We are pleased to provide you with our law firm partners newsletter for July, 2023. In June, Texas passed its privacy laws – the Texas Data Privacy and Security Act, which will go into effect on July 1, 2024. We’re tracking many more bills this year- make sure to follow us on social media at @termageddon for the latest updates! We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field.
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- CNIL fines advertising company 40 million euros. The online advertising company Criteo was fined for GDPR violations over not verifying individuals’ consent for data processing while violating principles for information and transparency, right of access, and data erasure. The investigation also found that Criteo placed tracking cookies onto a user’s device without first obtaining proper consent. Read more here.
- NOYB files a complaint over Meta enforcement. The NOYB filed a complaint to Ireland’s High Court claiming that Ireland’s Data Protection Commission did not follow through on enforcement of GDPR violations by Meta. NOYB claims that the DPC failed to consider the effects of the reversal of a previous decision made against Meta and that the DPC failed to address nine issues raised about Facebook. Read more here.
- US senators probe the privacy practices of Amazon Clinic. Senators have sent a letter to Amazon President and CEO about the privacy protections afforded to individuals enrolled in Amazon Clinic. The letter stated that Amazon provides no information as to why the company is collecting healthcare data or what purposes that data is used for. Read more here.
- Spotify hit with SEK58 million fine for GDPR violations. Sweden’s Data Protection Authority has issued Spotify a fine of SEK58 million. The DPA found that Spotify does not clearly inform individuals how their data is used by the company in response to data subject access requests. The DPA stated that Spotify must be more specific with its disclosure of data practices and make it easier for individuals to understand how the company uses their data. Learn more here.
- FCC forms Privacy and Data Protection Task Force. The US Federal Communications Commission announced that it has formed a Task Force specifically for privacy and data protection. The Task Force will focus on approaches to data breaches and data security vulnerabilities while contributing to potential privacy rulemaking, enforcement and public awareness efforts. The goal of the Task Force is to protect the information and security of consumers. Learn more here.
- UK Information Commissioner’s Office fines two energy companies. The UK ICO has fined two energy companies a combined GBP 250,000 for making illegal marketing phone calls to citizens and businesses on the country’s do not call register. Learn more here.
- FTC and DOJ proposed $25 million fine against Amazon Alexa. The proposed action against Amazon Alexa includes the fines and various corrective measures over alleged privacy violations. The complaint states that the company violated COPPA stemming from data deletion and retention practices for children’s voice and geolocation data. Learn more here.
- FTC announces $5.8 million fine against Amazon Ring. The fine is currently pending federal court approval and stems from allegations that Ring customers did not consent to video recordings being accessed by Amazon employees or to recordings being used to train algorithms. Read more here.
What privacy bills are we tracking? As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
- Delaware – DE HB154
- Georgia – GA HB798;
- Hawaii – HI SB1110/HB1497;
- Hawaii – HI SB 974;
- Illinois – IL HB3385;
- Indiana – IN HB 1554;
- Iowa – IA House File 2506;
- Iowa – IA House Study Bill 12;
- Kentucky – KY S 15;
- Louisiana – LA SB199;
- Maine – ME SB807;
- Maine – ME HB1270;
- Maryland – MD HB807;
- Massachusetts – MA HD2281/SB745;
- Massachusetts – MA HD3263/SD1971;
- Mississippi – MS SB 2080;
- Minnesota – MN SF950;
- New Hampshire – NH SB255;
- New York – NY S2277;
- New York – NY SB365;
- New York – NY SB3162;
- New York – NY AB4374;
- New Jersey – NJ S 332;
- New Jersey – NJ A505;
- New Jersey – NJ A 1971;
- North Carolina – NC SB525;
- Oklahoma – OK HB1030;
- Oregon – OR SB 619;
- Pennsylvania – PA HB708;
- Pennsylvania – PA HB1201;
- Washington – WA HB1616;
- West Virginia – WV HB3453;
- Vermont – VT HB121
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- Cloud/Privacy/AI: trends and legal implications – July 27, 2023;
- Privacy game changes: a new wave of state laws – July 26, 2023;
- Somebody’s watching me: surveillance in the face of rapidly accelerating AI – August 17, 2023.
Do you have any questions on how Termageddon’s policy generation process works or how we can help you save time when drafting policies for your clients? Please contact our President, Donata Stroink-Skillrud at Donata@termageddon.com and she’d be happy to set up a call to answer any questions that you may have.