We're going to chat about this and more at our Twitter Spaces event this week, August 5 at 1 p.m. Pacific, 4 p.m. Eastern. Join us, and listen in! It's audio-only. Like a podcast, but live. Important: You must join from your phone using the Twitter app (desktop doesn't work properly). I’d love to hear your thoughts.
Enjoy reading, and I'll see you next week!
Amazon says $886 million fine is 'without merit'
Last week, Luxembourg's privacy authority (CNPD) fined Amazon $886 million, claiming it violated the EU General Data Protection Regulation (GDPR). The CNPD filed the fine with the U.S. Securities and Exchange Commission, but the specific violations are unclear. The CNPD cites Luxembourg's local laws in declining to comment on the ongoing matter. Amazon said the decision is "without merit" and that it intends to defend itself "vigorously."
Court: DSAR responses must include 'internal communications' about the data subject
Last week, Germany's highest civil court published a decision clarifying the scope of data subject access requests (DSARs) under the EU General Data Protection Regulation (GDPR), and it's broader than previously understood in the country. The court said responses to DSARs must include "previous correspondence and notes of internal processes or internal communications related to the data subject," according to Data Protection Report. Meaning: You must disclose those Slack communications and emails about the data subject, too.
Zoom agrees to $85 million settlement over alleged privacy violations
On August 2, Zoom agreed to settle a lawsuit alleging it violated users' privacy for $85 million. The case cited "Zoombombing," a term describing uninvited users gaining entry into a private Zoom meeting to disrupt it. During the early days of the COVID-19 lockdown, when Zoom exploded in popularity, hackers targeted businesses, online classrooms and others enough that the company stopped developing new features to fix the problem, Mashable reports.
Amazon offers users $10 to upload their palm prints as payment method
Amazon has expanded its biometric palm print scanners in its stores across the U.S., including New York, New Jersey, Maryland and Texas. Last year, the company introduced its scanner program, Amazon One, asking customers to upload their palm prints and link them to their Amazon account for $10. By connecting it to an account, "Amazon can use the data it collects, like shopping history, to target ads, offers and recommendations to you over time," TechCrunch reports.
If Apple's pro-privacy, why doesn't it support a Global Privacy Control?
Privacy advocates' call for a legally enforceable opt-out mechanism across the web is close to becoming a reality. A coalition of companies and publishers released a technical specification for a Global Privacy Control (GPC) control at the browser level last year. And while the California Consumer Privacy Act doesn't specifically call for a GPC button, in his 2020 guidance on the law, the California Attorney General states that businesses must honor it. But Apple "despite its stated (and heavily advertised) commitment to privacy, has not incorporated the global privacy control into Safari …. Nor has it built it into iOS," WIRED reports.
Google unveils plans for Play Store' safety section'
Google has unveiled design plans for its Play Store's upcoming safety section, which will feature information about an app's data collection, privacy and security practices, The Verge reports. Developers have from October 2021 to April 2022 to describe how they do things, and the safety section will begin appearing in app descriptions in the first quarter of 2022, the report states. Google has said apps that don't comply could see their updates blocked.