Here are the top stories you might have missed:
French data protection authority fines Google and Amazon over cookies
The French data protection authority, CNIL, fined Google and Amazon for deploying tracking cookies on users without their consent, TechCrunch reports. Google was fined $120 million, and Amazon was fined $42 million. The CNIL conducted its investigation under the EU’s ePrivacy Directive, citing that cookie consent falls under the Directive’s purview and enabling it to sidestep regulating under the EU’s General Data Protection Regulation, which would have required the companies’ lead data protection authorities (Ireland and Luxembourg) to handle the matter.
2. Irish data protection commissioner fines Twitter over breach
Ireland’s Data Protection Commission fined Twitter $547,000 for “failing to give a timely warning about a breach that threatened the privacy of Android phone users across the bloc,” Bloomberg reports. The Irish DPC said Twitter did not notify those affected by the breach within 72 hours, as mandated under the EU General Data Protection Regulation. The DPC’s investigation began two years ago, and critics say the regulator took too long to enforce the law.
3. Federal Trade Commission announces investigation into Amazon, Facebook, YouTube
The U.S. Federal Trade Commission has ordered technology behemoths including Amazon, Facebook and Google’s YouTube to disclose to the agency how they collect and use customer data, the Los Angeles Times reports. The FTC said the companies practices are “shrouded in secrecy,” the report states. In a joint statement, FTC Commissioners Rohit Chopra and Christine Wilson said the review will “lift the hood on the social media and video streaming firms to carefully study their engines.”
4. Apple rolls out privacy ‘nutrition’ labels
This week, Apple began implementing new labels about apps’ privacy practices on its App Store, Reuters reports. The labels aim to inform users on privacy the same way nutrition labels on food products do: quickly and easily. Apple now requires developers to disclose data collection to be used for tracking purposes within their apps. The labels convey that information to users before they download an app, and Apple says it will monitor compliance through random audits and in response to complaints.
5. Spotify breached for the third time in a month
Streaming service Spotify has alerted users of a breach involving one of its third-party vendors, Threat Post reports. A software vulnerability left user registration exposed from April 9 to Nov. 12. The data included email addresses, passwords, gender and date of birth. This is the third breach in less than a month at the streaming service, the report states.
On Dec. 9, the U.S. Senate Commerce, Science and Transportation Committee held a hearing on the future of transatlantic data flows given the demise of the Privacy Shield, which previously allowed for legal data transfers from the EU to the U.S. before it was invalidated earlier this year. According to a Mondaq post on the hearing, senators emphasized the need for a comprehensive privacy law in the U.S. to help secure a new deal with the EU, which has significant concerns about its citizens’ data privacy once it falls into the hands of U.S. companies.
7. Will California attorney general’s replacement prioritize privacy too?
President-elect Joe Biden recently tapped California Attorney General Xavier Becerra to lead the U.S. Department of Health and Human Services. That was big news for the privacy and data protection stakeholders, given that Becerra is responsible for enforcing California’s Consumer Privacy Act. But StateScoop reports enforcing the law, as well as the California Privacy Rights Act, which passed in November, will remain a priority, and Becerra’s replacement will likely be someone as devoted to consumer privacy protection as Becerra.
8. U.S health agency pushes to revise health-information privacy rules
The National Law Review reports on the details of the Department of Health and Human Services’ push to modify the U.S. Health Insurance Portability and Accountability Act. HHS announced a new proposed rule Dec. 10, which the agency said aims to “reduce burden on providers and support new ways for them to innovate and coordinate care on behalf of patients,” while ensuring HIPAA’s guarantees of patient data privacy and security are upheld.