DPAs across the world investigating Facebook-Cambridge Analytica

(Mar 20, 2018) The news involving Facebook and Cambridge Analytica continues to rapidly evolve since reports came out last weekend exposing the alleged improper handling of user data gleaned from the social network for political purposes. On Tuesday, Bloomberg reported that the U.S. Federal Trade Commission is investigating whether Facebook violated terms in its 2011 consent decree with the agency. Sen. Chuck Grassley, R-Iowa, chairman of the Senate Judiciary Committee, is considering a hearing with the CEOs o... Read More

EDPS releases 2017 annual report

(Mar 20, 2018) European Data Protection Supervisor Giovanni Buttarelli presented the annual report covering the organization's activities in 2017. The report covers the work the EDPS has been doing in preparation for the impending EU General Data Protection Regulation and the agency’s main objectives for 2018. The EDPS has also released its opinion on online manipulation and personal data. “The EDPS vision is to help the EU lead by example in the global dialogue on data protection and privacy in the digital ag... Read More

Alabama closing in on state data breach notification law

(Mar 20, 2018) Alabama is closing in on having its own state data breach notification bill, HealthITSecurity reports. The Alabama Data Breach Notification Act of 2018 had passed through the state Senate earlier this month and now moves to the House of Representatives. The bill will require any company suffering a data breach involving personally identifiable information to notify affected individuals within 45 days of determining an incident occurred. The rule defined PII as a person’s first name or initial an... Read More

Making sense of the Facebook-Cambridge Analytica revelations

(Mar 19, 2018) Reaction continues Monday to news that data analytics firm Cambridge Analytica used and allegedly did not delete as agreed what may have been personal information of 50 million Facebook users. The effects of the incident may have far-reaching implications for Facebook and how people view companies' data use policies more broadly. Last Friday evening, Facebook VP & Deputy General Counsel Paul Grewal announced the company was suspending the accounts of Strategic Communication Laboratories, inc... Read More

Rounding up the fallout from Facebook-Cambridge Analytica

(Mar 19, 2018) Reaction continues Monday to news over the weekend that data analytics firm Cambridge Analytica used, and allegedly did not delete as agreed, what may have been personal information of 50 million Facebook users. The effects of the incident may have far reaching implications for Facebook and how people view companies' data use policies more broadly.  Last Friday evening, Facebook VP & Deputy General Counsel Paul Grewal announced the company was suspending the accounts of Strategic Communicat... Read More

Appeals court removes part of FCC rule on robocalls

(Mar 19, 2018) The U.S. Court of Appeals for the District of Columbia Circuit dismissed a portion of a Federal Communications Commission regulation aimed at reducing robocalls, Bloomberg reports. While the rule was created to reduce automated phone calls from auto-dialers, the appeals court determined the language in the ruling was too broad and could be interpreted to include calls from smartphones, as well. “This will not lead to more illegal robocalls but instead remove unnecessary and inappropriate liabili... Read More

Companies agree to FTC settlement for illegally making 117M marketing calls

(Mar 19, 2018) A group of Utah-based companies and their owner agreed to a Federal Trade Commission settlement for charges they illegally made more than 117 million telemarketing calls. Forrest Baker III and the three companies he owned were accused of violating the Telemarketing Sales Rule and the FTC Act in 2011 for making the calls. In 2016, a federal court ruled the companies had committed six TSR violations, including failing to tell consumers who was making the calls and calling numbers on the Do Not Cal... Read More

First data breach announced under Australia's new data breach notification laws

(Mar 19, 2018) A data breach involving the personal information of nearly 500 Australian employees is one of the first incidents captured under the country’s new data breach notification laws, which took effect last month, ABC News reports. The data breach at global shipping company Svitzer is said to have stemmed from three employee email accounts that were auto-forwarded outside the company. Although the breach is reported to have begun May 27, 2017, Svitzer’s head of communications, Nicole Holyer, said the ... Read More

Notes from the IAPP Publications Editor, March 16, 2018

(Mar 16, 2018) Greetings from Portsmouth, NH! One of the hot privacy topics in the U.S. this week has been the fate of the Clarifying Lawful Overseas Use of Data Act, better known as the CLOUD Act. This pending legislation, which deals with cross-border data transfers in law enforcement cases, is drawing both strong support and opposition. Tech companies have been asking Congress to revamp government data access requests for years now. Microsoft's Brad Smith testified in Feb. 2016 that increased data access ... Read More

The Privacy Advisor Podcast: A journalist's view from the EU

(Mar 16, 2018) Jennifer Baker makes a career out of knowing the nuances of data protection and data privacy. But she's not advising clients or writing privacy policies. Rather, as a freelance journalist, she's reporting on the developments that often guide the decision-making of those who do. Baker has spent years developing sources inside European institutions and businesses, and in this episode of The Privacy Advisor host Angelique Carson talks with Baker about reporting on the privacy beat from Brussels. ... Read More