Here are the top stories you might have missed:
Home Depot settles for $17.5 million over breach
Following its 2014 breach, Home Depot has agreed to pay $17.5 million in a settlement that involved 46 U.S. states and the District of Columbia, Bloomberg Law reports. In addition to the financial penalty, the retailer will also have to make improvements to its security processes and provide security and privacy training to employees with access to the company's network, the report states.
- EU documents indicate gov’t push to access encrypted user data
The EU is aiming to push back against data encryption used in apps like WhatsApp and Signal in the name of fighting terrorism, CNBC reports. Home affairs ministers from EU member states have called on the government to “consider the matter of data encryption so that digital evidence can be lawfully collected and used by the competent authorities.” The move comes as governments globally work to find the balance between privacy and security.
- New Zealand Privacy Act comes into effect Dec. 1
As the deadline approaches, National Law Review reports on New Zealand’s Privacy Act. The law, which replaces the country’s 1993 Privacy Act, comes into effect Dec. 1. The new law introduces changes including a breach-notification regime, as well as criminal offenses and penalties for violations, the report states.
- Prop 24 critics: Flaws, loopholes put consumers at risk
California’s Proposition 24 passed on the ballot in November with a 56.2% majority vote. The bill will expand the state’s former privacy law, the California Consumer Privacy Act. SFGate reports that while voters approved the law, critics see significant flaws in its provisions. The ACLU of Northern California, for example, is concerned with a loophole that could allow internet service providers to charge users more if they opt-out of allowing their personal data to be sold.
- Think tank: Without ‘adequacy,’ UK biz compliance costs could reach £1.6 billion
U.K. businesses could face significant costs as if the country fails to reach a data-transfer adequacy agreement with the EU before Brexit comes into effect at the end of 2020. TechCrunch reports an analysis by the New Economics Foundation and UCL’s European Institute research hub found that the total cost of compliance could be between £1 billion and £1.6 billion.
- PDPC issues advisory draft guidelines on Singapore privacy law amendments
Singapore’s Personal Data Protection Commissioner has issued draft advisory guidelines on “Key Provisions of the Personal Data Protection Amendment Bill.” The draft guidelines clarify important provisions within the bill. They’ll be finalized and issued when PDPA’s amendments come into effect. The amendments passed in Singapore’s Parliament Nov. 2, and you can access them here.
- Chinese court rules park must delete patron’s facial-recognition data, pay compensation
After a Chinese wildlife park switched from fingerprint-recognition to facial recognition for entry, an associate law professor sued for breach of contract. A Chinese court subsequently ruled that the park must delete the professor’s facial recognition data and pay him compensation. The ruling comes as Chinese citizens become increasingly uncomfortable with facial-recognition technology deployment, South China Morning Post reports.
- More than 1.4 million join Facebook class-action
Facebook users in Illinois had until Nov. 24 to join a $650 million class-action settlement over alleged violations of the state’s Biometric Information Privacy Act. In 2015, law firm Edelson PC filed the suit on the basis that Facebook’s “facial tagging features without consent was not allowed” under the law. Facebook agreed to a settlement of $550 million initially and later agreed to increase the amount to $650 million. As of last week, 1.4 million people had filed a claim, the report states.