FTC-Facebook settlement to include board-level privacy oversight

(Jul 23, 2019) The Wall Street Journal reports the U.S. Federal Trade Commission could formally announce its $5 billion settlement with Facebook this week. In addition to the fine, the settlement is likely to feature more stringent regulatory oversight while mandating Facebook to create a board-level committee to oversee its privacy efforts. The new board would lend support to a previously established privacy team that reviews new products. Meanwhile, the Irish Data Protection Commission expects a decision by ... Read More

Roundup: Australia, China, EU, Kazakhstan, Turkey, US and more

(Jul 22, 2019) In this week’s Privacy Tracker global legislative roundup, the U.S. Federal Trade Commission has voted on a slew of privacy settlements, including ones with Equifax, Facebook and Google-owned YouTube. The FTC is also preparing to make amendments to the Children’s Online Privacy Protection Act. The Council of the European Union is set to review the EU General Data Protection Regulation. Turkey’s Personal Data Protection Board filed decision summaries on a handful of cases. A review of Australia’s... Read More

CNIL announces guidelines for cookies, trackers

(Jul 22, 2019) France's data protection authority, the CNIL, has published guidelines on the use of cookies and other types of trackers. The guidelines will replace the authority's 2013 recommendations to operators on the obligation to obtain consent for the use of cookies. The CNIL said the update was necessary because the prior recommendation "was not compatible with the new provisions of the [EU General Data Protection Regulation]." The new guidelines, which are part of the authority's recent action plan fo... Read More

Hackers breach FSB contractor to reveal deanonymization plans

(Jul 22, 2019) Documents stolen from SyTech, a contractor for Russian intelligence service FSB, reveal details on several plans for the agency, ZDNet reports. Hackers breached the company's entire IT network to reveal plans for deanonymizing Tor traffic, collecting data about social media users, and covertly penetrating peer-to-peer networks, as well as other plans for the Russian agency. In total, hackers shared 7.5 terabytes of data with fellow hacking group Digital Revolution and BBC Russia. Screenshots tak... Read More

Global News Roundup — July 15–22, 2019

(Jul 22, 2019) In this week’s Privacy Tracker global legislative roundup, the U.S. Federal Trade Commission, along with the U.S. Consumer Financial Protection Bureau and all 50 U.S. states, settled with Equifax for $575 million related to its 2017 data breach. Separately, the FTC voted 3-2 to fine Facebook $5 billion, though the Department of Justice is reviewing the proposed settlement. The FTC is also preparing to make amendments to the Children’s Online Privacy Protection Act and is expected to settle with ... Read More

GDPR Genius

(Jul 22, 2019) This interactive tool provides IAPP members ready access to critical GDPR resources — enforcement precedent, interpretive guidance, expert analysis and more — all in one location. Read More

Health care pros discuss whether EU can balance data sharing, patient privacy

(Jul 19, 2019) Politico asked health care professionals whether the European Union can unlock the benefits of sharing health care data while still respecting patient privacy. Digital Medicine Society Executive Director Jennifer Goldsack said the health care industry must improve how it seeks consent from those who generate health data and informs them about any potential consequences. MedConfidential Coordinator Phil Booth said researchers need to earn the trust of those who contribute their health data to pro... Read More

Turkish Personal Data Protection Board publishes 5 privacy decisions

(Jul 19, 2019) The Turkish Personal Data Protection Board published five decision summaries to the website of the country’s data protection authority. One of the decisions involved an individual who received electronic communications without offering consent. After the board examined the case, it decided to issue a fine of TL 50,000 to the data controller for its failure to take the proper measures to prevent unlawful access and processing of personal information. The board also ruled on cases that involved th... Read More

Swire: 'Schrems II' ruling could have unintended consequences

(Jul 19, 2019) Alston & Bird Senior Counsel Peter Swire writes in a piece for Le Monde that the Court of Justice of the European Union and other European officials should be cautious of the ramifications that may stem from the "Schrems II" case. Should the CJEU invalidate standard contractual clauses, most personal data transfers between the EU and U.S. would be prohibited; however, transfers to countries with less strict data protection laws would not. “This approach would be completely unjustified: it wo... Read More

Notes from the IAPP Europe Managing Director, 19 July 2019

(Jul 18, 2019) Greetings from Brussels! It has been an important and groundbreaking week here in Brussels. On Tuesday, the European Parliament elected Ursula von der Leyen — the current German defense minister — as the first female European Commission President. Winning with a slender majority (incidentally, this is not unusual in the EU), von der Leyen is now set to take office 1 Nov. 2019 for a five-year term, having resigned her ministerial post Wednesday. An important phase now begins for European instit... Read More