered the real estate agent to issue an apology to the individual. Read more here.
- Italian food delivery app fined 5 million Euros. The Italian food delivery company Foodinho has been fined 5 million Euros after it was found to have unlawfully processed the data of more than 35,000 riders. The app has been banned from using riders’ biometric data, such as facial recognition, for identity verification. Learn more here.
- BIPA lawsuit dismissed due to changes in law. A recent lawsuit filed in the Northern District of Illinois claiming violations of the Biometric Information Privacy Act was dismissed due to changes in the law. The lawsuit claimed at least $75,000 in damages for alleged violations of BIPA but, under the newly amended version of BIPA, damages would only amount to approximately $15,000, making federal court the improper venue for this lawsuit. Read more here.
- Publisher of Daily Mirror faces 101 phone-hacking lawsuits. Mirror Group Newspapers is facing 101 phone hacking lawsuits from public figures such as Gilian Anderson, Sean Bean and Kate Winslet. The publisher asked for a trial to be heard in late 2025 to decide whether a sample of these cases were brought too late. Learn more here.
- Florida law firm to pay $8.5 million in a data breach lawsuit. The lawsuit stems from a data security incident that allegedly compromised the personal data of nearly 10,000 individuals, including former and current clients and employees. Read more here.
- Hardware chain breached privacy law by using facial recognition. The Office of the Australian Information Commissioner found that the hardware chain Bunnings breached the privacy of potentially hundreds of thousands of Australians through the use of facial recognition technologies. The company scanned every customer on entry and compared that scan against a database of banned customers. Read more here.
- Facebook and Instagram users in Europe to get option to see less personalized advertisements. Meta Platforms has announced that it will be releasing a feature in Europe where individuals can receive less personalized advertisements if they do not pay for an ad-free subscription option. Ads will be targeted at users based only on what they see during their current Facebook or Instagram session and will use minimal personal information. Learn more here.
- AT&T to pay $13 million to settle FCC probe. AT&T has agreed to pay $13 million to settle a federal investigation into whether the company failed to protect customer information in connection with a data breach last year. In the breach, the hackers penetrated the company’s cloud system and exposed data belonging to nearly 9 million AT&T customers. Learn more here.
- Concerns over car privacy intensifying. Recent research from the Mozilla Foundation has found that many car brands track more personal data than what researchers deemed necessary. For example, some car brands track drivers’ religious affiliations, data on medical conditions, and passenger location. Read more here.
What privacy bills are we tracking?
As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
Illinois – IL HB3385;
Massachusetts – MA HD2281/SB745;
Massachusetts – MA HD3263/SD1971;
Massachusetts – MA HD3245
Events
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- Practical tips to harmonize financial and comprehensive privacy laws – December 3, 2024;
- Privacy leadership handover: starting strong, leaving right – December 5, 2024;
- Privacy-enhancing technologies: technologies and techniques to enhance privacy – December 12, 2025.
Conclusion
And you’re all caught up in time to head into 2025 with a better grasp on what’s going on within the privacy landscape. Yay! Don’t forget to subscribe to Privacy Lawls for more privacy information and news.