What’s going on in the world of privacy to start off the month of September? Glad you asked!
This month, we interviewed privacy attorney Jason Kelly on Privacy Lawls. We discussed the increase of lawsuits under the California Invasion of Privacy Act and how Jason represents businesses fighting CIPA demand letters and lawsuits. Listen to the episode here.
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- Uber fined 290 million Euros for sending drivers’ data to the United States. The Dutch Data Protection Authority fined Uber for sending the personal data of EU taxi drivers to the United States, in violation of GDPR. The DPA stated that Uber failed to appropriately safeguard the data that was transferred to the United States. Read more here.
- Meta reaches $1.4 billion settlement in Texas privacy lawsuit. The Texas Attorney General and Meta reached a $1.4 billion settlement over allegations that Meta used biometric data of users without their consent. Meta shut down its facial recognition system in 2021 and deleted the faceprints of more than 1 billion individuals. Learn more here.
- 21 Attorneys General seek privacy answers from Temu. The Attorneys General of 21 states have joined a coalition that is demanding answers from retailed Temu regarding their alleged ties to the Chinese Communist Party, data collection and sharing practices and possible violations of a forced labor act. Learn more here.
- Political party Reform UK collects browsing data without consent. An investigation by the Observer found that individuals who visited the website of Reform UK had the details of their activity on the website captured by Meta Pixel and shared with Meta for use in targeted advertising without their consent. Read more here.
- Texas sues GM over privacy concerns. The Attorney General of Texas has filed a lawsuit against GM alleging the abuse of customers’ data and trust. The lawsuit alleges that GM presented drivers with a confusing process that was implied to be for safety processes but instead was used to surrender data that GM later sold. Read more here.
- X targeted with 9 privacy complaints over the use of user data for training AI. X has recently been hit with privacy complaints over reports that X used the data of users in the EU for training AI models without prior consent. The complainants argue that X does not have a valid legal basis for using the data of EU residents without obtaining their consent. Learn more here.
- Toyota data breach. Toyota Motor Corporation was allegedly subject to a data breach where the threat actor leaked the stolen information on a dark web hacking forum. The breach consisted of 240 GB of stolen data which includes employee and customer data, financial information, and technical network infrastructure details. Toyota disputes these details and states that a third party vendor was hacked instead. Read more here.
- Home security company ADT confirms data breach. ADT has confirmed that an unauthorized party recently gained access to its customer data, accessing customer order information. The hackers obtained email addresses, phone numbers and postal addresses of ADT customers. Read more here.
- Google privacy lawsuit revived. A previously dismissed lawsuit where Google was accused of privacy violations after collecting data even though individuals chose not to synchronize their browsers with their Google accounts has been revived. The US Court of Appeals for the 9th Circuit in San Francisco found that the lower Court that initially dismissed the lawsuit did not take into account whether “reasonable” users would have understood that their data was still being collected after they chose not to activate the syncing feature. Learn more here.
- California Privacy Protection Agency releases additional enforcement priorities. The Agency stated that it will increase enforcement on non-compliant privacy notices and policies, the right to delete and the implementation of consumer requests. Learn more here.
What privacy bills are we tracking? As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
Georgia – GA HB798;
Massachusetts – MA HD2281/SB745;
Massachusetts – MA HD3263/SD1971;
Massachusetts – MA HD3245
Events
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- Why should privacy professionals care about the EU AI Act? September 6, 2024;
- Data Privacy As A National Security Imperative – September 11, 2024;
- Digital Accessibility Law and Procurement – September 26, 2024.
That’s it for this month! If you’ve made it this far, you’re probably a privacy nerd like us. ONE OF US. ONE OF US. Anyway, be sure to check out our podcast, Privacy Lawls.