In this week’s Data Privacy News summary…
Some European Union regulators objected to Ireland’s preliminary ruling in a landmark privacy investigation of Twitter, the lead regulator said on Thursday, triggering a process where a majority decision will be sought.
Twitter had looked set to become the first big technology company to face a fine by Ireland’s Data Protection Commission (DPC) under tougher EU data protection rules after it submitted the decision to other member states in May.
Under the EU’s General Data Protection Regulation’s (GDPR) “One Stop Shop” regime introduced in 2018, regulators can impose fines for violations of up to 4% of a company’s global revenue or 20 million euros ($22 million), whichever is higher.
Ireland hosts the European headquarters of a number of U.S. technology companies, making its the EU’s lead regulator for firms including Twitter, Facebook, Apple and Google.
Source & full story: Reuters
Facebook Inc won preliminary approval late last Wednesday from a federal court for settlement of a lawsuit that claimed it illegally collected and stored biometric data of millions of users without their consent.
The social media company had in July raised its settlement offer by $100 million to $650 million in relation to the lawsuit, in which Illinois users accused it of violating the U.S. state’s Biometric Information Privacy Act.
The revised settlement agreement resolved the court’s concerns, leading to the preliminary approval of the class action settlement, Judge James Donato wrote in an order filed in the U.S. District Court for the Northern District of California.
The judge said in the eight-page order:
Preliminary approval of the amended stipulation of class action settlement, Dkt. No. 468, is granted, and a final approval hearing is set for January 7, 2021,
Source & full story: Reuters
Diners at the luxury Ritz hotel in London have been targeted by “extremely convincing” scammers who posed as hotel staff to steal payment card details.
The scammers phoned people with exact details of their restaurant bookings, asking them to “confirm” card details. They then tried to spend thousands of pounds at the catalogue retailer Argos.
The Ritz told the BBC it was investigating a “potential data breach” and said it had alerted the Information Commissioner’s Office (ICO).
The fraudsters phoned people who had already made a restaurant reservation at the Ritz, pretending to be hotel staff. How they got this information is still unknown.
One woman, who had made an online booking for afternoon tea at the Ritz as part of a celebration, received a call the day before her reservation.
The scammers asked her to “confirm” the booking by providing her payment card details.
The call was convincing because it appeared to have come from the hotel’s real phone number, and the scammers knew exactly when and where her reservation was.
One cyber-security expert told the BBC that caller ID spoofing in this way was “quite easy”.
Source & full story: BBC News
Final regulations that guide businesses and consumers under California’s new digital privacy law went into effect on Friday, marking a significant step towards giving Americans the right to request their data be deleted from e-commerce websites and social media.
The California Consumer Privacy Act (CCPA) gives California residents the right to see the specific pieces of personal data that a company has collected on them – such as smartphone locations, voice recordings, ride-hailing routes, biometric facial data and ad-targeting data. They also have the right to know what kinds of third parties, a company has sold that information to.
The final rules mandate a business must provide consumers with timely notice, at or before the point of data collection, about the categories of personal information they are collecting and how it will be used.
It also allows residents to see the inferences that have been drawn about them, including predictions or categorizations related to a person’s behavior and abilities.
Source & full story: Reuters
The Trump administration announced on Monday it will further tighten restrictions on Huawei Technologies Co, aimed at cracking down on its access to commercially available chips.
The US Commerce Department actions, first reported by Reuters, will expand restrictions announced in May aimed at preventing the Chinese telecommunications giant from obtaining semiconductors without a special license – including chips made by foreign firms that have been developed or produced with US software or technology.
The administration will also add 38 Huawei affiliates in 21 countries to the US government’s economic blacklist, the sources said, raising the total to 152 affiliates since Huawei was first added in May 2019.
Commerce Secretary Wilbur Ross (pictured above) told Fox Business the restrictions on Huawei-designed chips imposed in May “led them to do some evasive measures. They were going through third parties”, Mr Ross said.
The new rule makes it clear that any use of American software or American fabrication equipment is banned and requires a licence.
Source & full story: BusinessTimes
