Blog + News
Privacy News Roundup – February 2, 2022
State privacy legislation
On January 6, New York saw several consumer privacy bills introduced in the House and Senate.
Meanwhile, the proposed Senate Bill 5062, the Washington Privacy Act (WPA) didn't find common ground among business and privacy groups and failed to pass for the third year in a row in 2021. Many of the issues the WPA has faced are due to the debate over including a private right of action.
New legislation for simplified terms-and-services agreements
Tech giants Facebook and Amazon face class action lawsuits for misuse of biometric data
In Alabama, a class-action lawsuit was filed against Facebook for violating US antitrust laws and profiting from minors’ biometric data. Even though images are destroyed by Facebook themselves, the data has already been disseminated to other third parties. The plaintiffs are seeking $32 billion for a national class of 285 million minors and $240 million for a smaller class in Alabama.
While in Illinois - one of the strictest states in the US addressing biometric privacy - a class action lawsuit was filed against Amazon by a former employee that claimed Amazon collected facial and other data without proper consent under the Illinois Biometric Information Privacy Act (BIPA). The employee alleged that Amazon sites were scanning faces and checking temperatures of employees for COVID protocols without obtaining informed consent. He also claimed the company did not have a publicized data retention plan.
European Parliament is reprimanded for violating privacy laws on its COVID-19 testing website
The European Data Protection Supervisor (EDPS) sanctioned the European Parliament for a series of data protection violations on its COVID-19 testing website.
The EDPS found the website's cookie banners had inaccurate information, unclear options to reject third-party tracking, and a deceptive design, which might manipulate consent. They also found that no measures were being taken to raise the level of protection of EU residents’ personal data that was being transferred to the US through Google Analytics and Stripe. This violation clearly goes against the requirements made by the Schrems II decision.
The EDPS issued a reprimand against Parliament and gave them one month to update their data protection notice and address the remaining issues of transparency.
China reviews security of companies wishing to open on overseas stock markets
The Cyberspace Administration of China (CAC) has issued a new rule that will go into effect on February 15, 2022, requiring that Chinese platform companies with data on more than 1 million users must undergo a security review before listing their shares on overseas stock markets.
Additionally, a new rule will take effect on March 1, 2022, that will increase oversight of news providers that use algorithm recommendation technology to disseminate information to users.
Japan introduces amendments that work towards information transparency between businesses and consumers
On April 1, 2022, amendments to the Act on Protection of Personal Information (APPI) will take effect and businesses in Japan should revise their privacy notices in accordance with the APPI. The revisions focus on businesses’ transparency with consumers about how their personal information is handled.
France’s CNIL will analyze augmented video devices from an ethical, technical, and legal standpoint
The National Commission on Informatics and Liberty (CNIL) has published a draft position on the use of “intelligent” and “augmented” video devices in public spaces. With the increased use of such devices in public spaces to improve safety and collect marketable data, the CNIL will analyze the devices’ use from an ethical, technical, and legal point of view.
INDIVIDUAL ARTICLE DISCLAIMER: